验证码Kubernetes:无法连接到服务器:禁止

kb5ga3dv  于 2023-02-15  发布在  Kubernetes
关注(0)|答案(1)|浏览(150)

我尝试在vscode中使用kubernetes扩展,但是,当我尝试点击菜单列表中的任何一项时(见图),我收到错误弹出窗口Unable to connect to the server: Forbidden

但是,kubernetes调试日志完全为空,kubectl CLI似乎也工作正常。例如,命令kubectl config get-contexts返回:

CURRENT   NAME                         CLUSTER                      AUTHINFO        NAMESPACE
          ....
 *        ftxt-gpus-dev.oa             ftxt-gpus-dev.oa             username        my-namespace

当我运行kubectl auth can-i --list时,我得到以下内容:

Resources                                       Non-Resource URLs   Resource Names   Verbs
pods/exec                                       []                  []               [*]
pods/portforward                                []                  []               [*]
pods/status                                     []                  []               [*]
pods                                            []                  []               [*]
secrets                                         []                  []               [*]
cronjobs.batch                                  []                  []               [*]
jobs.batch                                      []                  []               [*]
selfsubjectaccessreviews.authorization.k8s.io   []                  []               [create]
selfsubjectrulesreviews.authorization.k8s.io    []                  []               [create]
events                                          []                  []               [get list watch]
namespaces/status                               []                  []               [get list watch]
namespaces                                      []                  []               [get list watch]
nodes/status                                    []                  []               [get list watch]
nodes                                           []                  []               [get list watch]
                                                [/api/*]            []               [get]
                                                [/api]              []               [get]
                                                [/apis/*]           []               [get]
                                                [/apis]             []               [get]
                                                [/healthz]          []               [get]
                                                [/healthz]          []               [get]
                                                [/livez]            []               [get]
                                                [/livez]            []               [get]
                                                [/openapi/*]        []               [get]
                                                [/openapi]          []               [get]
                                                [/readyz]           []               [get]
                                                [/readyz]           []               [get]
                                                [/version/]         []               [get]
                                                [/version/]         []               [get]
                                                [/version]          []               [get]
                                                [/version]          []               [get]
0mkxixxg

0mkxixxg1#

此错误意味着未设置正确的基于角色的访问控制(RBAC)权限或正确的授权策略。若要修复此错误,应首先检查尝试使用的用户帐户的RBAC权限。可以通过运行命令kubectl get clusterrolebinding查看当前RBAC权限来执行此操作。如果没有角色绑定,请尝试使用Kubernetes RBAC创建一个。
您还应该检查群集的授权策略。这可以通过运行命令kubectl get authorizationpolicies来完成。如果授权策略设置为拒绝所有用户访问,则您应该更新策略以允许用户访问群集。

相关问题