微信公众号搜"智元新知"关注
微信扫一扫可直接关注哦!

更新 Kubernetes Ingress Controller 时无法更新资源

分类:编程问答

如何解决更新 Kubernetes Ingress Controller 时无法更新资源

我有一个 Kubernetes 集群 (v1.14.10),其中包含 kubernetes 入口控制器 (quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0)。尝试将 IC 更新到 0.30.0 时,我在 Nginx pod 上收到以下日志消息:

error updating ingress rule: ingresses.networking.k8s.io "test" is forbidden: User "system:serviceaccount:ingress:Nginx" cannot update resource "ingresses/status" in API group "networking.k8s.io" in the namespace "test"

Nginx的clusterrolebinding和role包含如下权限:

#kubectl describe clusterrolebinding Nginx-role
Name:         Nginx-role
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  Nginx-role
Subjects:
  Kind            Name   Namespace
  ----            ----   ---------
  ServiceAccount  Nginx  ingress

#kubectl describe clusterrole Nginx-role
Name:         Nginx-role
Labels:       <none>
Annotations:  <none>
PolicyRule:
  Resources                           Non-Resource URLs  Resource Names  Verbs
  ---------                           -----------------  --------------  -----
  events                              []                 []              [create patch]
  services                            []                 []              [get list update watch]
  ingresses.extensions                []                 []              [get list watch update]
  ingresses.networking.k8s.io         []                 []              [get list watch]
  namespaces                          []                 []              [get update]
  configmaps                          []                 []              [list watch get create update]
  nodes                               []                 []              [list watch get]
  endpoints                           []                 []              [list watch]
  pods                                []                 []              [list watch]
  secrets                             []                 []              [list watch]
  ingresses.extensions/status         []                 []              [update]
  ingresses.networking.k8s.io/status  []                 []              [update]

ingress 配置包含以下 apiVersion,不知道是不是因为新的networking.k8s.io/v1beta1 包([4127]https://github.com/kubernetes/ingress-nginx/pull/4127)

apiVersion: extensions/v1beta1 种类:入口

你能告诉我这是 kubernetes 入口配置还是集群角色问题? 谢谢。

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

苹果市值2025年有望达4万亿美元
pythonJavaScriptjavaHTMLreactjsC#AndroidCSSNode.jssqlrpython-3.xMysqLjQueryc++pandasFlutterangularIOSdjangolinuxswifttypescript路由器JSON路由器设置无线路由器h3c华三华三路由器设置华三路由器电脑软件教程arraysdocker软件图文教程Cvue.jslaravelspring-bootreact-native