今天升級(jí)了nginx-ingres-controller唾那,from 0.24.1 to 0.25.1埠帕,然后報(bào)標(biāo)題描述的錯(cuò)誤:
Failed to list *v1beta1.Ingress: ingresses.networking.k8s.io is forbidden: User "system:serviceaccount:ingress-nginx:nginx-ingress-serviceaccount" cannot list resource "ingresses" in API group "networking.k8s.io" at the cluster scope
原因已經(jīng)說得很清楚明白了,沒有access權(quán)限话侄,
原因很簡單亏推,太想當(dāng)然的只升級(jí)了image版本,沒有修改yaml其實(shí)官方的yaml已經(jīng)修改了ClusterRole部分年堆。
https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/mandatory.yaml
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses/status
verbs:
- update
---
最怕開源這種升級(jí)說改就改也不提醒一下黄虱,最怕升出毛病啊疾牲。
