我尝试在vscode中使用kubernetes扩展,但是,当我尝试点击菜单列表中的任何一项时(见图),我收到错误弹出窗口Unable to connect to the server: Forbidden。
但是,kubernetes调试日志完全为空,kubectl CLI似乎也工作正常。例如,命令kubectl config get-contexts返回:
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
....
* ftxt-gpus-dev.oa ftxt-gpus-dev.oa username my-namespace当我运行kubectl auth can-i --list时,我得到以下内容:
Resources Non-Resource URLs Resource Names Verbs
pods/exec [] [] [*]
pods/portforward [] [] [*]
pods/status [] [] [*]
pods [] [] [*]
secrets [] [] [*]
cronjobs.batch [] [] [*]
jobs.batch [] [] [*]
selfsubjectaccessreviews.authorization.k8s.io [] [] [create]
selfsubjectrulesreviews.authorization.k8s.io [] [] [create]
events [] [] [get list watch]
namespaces/status [] [] [get list watch]
namespaces [] [] [get list watch]
nodes/status [] [] [get list watch]
nodes [] [] [get list watch]
[/api/*] [] [get]
[/api] [] [get]
[/apis/*] [] [get]
[/apis] [] [get]
[/healthz] [] [get]
[/healthz] [] [get]
[/livez] [] [get]
[/livez] [] [get]
[/openapi/*] [] [get]
[/openapi] [] [get]
[/readyz] [] [get]
[/readyz] [] [get]
[/version/] [] [get]
[/version/] [] [get]
[/version] [] [get]
[/version] [] [get]
1条答案
按热度按时间0mkxixxg1#
此错误意味着未设置正确的基于角色的访问控制(RBAC)权限或正确的授权策略。若要修复此错误,应首先检查尝试使用的用户帐户的RBAC权限。可以通过运行命令
kubectl get clusterrolebinding查看当前RBAC权限来执行此操作。如果没有角色绑定,请尝试使用Kubernetes RBAC创建一个。您还应该检查群集的授权策略。这可以通过运行命令
kubectl get authorizationpolicies来完成。如果授权策略设置为拒绝所有用户访问,则您应该更新策略以允许用户访问群集。