前端之家

  1. 首页
  2. 问答

观看禁止的kubernetes事件

问答

我想观看k8s事件以进行监视,现在我已经完成了以下步骤:

    1. create a serviceaccount
    2. create a role,allow list/get/watch events
    3. create rolebinding

但是该过程除了错误和禁止之外,有什么不对吗?

---
apiVersion: v1
kind: Serviceaccount
metadata:
  name: kube-events

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: kube-events
rules:
- apiGroups: [""]
  resources: ["events"]
  verbs: ["get","list","watch"]

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: kube-events
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kube-events
subjects:
- kind: Serviceaccount
  name: kube-events

kubernetes.client.rest.ApiException: (403)
Reason: Forbidden
HTTP response headers: HTTPHeaderDict({'Content-Type': 'application/json','X-Content-Type-Options': 'nosniff','Date': 'Mon,11 Nov 2019 09:26:34 GMT','Content-Length': '287'})
HTTP response body: b'{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"events is forbidden: User \\"system:serviceaccount:kkmh-ruly:kube-events\\" cannot watch resource \\"events\\" in API group \\"\\" at the cluster scope","reason":"Forbidden","details":{"kind":"events"},"code":403}\n'
Jason82918 回答:观看禁止的kubernetes事件
暂时没有好的解决方案,如果你有好的解决方案,请发邮件至:iooj@foxmail.com
kubernetesrbac
本文链接:https://www.f2er.com/3125247.html

大家都在问