我已在Azure上的私人商店中创建了一个应用。我尝试从Marketplace安装应用时收到以下错误:
Error: [ InnerError: [Helm installation failed : Unable to build the Kubernetes resources in the extension based on the cluster : InnerError [unable to build kubernetes objects from release manifest: error validating "": error validating data: failed to check CRD: failed to list CRDs: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:kube-system:ext-installer-ssdeploy1" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope]]] occurred while doing the operation : [Patch] on the config, For general troubleshooting visit: https://aka.ms/k8s-extensions-TSG
字符串
这里是我尝试过的角色和角色绑定yamls,但没有工作。我是K8的新手,所以有些事情我不明白。
role.yaml
apiVersion: rbac.authorization.k8s.io/v1kind: Rolemetadata:namespace: defaultname: defaultrules:- apiGroups: ["apiextensions.k8s.io"]resources: ["customresourcedefinitions"]verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
型
角色绑定.yaml
apiVersion: rbac.authorization.k8s.io/v1kind: RoleBindingmetadata:name: ext-installer-ssdeploy1namespace: defaultsubjects:- kind: ServiceAccountname: defaultnamespace: defaultroleRef:kind: Rolename: ext-installer-ssdeploy1apiGroup: rbac.authorization.k8s.io
型
任何帮助都非常感谢。
1条答案
按热度按时间unguejic1#
您的错误指示服务帐户
ext-installer-ssdeploy1没有列出apiextensions.k8s.io API组中的自定义资源定义所需的权限。若要解决此问题,您需要向服务帐户授予必要的RBAC权限。还需要修改角色中的name属性。yaml个字符
授予必要的权限后,尝试再次安装Helm chart,它应该工作。
参考文件-Official K8s Role Example