我试图创建一个Istio Virtualservice。然而,我得到了下面的错误,尽管我绑定了cluster-admin角色。
UPGRADE FAILED: could not get information about the resource: virtualservices.networking.istio.io "admin-ui" is forbidden: User "vaish@admin" cannot get resource "virtualservices" in API group "networking.istio.io" in the namespace "onboarding"我还尝试创建一个新的Clusterrole,如下所示,并创建一个绑定到我的用户,这也没有产生任何结果。
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: istio-editor-role
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rules:
- apiGroups: ["config.istio.io", "networking.istio.io", "rbac.istio.io", "authentication.istio.io", "security.istio.io"]
resources: ["virtualservices"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"kubectl create clusterrolebinding istio-editor-binding --clusterrole=istio-editor-role --user=vaish@admin
2条答案
按热度按时间6rvt4ljy1#
解决方案是将用户添加到cluster-admin角色
kmbjn2e32#
我也遇到了同样的问题,但我只希望能够通过Helm部署虚拟服务,没有其他Istio对象。所以我做了以下ClusterRole和ClusterRoleBinding。