我在研究kubernetes集群的授权。
我现在用的是minikube集群,版本是v1.13.2。
我正在尝试创建具有聚合功能的CumberRole,以便子CumberRole可以接收父CumberRole的规则。
这是我的.yaml文件的内容。
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: parent-clusterrole
labels:
rbac.authorization.k8s.io/aggregate-to-child-clusterrole: "true"
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: child-clusterrole
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.authorization.k8s.io/aggregate-to-child-clusterrole: "true"
rules: []当我尝试使用kubectl apply -f {file-name}创建资源时,我收到了下面的结果。
clusterrole.rbac.authorization.k8s.io/parent-clusterrole created
Error from server (BadRequest): error when creating "clusterrole-aggregation.yaml": ClusterRole in version "v1" cannot be handled as a ClusterRole: strict decoding error: unknown field "aggregationRule.clusterRoleSelectors[0].rbac.authorization.k8s.io/aggregate-to-child-clusterrole"是不是有什么错误的东西我抓不到?
1条答案
按热度按时间bwntbbo31#
试试看: