海口-老男人 17:24:48
大哥,這個是啥報錯呀
海口-老男人 17:27:04
E0413 09:23:13.134144 1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.3/tools/cache/reflector.go:105: Failed to list *v1alpha1.IngressRouteUDP: ingressrouteudps.traefik.containo.us is forbidden: User "system:serviceaccount:kube-system:traefik-ingress-controller" cannot list resource "ingressrouteudps" in API group "traefik.containo.us" at the cluster scope
海口-老男人 17:35:42
部署的時候沒有任何問題。。
海口-老男人 17:36:00
pod 也是 running狀態
貫通golang之前不改名 17:36:09
海口-老男人 17:36:39
然后我發現訪問不到 dash
海口-老男人 17:36:47
describe 也沒報錯
海口-老男人 17:36:51
就 log 提示了這個
海口-老男人 17:37:19
貫通golang之前不改名 17:46:06
權限呢
貫通golang之前不改名 17:48:23
權限的問題 沒有給角色添加這個資源
貫通golang之前不改名 17:50:21
還在不在???
貫通golang之前不改名 17:50:45
讓我瞅瞅你的rbac
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: kube-system
name: traefik-ingress-controller
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups: [""]
resources: ["services","endpoints","secrets"]
verbs: ["get","list","watch"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["get","list","watch"]
- apiGroups: ["extensions"]
resources: ["ingresses/status"]
verbs: ["update"]
- apiGroups: ["traefik.containo.us"]
resources: ["middlewares"]
verbs: ["get","list","watch"]
- apiGroups: ["traefik.containo.us"]
resources: ["ingressroutes"]
verbs: ["get","list","watch"]
- apiGroups: ["traefik.containo.us"]
resources: ["ingressroutetcps"]
verbs: ["get","list","watch"]
- apiGroups: ["traefik.containo.us"]
resources: ["tlsoptions"]
verbs: ["get","list","watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
貫通golang之前不改名 17:53:27
貫通golang之前不改名 17:53:48
貫通golang之前不改名 17:53:58
少個udp的 rule
很是不解 我用的版本是1.17.2 配置沒問題,朋友用的是1.17.4就存在問題,這個有待追究。