我正在尝试将我的应用程序部署到 EKS 集群中。当我运行 jenkins 作业时,当我尝试通过 jenkins 部署 yaml 文件时,我可以获得 kubectl get pod 详细信息和运行状态,但出现以下错误:
+ kubectl create -f deployment.yaml
Error from server (Forbidden): error when creating "deployment.yaml": deployments.apps is forbidden: User "system:node:ip-10-2-3-4.eu-central-1.compute.internal" cannot create resource "deployments" in API group "apps" in the namespace "default"
创建容器
+ kubectl '--kubeconfig=****' '--context=arn:aws:eks:eu-central-1:123456789101:cluster/my-cluster' sh "kubectl auth can-i list pods"
yes
创建部署
+ kubectl '--kubeconfig=****' '--context=arn:aws:eks:eu-central-1:123456789101:cluster/my-cluster' sh "kubectl auth can-i create deployment"
no
答案 0 :(得分:1)
这意味着您有权读取/列出 Pod 数据,但无权创建 deployment 对象。
以下是 2 个示例,请检查并比较它们。
rules:
- apiGroups: [""]
#
# at the HTTP level, the name of the resource for accessing Pod
# objects is "pods"
resources: ["pods"]
verbs: ["get", "list", "watch"]
verbs: ["**create**"])。很可能你错过了这一部分rules:
- apiGroups: ["extensions", "apps"]
#
# at the HTTP level, the name of the resource for accessing Deployment
# objects is "deployments"
resources: ["deployments"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
有关更多选项、示例和说明,请查看Using RBAC Authorization