gpt4 book ai didi

azure - 使用具有所有者角色的帐户创建 LoadBalancer 服务时 AKS 授权失败

转载 作者:行者123 更新时间:2023-12-03 01:25:48 24 4
gpt4 key购买 nike

我正在尝试创建链接到 kubectl 上现有 PublicIP 的负载均衡器服务。尽管我是资源组(publicIP 和 k8s 集群)的所有者,但服务创建挂起,并在 kubectl 描述中出现以下错误:

Error syncing load balancer: failed to ensure load balancer: Retriable: false, RetryAfter: 0s, HTTPStatusCode: 403, RawError: Retriable: false, RetryAfter: 0s, HTTPStatusCode: 403, RawError: {"error":{"code":"AuthorizationFailed","message":"The client '[CLIENT_ID]' with object id '[OBJECT_ID]' does not have authorization to perform action 'Microsoft.Network/publicIPAddresses/read' over scope '/subscriptions/[SUBSCRIPTION]/resourceGroups/[RESOURCE_GROUP]/providers/Microsoft.Network' or the scope is invalid. If access was recently granted, please refresh your credentials."}}

我尝试在我的 kubectl 客户端上分配所有者角色,但问题仍然存在。

az role assignment create 
--role Owner
--assignee xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

AKS 1.18.14

最佳答案

以下指南回答了我的问题:https://learn.microsoft.com/en-us/azure/aks/static-ip#create-a-service-using-the-static-ip-address

事实证明,所有者许可在某种程度上是不够的。添加以下权限后,我可以创建链接到现有负载均衡器的服务:

az role assignment create \
--assignee <SP Client ID> \
--role "Network Contributor" \
--scope /subscriptions/<subscription id>/resourceGroups/<resource group name>

关于azure - 使用具有所有者角色的帐户创建 LoadBalancer 服务时 AKS 授权失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/66340412/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com