我正在尝试使用下面的YAML文件为课程中的练习创建ClusterRoleBinding:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nodes-admin
rules:
- apiGroups: [""]
resources:
- nodes
verbs:
- get
- list
- create
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: nodes-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: user1387
roleRef:
- apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nodes-admin
然而,它仍然失败:Error from server (BadRequest): error when creating "clusterrole.yaml": ClusterRoleBinding in version "v1" cannot be handled as a ClusterRoleBinding: json: cannot unmarshal array into Go struct field ClusterRoleBinding.roleRef of type v1.RoleRef
我调查了一段时间,但不能真正理解发生了什么。什么是错误?
1条答案
按热度按时间izkcnapc1#
问题是
roleRef
字段需要 * 一个 * 对象,该对象具有字段apiGroup
、kind
和name
。当您将-
放在roleRef
下的apiGroup
之前时,您正在创建 * 对象数组 *(当然,只包含一个对象,但仍然向roleRef
传递了错误类型的值)。解决方案是删除-
:错误消息确实解释了这一点,即使有时可能有点难以理解:
无法将*数组*解封到 * Go结构字段v1.RoleRef类型的ClusterRoleBinding.roleRef中