When helm installed Prometheus, the NFS client provider serviceaccount was arranged in the default namespace and encountered a title problem
[[email protected] NFS]$ vim nfs-rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: nfs-client-provisioner
#namespace: nfs-client
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"] ## Deploy to the default namespace to report an error title error
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: default
roleRef:
kind: ClusterRole
name: nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: default
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: leader-locking-nfs-client-provisioner
namespace: default
subjects:
- kind: ServiceAccount
name: nfs-client-provisioner
namespace: default
roleRef:
kind: Role
name: leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io
kubectl logs nfs-client-provisioner-764f44f754-wdtqp nfs provider pod
E1206 08:52:27.293890 1 leaderelection.go:234] error retrieving resource lock default/fuseim.pri-ifs: endpoints "fuseim.pri-ifs" is forbidden: User "system:serviceaccount:default:nfs-client-provisioner" cannot get resource "endpoints" in API group "" in the namespace "default"
Modify clusterrole configuration permissions
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "list", "watch", "create", "update", "patch"] ### 把权限修改为这个(default namespace)
Read More:
- [Solved] K8s cluster build error: error: kubectl get csr No resources found.
- [Solved] Kubernetes ingress-srv. error: failed calling webhook “validate.nginx.ingress.kubernetes.io”
- K8s ❉ Error: cannot be handled as a** [How to Solve]
- C++ Opencv+BaiDu OCR“error“: “unsupported_grant_type“, “error_description“: “The authorization grant
- How to Solve Client-go Mod Error
- NBU The vnet proxy encounrtened an error [How to Solve]
- [Solved] RHEL 7.6 Use yum Error: Could not contact any CDS load balancers
- [HTTP] Solve the 406 not acceptable error
- kafka Error: Error while fetching metadata with correlation
- Kubernetes Error: Error in configuration: unable to read client-cert* unable to read client-key*
- Nacos Error: server is DOWN now, please try again later! [How to Solve]
- [Solved] Nginx Error: 400 Request Header Or Cookie Too Large
- Error reporting and resolution of kubernetes installation
- Tomcat: “localhost:8080” Error 401: Unauthorized
- [Solved] HBase Error: ERROR: org.apache.hadoop.hbase.PleaseHoldException: Master is initializing
- IdentityServer4 Error: well-known/openid-configuration: HTTPS required
- [Solved] TortoiseGitPlink Fatal Error: No supported authentication methods available (server sent: publi
- [Solved] Eureka related services Start Error: cannot execute request on any known server
- [Solved] panic: runtime error: invalid memory address or nil pointer dereference
- [Solved] pod Error: back off restarting failed container