作者热门文章
- xml - AJAX/Jquery XML 解析
- 具有多重继承的 XML 模式
- .net - 枚举序列化 Json 与 XML
- XML 简单类型、简单内容、复杂类型、复杂内容
在尝试部署使用 go-micro 框架的 pod 时,我收到以下错误:
2018/12/27 23:04:51 K8s: request failed with code 403
2018/12/27 23:04:51 K8s: request failed with body:
2018/12/27 23:04:51 {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods \"user-5676b5696-jspp5\" is forbidden: User \"system:serviceaccount:default:default\" cannot patch pods in the namespace \"default\"","reason":"Forbidden","details":{"name":"user-5676b5696-jspp5","kind":"pods"},"code":403}
2018/12/27 23:04:51 K8s: error
似乎 go-micro 没有从 pod 中修补 pod 的必要权限。
最佳答案
通过创建启用正确权限的集群角色绑定(bind)解决了该问题
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: micro-rbac
subjects:
- kind: ServiceAccount
# Reference to upper's `metadata.name`
name: default
# Reference to upper's `metadata.namespace`
namespace: default
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
关于go - 库伯内斯 403 : Cannot patch pods in the namespace,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53951867/
我是一名优秀的程序员,十分优秀!