azure - helm install stable/nginx-ingress 导致错误“错误：发布 unrealized-labradoodle 失败：clusterroles.rbac.authorization.k8s.io”

问题描述

我正在尝试按照以下说明安装入口控制器：

https://docs.microsoft.com/en-us/azure/aks/ingress-tls

运行helm install stable/nginx-ingress --namespace kube-system --set controller.replicaCount=1 --tls导致错误：

Error: release unrealized-labradoodle failed: clusterroles.rbac.authorization.k8s.io "unrealized-labradoodle-nginx-ingress" is forbidden: attempt to grant extra privileges: [{[list] [] [configmaps] [] []} {[watch] [] [configmaps] [] []} {[list] [] [endpoints] [] []} {[watch] [] [endpoints] [] []} {[list] [] [nodes] [] []} {[watch] [] [nodes] [] []} {[list] [] [pods] [] []} {[watch] [] [pods] [] []} {[list] [] [secrets] [] []} {[watch] [] [secrets] [] []} {[get] [] [nodes] [] []} {[get] [] [services] [] []} {[list] [] [services] [] []} {[update] [] [services] [] []} {[watch] [] [services] [] []} {[get] [extensions] [ingresses] [] []} {[list] [extensions] [ingresses] [] []} {[watch] [extensions] [ingresses] [] []} {[create] [] [events] [] []} {[patch] [] [events] [] []} {[update] [extensions] [ingresses/status] [] []}] user=&{system:serviceaccount:kube-system:tiller ************* [system:serviceaccounts system:serviceaccounts:kube-system system:authenticated] map[]} ownerrules=[] ruleResolutionErrors=[clusterroles.rbac.authorization.k8s.io "cluster-admin" not found]

我该如何解决这个错误？原因是什么？

标签： azurekuberneteskubernetes-helmazure-aks

apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: tiller
    namespace: kube-system

我不得不添加上面的 ClusterRole。

https://github.com/Azure/acs-engine/issues/1892#issuecomment-402189707

azure - helm install stable/nginx-ingress 导致错误“错误：发布 unrealized-labradoodle 失败：clusterroles.rbac.authorization.k8s.io”

问题描述

解决方案

推荐阅读