英文:
Vscode Kubernetes: Unable to connect to the server: Forbidden
问题
我正在尝试在Visual Studio Code中使用Kubernetes扩展。然而,当我尝试单击菜单列表中的任何项目(请参见图像)时,我收到错误弹出窗口“无法连接到服务器:禁止”。
Kubernetes调试日志完全为空,kubectl CLI似乎也正常工作。例如,运行kubectl config get-contexts命令返回:
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
....
* ftxt-gpus-dev.oa ftxt-gpus-dev.oa username my-namespace
当我运行kubectl auth can-i --list时,我得到以下结果:
Resources Non-Resource URLs Resource Names Verbs
pods/exec [] [] [*]
pods/portforward [] [] [*]
pods/status [] [] [*]
pods [] [] [*]
secrets [] [] [*]
cronjobs.batch [] [] [*]
jobs.batch [] [] [*]
selfsubjectaccessreviews.authorization.k8s.io [] [] [create]
selfsubjectrulesreviews.authorization.k8s.io [] [] [create]
events [] [] [get list watch]
namespaces/status [] [] [get list watch]
namespaces [] [] [get list watch]
nodes/status [] [] [get list watch]
nodes [] [] [get list watch]
[/api/*] [] [get]
[/api] [] [get]
[/apis/*] [] [get]
[/apis] [] [get]
[/healthz] [] [get]
[/healthz] [] [get]
[/livez] [] [get]
[/livez] [] [get]
[/openapi/*] [] [get]
[/openapi] [] [get]
[/readyz] [] [get]
[/readyz] [] [get]
[/version/] [] [get]
[/version/] [] [get]
[/version] [] [get]
[/version] [] [get]
英文:
I am trying to use the kubernetes extension in vscode.
However, when I try to click on any item in the menu list (see image), I receive the error popup Unable to connect to the server: Forbidden.
The kubernetes debug logs are however completely empty, and the kubectl CLI also seems to work fine. For example the command kubectl config get-contexts returns:
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
....
* ftxt-gpus-dev.oa ftxt-gpus-dev.oa username my-namespace
When I run kubectl auth can-i --list I get the following:
Resources Non-Resource URLs Resource Names Verbs
pods/exec [] [] [*]
pods/portforward [] [] [*]
pods/status [] [] [*]
pods [] [] [*]
secrets [] [] [*]
cronjobs.batch [] [] [*]
jobs.batch [] [] [*]
selfsubjectaccessreviews.authorization.k8s.io [] [] [create]
selfsubjectrulesreviews.authorization.k8s.io [] [] [create]
events [] [] [get list watch]
namespaces/status [] [] [get list watch]
namespaces [] [] [get list watch]
nodes/status [] [] [get list watch]
nodes [] [] [get list watch]
[/api/*] [] [get]
[/api] [] [get]
[/apis/*] [] [get]
[/apis] [] [get]
[/healthz] [] [get]
[/healthz] [] [get]
[/livez] [] [get]
[/livez] [] [get]
[/openapi/*] [] [get]
[/openapi] [] [get]
[/readyz] [] [get]
[/readyz] [] [get]
[/version/] [] [get]
[/version/] [] [get]
[/version] [] [get]
[/version] [] [get]
答案1
得分: 1
这个错误表示没有设置正确的基于角色的访问控制(RBAC)权限或正确的授权策略。要解决这个错误,你应该首先检查你正在尝试使用的用户帐户的RBAC权限。你可以通过运行命令 kubectl get clusterrolebinding 来查看当前的RBAC权限。如果你没有角色绑定,请尝试使用 Kubernetes RBAC 创建一个。
另外,你还应该检查集群的授权策略。这可以通过运行命令 kubectl get authorizationpolicies 来完成。如果授权策略设置为拒绝所有用户访问,那么你应该更新策略以允许用户访问集群。
英文:
This error means that the correct Role-Based Access Control (RBAC) permissions or the correct authorization policy are not set. To fix this error, you should first check the RBAC permissions for the user account you are attempting to use. You can do this by running the command kubectl get clusterrolebinding to view the current RBAC permissions. If you don’t have a role binding try to create one using Kubernetes RBAC.
Also you should check the authorization policy for the cluster. This can be done by running the command kubectl get authorizationpolicies. If the authorization policy is set to deny access to all users, then you should update the policy to allow the user to access the cluster.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论