KubeSphere+DevOps部署到K8S问题

按照KubeSphere官方文档使用jenkinsfile部署流水线时遇到问题

报错信息描述如下

+ kubectl apply -f -

Error from server (Forbidden): error when retrieving current configuration of:

Resource: "apps/v1, Resource=deployments", GroupVersionKind: "apps/v1, Kind=Deployment"

Name: "ks-sample-dev", Namespace: "kubesphere-sample-dev"

from server for: "STDIN": deployments.apps "ks-sample-dev" is forbidden: User "system:serviceaccount:kubesphere-devops-worker:default" cannot get resource "deployments" in API group "apps" in the namespace "kubesphere-sample-dev"

Error from server (Forbidden): error when retrieving current configuration of:

Resource: "/v1, Resource=services", GroupVersionKind: "/v1, Kind=Service"

Name: "ks-sample-dev", Namespace: "kubesphere-sample-dev"

from server for: "STDIN": services "ks-sample-dev" is forbidden: User "system:serviceaccount:kubesphere-devops-worker:default" cannot get resource "services" in API group "" in the namespace "kubesphere-sample-dev"

script returned exit code 1

这个的错误的信息代表的意思是,system:serviceaccount:kubesphere-devops-worker:default是没有权限访问K8s的 API group的。 解决方法是给system:serviceaccount:kubesphere-devops-worker:default绑定更高的权限

apiVersion: rbac.authorization.k8s.io/v1

kind: ClusterRoleBinding

metadata:

name: kubesphere-devops-worker-installer-binding

roleRef:

apiGroup: rbac.authorization.k8s.io

kind: ClusterRole

name: ks-installer

subjects:

- kind: ServiceAccount

name: default

namespace: kubesphere-devops-worker

参考链接

评论可见,请评论后查看内容,谢谢!!!评论后请刷新页面。