在使用Google Cloud时,我正在尝试遵循this istio教程。 运行istio.yaml后,出现以下错误:
Error from server (Forbidden): error when creating "istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-sidecar-injector-default" is forbidden: attempt to grant extra privileges
在线查看后,我看到了a solution on github community:
For the benefit of others who might run into this issue, I worked around the problem by running:
$ gcloud config set container/use_client_certificate True
$ export CLOUDSDK_CONTAINER_USE_CLIENT_CERTIFICATE=True
Before running $ gcloud container clusters get-credentials ...
尝试此解决方案后,几乎每个命令都出现forbidden错误,即:
$ kubectl get pods
Error from server (Forbidden): pods is forbidden: User "client" cannot list pods in the namespace "default"
$ kubectl get namespaces
Error from server (Forbidden): namespaces is forbidden: User "client" cannot list namespaces at the cluster scope
我尝试在this stack overflow question上使用该解决方案,所以我跑了:
$gcloud config unset container/use_client_certificate
$gcloud container clusters get-credentials my-cluster
但是我仍然得到禁止的错误。有想法吗?