我有以下 RoleBinding
(由 Helm 部署:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
meta.helm.sh/release-name: environment-namespaces
meta.helm.sh/release-namespace: namespace-metadata
creationTimestamp: "2021-04-23T17:16:50Z"
labels:
app.kubernetes.io/managed-by: Helm
name: SA-DevK8s-admin
namespace: dev-my-product-name-here
resourceVersion: "29221536"
selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/dev-my-product-name-here/rolebindings/SA-DevK8s-admin
uid: 4818d6ed-9320-408c-82c3-51e627d9f375
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: SA-DevK8s@mydomain.com
当我以 SA-DevK8s@mydomain.com
身份登录集群并运行 kubectl get pods -n dev-my-product-name-here
时,出现以下错误:
来自服务器的错误(禁止):pods 被禁止:用户“sa-devk8s@mydomain.com”无法在命名空间“dev-my-product-name-here”中列出 API 组“”中的资源“pods”< /p>
在命名空间中具有 admin 集群角色的用户是否应该能够列出该命名空间的 pod?
答案 0 :(得分:1)
案例问题!!!!
一旦我将用户更改为 sa-devk8s@mydomain.com
(而不是 SA-DevK8s@mydomain.com
),一切都开始正常工作!