我已经创建了一个Kubernetes清单文件来创建服务帐户和角色。看起来是这样:
apiVersion: v1
kind: ServiceAccount
metadata:
name: test-service-account
namespace: test
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: read-only-api
rules:
- apiGroups:
- ""
resources: ["*"]
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: read-only-api
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: read-only-api
subjects:
- kind: ServiceAccount
name: test-service-account
namespace: test
但是,当我尝试执行和应用清单时,出现此错误。我不确定缩进或其他问题。
解析service-account.yml时出错:将YAML转换为JSON时出错:yaml:第10行:未找到预期的“-”指示符
非常感谢所有帮助。我尝试来回缩进,将“-”指示符添加到它抱怨的特定行中,但是随后我收到一条新的错误消息:
错误验证“ service-account.yml”:错误验证数据:ValidationError(ClusterRole.metadata):io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta的类型无效:得到了“数组” ,预期的“地图”;如果您选择忽略这些错误,请使用--validate = false
关闭验证谢谢!
答案 0 :(得分:1)
服务帐户yaml很好
如下所示正确的clusterrole和clusterrolebinding yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: test-service-account
namespace: test
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: read-only-api
rules:
- apiGroups:
- ""
resources:
- "*"
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: read-only-api
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: read-only-api
subjects:
- kind: ServiceAccount
name: test-service-account
namespace: test
master $ kubectl create ns test
namespace/test created
serviceaccount/test-service-account created
clusterrole.rbac.authorization.k8s.io/read-only-api created
clusterrolebinding.rbac.authorization.k8s.io/read-only-api created