报错:
namespaces is forbidden: User “system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard” cannot list resource “namespaces” in API group “” at the cluster scope
system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard
events is forbidden: User “system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard” cannot list resource “events” in API group “” in the namespace “default”
pods is forbidden: User “system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard” cannot list resource “pods” in API group “” in the namespace “default”
如图:
原因:
serviceaccount kubernetes-dashboard 权限问题,源文件namespace与当前环境namespace不一致
解决:
kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard
也可采用yaml方式
[root@k8s-master1 ~]# cat ansible-install-k8s/roles/addons/files/dashboard-clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: kubernetes-dashboard
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: cluster-admin
subjects:
- kind: ServiceAccountname: kubernetes-dashboardnamespace: kubernetes-dashboard
如果这条命令报错如: