"Le" tableau de bord kubernetes "de ClusterRoleBinding n'est pas valide: roleRef: valeur non valide" lors du déploiement de l'interface utilisateur Web
J'essaye de déployer Kubernetes Web UI comme décrit ici: https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
La configuration de mon système est la suivante:
$ uname -a
Linux debian 4.19.0-6-AMD64 #1 SMP Debian 4.19.67-2+deb10u2 (2019-11-11) x86_64 GNU/Linux
$ /usr/bin/qemu-system-x86_64 --version
QEMU emulator version 3.1.0 (Debian 1:3.1+dfsg-8+deb10u3)
Copyright (c) 2003-2018 Fabrice Bellard and the QEMU Project developers
$ minikube version
minikube version: v1.5.2
commit: 792dbf92a1de583fcee76f8791cff12e0c9440ad-dirty
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.3", GitCommit:"b3cbbae08ec52a7fc73d334838e18d17e8512749", GitTreeState:"clean", BuildDate:"2019-11-13T11:23:11Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/AMD64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.2", GitCommit:"c97fe5036ef3df2967d086711e6c0c405941e14b", GitTreeState:"clean", BuildDate:"2019-10-15T19:09:08Z", GoVersion:"go1.12.10", Compiler:"gc", Platform:"linux/AMD64"}
Après le démarrage du cluster minukube minikube start J'ai créé un compte de service et ClusterRoleBinding comme décrit ici: https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md =
$ nano dashboard-adminuser.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
$ kubectl apply -f dashboard-adminuser.yaml
$ nano dashboard-adminuser.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
$ kubectl apply -f dashboard-adminuser.yaml
Maintenant j'exécute:
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta6/aio/deploy/recommended.yaml
ou
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml
et obtenez la sortie suivante:
namespace/kubernetes-dashboard configured
serviceaccount/kubernetes-dashboard configured
service/kubernetes-dashboard configured
secret/kubernetes-dashboard-certs configured
secret/kubernetes-dashboard-csrf configured
secret/kubernetes-dashboard-key-holder configured
configmap/kubernetes-dashboard-settings configured
role.rbac.authorization.k8s.io/kubernetes-dashboard configured
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard configured
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard configured
deployment.apps/kubernetes-dashboard configured
service/dashboard-metrics-scraper configured
deployment.apps/dashboard-metrics-scraper configured
The ClusterRoleBinding "kubernetes-dashboard" is invalid: roleRef: Invalid value: rbac.RoleRef{APIGroup:"rbac.authorization.k8s.io", Kind:"ClusterRole", Name:"kubernetes-dashboard"}: cannot change roleRef
Que s'est-il passé et comment y remédier?
le problème est que vous avez manqué cette note:
REMARQUE: l'apiVersion de la ressource ClusterRoleBinding peut différer entre les versions de Kubernetes.
Avant Kubernetes v1.8, l'apiVersion était rbac.authorization.k8s.io/v1beta1.
Cela devrait résoudre ce problème.
Edit1:
this issue parle du même problème. spécifiquement ce commentaire. parle de
Les liaisons de rôles sont immuables
Parce que voici
dashboard-adminuser.yaml définit roleRef.
et
fichier yaml vous appliquez plus tard a roleRef dans le même espace de noms.
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubernetes-dashboard
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
L'erreur "ne peut pas changer roleRef" faisait référence au fait que le ClusterRoleBinding existait déjà.
Essayez de supprimer le ClusterRoleBinding existant kubernetes-dashboard
Exécutez ci-dessous pour supprimer l'existant:
kubectl delete clusterrolebinding kubernetes-dashboard
Après cela, essayez de réinstaller. Faites-nous savoir si cela résout le problème.
Je reçois également cette erreur, résolue en exécutant le tableau de bord via minikube:
minikube dashboard
Production:
???? Verifying dashboard health ...
???? Launching proxy ...
???? Verifying proxy health ...
???? Opening http://127.0.0.1:34653/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/ in your default browser...
Juste reproduit.
1) espace de noms créé, ServiceAccount et ClusterRolebinding
cat dashboard-adminuser.yaml
---
apiVersion: v1
kind: Namespace
metadata:
name: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
2) l'appliquer
kubectl apply -f dashboard-adminuser.yaml
namespace/kubernetes-dashboard created
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user unchanged
3) Installer le tableau de bord
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta6/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard unchanged
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created