在Kubernetes中创建ClusterRoleBinding时,出现错误“无法将数组解组到Go结构字段ClusterRoleBinding.roleRef of type v1.RoleRef”

c0vxltue  于 2023-04-11  发布在  Kubernetes
关注(0)|答案(1)|浏览(199)

我正在尝试使用下面的YAML文件为课程中的练习创建ClusterRoleBinding:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: nodes-admin
rules:
  - apiGroups: [""]
    resources:
      - nodes
    verbs:
      - get
      - list
      - create
      - delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: nodes-admin
subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: user1387
roleRef:
  - apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: nodes-admin

然而,它仍然失败:
Error from server (BadRequest): error when creating "clusterrole.yaml": ClusterRoleBinding in version "v1" cannot be handled as a ClusterRoleBinding: json: cannot unmarshal array into Go struct field ClusterRoleBinding.roleRef of type v1.RoleRef
我调查了一段时间,但不能真正理解发生了什么。什么是错误?

izkcnapc

izkcnapc1#

问题是roleRef字段需要 * 一个 * 对象,该对象具有字段apiGroupkindname。当您将-放在roleRef下的apiGroup之前时,您正在创建 * 对象数组 *(当然,只包含一个对象,但仍然向roleRef传递了错误类型的值)。解决方案是删除-

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: nodes-admin
subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: user1387
roleRef:
  apiGroup: rbac.authorization.k8s.io  # ⇦ Changed here
  kind: ClusterRole                    # compare with the
  name: nodes-admin                    # original

错误消息确实解释了这一点,即使有时可能有点难以理解:
无法将*数组*解封到 * Go结构字段v1.RoleRef类型的ClusterRoleBinding.roleRef中

相关问题