在pod中擴展kubernetes部署-權限被拒絕？-有解無憂

我正在嘗試從 pod 中擴展和縮減部署。
為此，我創建了一個服務帳戶，使用以下 rbac 進行集群角色系結：

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  namespace: backups-scripts
  name: backups-roles
rules:
  - apiGroups: [""]
    resources:
      - pods
    verbs:
      - get
      - list
      - delete
      - watch
  - apiGroups: ["apps","extensions"]
    resources:
      - deployments
      - replicasets
      - statefulsets
    verbs:
      - get
      - list
      - patch
      - update
      - watch
      - scale

用auth can-ikube 測驗時說一切正常：

$ kubectl auth can-i delete deployment  --namespace vm-catalogue --as system:serviceaccount:backups-scripts:backups-sa
no - no RBAC policy matched
$ kubectl auth can-i list deployment  --namespace vm-catalogue --as system:serviceaccount:backups-scripts:backups-sa
yes
$ kubectl auth can-i scale deployment  --namespace vm-catalogue --as system:serviceaccount:backups-scripts:backups-sa
yes
$ kubectl auth can-i update deployment  --namespace vm-catalogue --as system:serviceaccount:backups-scripts:backups-sa
yes
$ kubectl auth can-i patch deployment  --namespace vm-catalogue --as system:serviceaccount:backups-scripts:backups-sa
yes

但是現在當在 pod 中執行 kubectl 命令時，我收到以下錯誤：

$ kubectl scale --replicas="$replicas" deployment -n "vm-catalogue" "mysql"
 Error from server (Forbidden): deployments.extensions "mysql" is forbidden: User "system:serviceaccount:backups-scripts:backups-sa" cannot get resource "deployments/scale" in API group "extensions" in the namespace "vm-catalogue"

我知道“串列”和“獲取”動詞有效，因為我在腳本中提取這些資訊（并且那部分有效）。

所以..我不明白，我錯過了什么？

uj5u.com熱心網友回復：

我認為您粘貼的錯誤訊息很好地表明了這一點：

$ kubectl scale --replicas="$replicas" deployment -n "vm-catalogue" "mysql"
 Error from server (Forbidden): deployments.extensions "mysql" is forbidden: User "system:serviceaccount:backups-scripts:backups-sa" cannot get resource "deployments/scale" in API group "extensions" in the namespace "vm-catalogue"

無法獲得資源“部署/規模”

根據Kubernetes rbac 檔案 #referring 資源

“要在 RBAC 角色中表示這一點，請使用斜杠 (/) 來分隔資源和子資源”。

如：

- deployments/scale
- deployments/status
- pods/log

轉載請註明出處，本文鏈接：https://www.uj5u.com/qukuanlian/432957.html

標籤：Kubernetes rbac

上一篇：在SpringBoot中將KubernetesConfigMap值獲取到application.properties

下一篇：絕對值的GKE自動縮放指標