我正在尝试使用 helm 安装 loki
$ helm upgrade --install loki grafana/loki-stack
我收到以下错误消息:
Release "loki" does not exist. Installing it now.
Error: rendered manifests contain a resource that already exists. Unable to continue with install: could not get information about the resource: podsecuritypolicies.policy "loki" is forbidden: User "secret user :)" cannot get resource "podsecuritypolicies" in API group "policy" at the cluster scope
$ helm list -all
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
我是一个简单的用户,但我可以通过 yaml 文件手动进行部署/pod。 我需要使用舵图。
您的用户似乎没有足够的权限来创建策略。您需要向集群管理员请求更多权限,除非您可以自己将这些权限分配给该用户。我在下面提供了示例 yaml 来实现这一目标。首先,创建具有适当权限的 ClusterRole:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: <role name>
rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['get']
然后,您需要将此 ClusterRole 绑定到用户:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: <binding name>
roleRef:
kind: ClusterRole
name: <role name>
apiGroup: rbac.authorization.k8s.io
subjects:
# Authorize all service accounts in a namespace (recommended):
- kind: Group
apiGroup: rbac.authorization.k8s.io
name: system:serviceaccounts:<authorized namespace>
# Authorize specific service accounts (not recommended):
- kind: ServiceAccount
name: <authorized service account name>
namespace: <authorized pod namespace>
# Authorize specific users (not recommended):
- kind: User
apiGroup: rbac.authorization.k8s.io
name: <authorized user name>
前往此处了解更多详细说明。