我正在尝试使用AWS代码管道在EKS集群上自动化部署,并指向以下页面:AWS CodePipeline and deployingto EKS
我正在执行与buildspec.yaml文件中提到的相同的步骤,但是出现以下错误:
[Container] 2020/01/05 08:26:35 Running command kubectl apply -f $CODEBUILD_SRC_DIR/Takenaka.Api.User/Takenaka.Api.User/hello-k8s.yml
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "apps/v1, Resource=deployments", GroupVersionKind: "apps/v1, Kind=Deployment"
Name: "takenaka-user", Namespace: "default"
Object: &{map["apiVersion":"apps/v1" "kind":"Deployment" "metadata":map["annotations":map["kubectl.kubernetes.io/last-applied-configuration":""] "name":"takenaka-user" "namespace":"default"] "spec":map["replicas":'\x01' "selector":map["matchLabels":map["app":"takenaka-user"]] "template":map["metadata":map["labels":map["app":"takenaka-user"]] "spec":map["containers":[map["image":"591209811908.dkr.ecr.ap-northeast-1.amazonaws.com/takenaka-ecr-repo:takenaka.user-4" "name":"takenaka-user" "ports":[map["containerPort":'P']]]]]]]]}
from server for: "/codebuild/output/src658704233/src/git-codecommit.ap-northeast-1.amazonaws.com/v1/repos/Takenaka/Takenaka.Api.User/Takenaka.Api.User/hello-k8s.yml": deployments.apps "takenaka-user" is forbidden: User "Kubernetesdeployment" cannot get resource "deployments" in API group "apps" in the namespace "default"
答案 0 :(得分:0)
用户“ Kubernetesdeployment”无法在名称空间“默认”的API组“ apps”中获取资源“ deployments”
如果“ Kubernetesdeployment”是AWS CodePipeline用来部署的ServiceAccount,则似乎缺少必要的RBAC权限,无法在名称空间“默认”中部署“ Deployment”。
Using RBAC Authorization可能会有所帮助。通常,您需要创建和读取“部署”,“服务”以及可能的“入口”,以便将应用程序部署到特定的名称空间。
在您关注的链接中,它似乎缺少第4点。
- 使kubernetes_deployment角色在eks集群中获得授权
或者,您是否已将权限设置为其他服务帐户名?错误消息中的username: kubernetes_deployment被命名为Kubernetesdeployment。
答案 1 :(得分:0)
还请查看通过CodePipeline将AWS推荐的EKS部署到EKS的方法:
使用AWS CodePipeline,AWS CodeCommit,AWS CodeBuild,Amazon ECR和AWS Lambda持续部署到Kubernetes-https://aws.amazon.com/blogs/devops/continuous-deployment-to-kubernetes-using-aws-codepipeline-aws-codecommit-aws-codebuild-amazon-ecr-and-aws-lambda/