我正在尝试使用群集内的k8s API更新名称空间主目录中的部署。
ClusterRole:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
namespace: home
name: home-role
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["pods, deployments"]
verbs: ["get", "watch", "list", "create", "delete", "update"]
服务帐户:
get serviceaccounts -n home
NAME SECRETS AGE
default 1 3h2m
kubectl describe serviceaccounts -n home
Name: default
Namespace: home
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: default-token-8rzns
Tokens: default-token-8rzns
Events: <none>
ClusterRoleBinding:
kubectl create clusterrolebinding home-role-binding \
--clusterrole=home-role \
--serviceaccount=home:default
但是在进行API调用时出现此错误:
open /var/run/secrets/kubernetes.io/serviceaccount/token: no such file or directory
有人对问题的根源有任何见识吗?
答案 0 :(得分:2)
首次部署是在apps / v1中,而不是v1中。然后,您可能需要共享从中运行api调用的位置的pod定义。您可能已禁用服务帐户令牌安装。