海口-老男人 17:24:48
大哥,这个是啥报错呀
海口-老男人 17:27:04
E0413 09:23:13.134144 1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.3/tools/cache/reflector.go:105: Failed to list *v1alpha1.IngressRouteUDP: ingressrouteudps.traefik.containo.us is forbidden: User "system:serviceaccount:kube-system:traefik-ingress-controller" cannot list resource "ingressrouteudps" in API group "traefik.containo.us" at the cluster scope
海口-老男人 17:35:42
部署的时候没有任何问题。。
海口-老男人 17:36:00
pod 也是 running状态
贯通golang之前不改名 17:36:09
海口-老男人 17:36:39
然后我发现访问不到 dash
海口-老男人 17:36:47
describe 也没报错
海口-老男人 17:36:51
就 log 提示了这个
海口-老男人 17:37:19
贯通golang之前不改名 17:46:06
权限呢
贯通golang之前不改名 17:48:23
权限的问题 没有给角色添加这个资源
贯通golang之前不改名 17:50:21
还在不在???
贯通golang之前不改名 17:50:45
让我瞅瞅你的rbac
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: kube-system
name: traefik-ingress-controller
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups: [""]
resources: ["services","endpoints","secrets"]
verbs: ["get","list","watch"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["get","list","watch"]
- apiGroups: ["extensions"]
resources: ["ingresses/status"]
verbs: ["update"]
- apiGroups: ["traefik.containo.us"]
resources: ["middlewares"]
verbs: ["get","list","watch"]
- apiGroups: ["traefik.containo.us"]
resources: ["ingressroutes"]
verbs: ["get","list","watch"]
- apiGroups: ["traefik.containo.us"]
resources: ["ingressroutetcps"]
verbs: ["get","list","watch"]
- apiGroups: ["traefik.containo.us"]
resources: ["tlsoptions"]
verbs: ["get","list","watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: kube-system
贯通golang之前不改名 17:53:27
贯通golang之前不改名 17:53:48
贯通golang之前不改名 17:53:58
少个udp的 rule
很是不解 我用的版本是1.17.2 配置没问题,朋友用的是1.17.4就存在问题,这个有待追究。