安装东西时的身份验证问题
Authentication problem when installing something
由于凭据问题,该命令失败,但是当您使用 kubectl get nodes 进行测试时,一切看起来都很好。
helm install 的输出:
⋊> ~/t/mtltech on master ⨯ helm install --name nginx-ingress stable/nginx-ingress --set rbac.create=true 00:31:41
Error: the server has asked for the client to provide credentials
kubectl get nodes 的输出:
⋊> ~/t/mtltech on master ⨯ kubectl get nodes 00:37:41
NAME STATUS ROLES AGE VERSION
gke-mtltech-default-pool-977ee0b2-5lmi Ready <none> 7h v1.11.7-gke.4
gke-mtltech-default-pool-977ee0b2-hi4v Ready <none> 7h v1.11.7-gke.4
gke-mtltech-default-pool-977ee0b2-mjiv Ready <none> 7h v1.11.7-gke.4
helm version 的输出:
Client: &version.Version{SemVer:"v2.13.0", GitCommit:"79d07943b03aea2b76c12644b4b54733bc5958d6", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.13.0", GitCommit:"79d07943b03aea2b76c12644b4b54733bc5958d6", GitTreeState:"clean"}
kubectl version 的输出:
Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.11", GitCommit:"637c7e288581ee40ab4ca210618a89a555b6e7e9", GitTreeState:"clean", BuildDate:"2018-11-26T14:38:32Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"11+", GitVersion:"v1.11.7-gke.4", GitCommit:"618716cbb236fb7ca9cabd822b5947e298ad09f7", GitTreeState:"clean", BuildDate:"2019-02-05T19:22:29Z", GoVersion:"go1.10.7b4", Compiler:"gc", Platform:"linux/amd64"}
云提供商:Google Cloud
我尝试用 rm -rf ~/.helm && helm init --service-account tiller 重置它几次,但它没有任何改变。
有什么想法吗?
谢谢。
这里的问题是 Tiller。我不知道你是如何部署 Helm 和 Tiller 的,但错误就在那里。
我使用了这个图表并且一切正常,然后我删除了我的服务帐户和集群角色绑定,我遇到了同样的错误 - 仅删除集群角色绑定会出现错误:
Error: release nginx-ingress failed: namespaces "default" is forbidden: User "system:serviceaccount:kube-system:tiller" cannot get namespaces in the namespace "default"
所以错误是由于缺少服务帐户或两者兼而有之。
解决方法:
rm -rf ~/.helm
kubectl create serviceaccount tiller --namespace kube-system
kubectl create clusterrolebinding tiller-cluster-rule \
--clusterrole=cluster-admin \
--serviceaccount=kube-system:tiller
helm init --service-account=tiller
kubectl get pods -n kube-system
查看tiller pod的全名:
kubectl delete pod -n kube-system tiller-deploy-xxx
等待 tiller pod 重新部署并安装您的 helm chart:
helm install --name nginx-ingress stable/nginx-ingress --set rbac.create=true
由于凭据问题,该命令失败,但是当您使用 kubectl get nodes 进行测试时,一切看起来都很好。
helm install 的输出:
⋊> ~/t/mtltech on master ⨯ helm install --name nginx-ingress stable/nginx-ingress --set rbac.create=true 00:31:41
Error: the server has asked for the client to provide credentials
kubectl get nodes 的输出:
⋊> ~/t/mtltech on master ⨯ kubectl get nodes 00:37:41
NAME STATUS ROLES AGE VERSION
gke-mtltech-default-pool-977ee0b2-5lmi Ready <none> 7h v1.11.7-gke.4
gke-mtltech-default-pool-977ee0b2-hi4v Ready <none> 7h v1.11.7-gke.4
gke-mtltech-default-pool-977ee0b2-mjiv Ready <none> 7h v1.11.7-gke.4
helm version 的输出:
Client: &version.Version{SemVer:"v2.13.0", GitCommit:"79d07943b03aea2b76c12644b4b54733bc5958d6", GitTreeState:"clean"}
Server: &version.Version{SemVer:"v2.13.0", GitCommit:"79d07943b03aea2b76c12644b4b54733bc5958d6", GitTreeState:"clean"}
kubectl version 的输出:
Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.11", GitCommit:"637c7e288581ee40ab4ca210618a89a555b6e7e9", GitTreeState:"clean", BuildDate:"2018-11-26T14:38:32Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"11+", GitVersion:"v1.11.7-gke.4", GitCommit:"618716cbb236fb7ca9cabd822b5947e298ad09f7", GitTreeState:"clean", BuildDate:"2019-02-05T19:22:29Z", GoVersion:"go1.10.7b4", Compiler:"gc", Platform:"linux/amd64"}
云提供商:Google Cloud
我尝试用 rm -rf ~/.helm && helm init --service-account tiller 重置它几次,但它没有任何改变。
有什么想法吗? 谢谢。
这里的问题是 Tiller。我不知道你是如何部署 Helm 和 Tiller 的,但错误就在那里。
我使用了这个图表并且一切正常,然后我删除了我的服务帐户和集群角色绑定,我遇到了同样的错误 - 仅删除集群角色绑定会出现错误:
Error: release nginx-ingress failed: namespaces "default" is forbidden: User "system:serviceaccount:kube-system:tiller" cannot get namespaces in the namespace "default"
所以错误是由于缺少服务帐户或两者兼而有之。
解决方法:
rm -rf ~/.helm
kubectl create serviceaccount tiller --namespace kube-system
kubectl create clusterrolebinding tiller-cluster-rule \
--clusterrole=cluster-admin \
--serviceaccount=kube-system:tiller
helm init --service-account=tiller
kubectl get pods -n kube-system
查看tiller pod的全名:
kubectl delete pod -n kube-system tiller-deploy-xxx
等待 tiller pod 重新部署并安装您的 helm chart:
helm install --name nginx-ingress stable/nginx-ingress --set rbac.create=true