ingress-nginx报错资源configmaps没有更新权限
问题:ingress-nginx账号Failed to update lock:configmaps “ingress-controller-leader” is forbidden
解决:
1.查看ingress-nginx的权限
[root@k8s-master-1 ~]# kubectl describe clusterRole ingress-nginx -ningress-nginx
Name: ingress-nginx
Labels: app.kubernetes.io/name=ingress-nginx
app.kubernetes.io/part-of=ingress-nginx
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
events [] [] [create patch]
services [] [] [get list watch]
ingressclasses.extensions [] [] [get list watch]
ingresses.extensions [] [] [get list watch]
ingressclasses.networking.k8s.io" [] [] [get list watch]
ingressclasses.networking.k8s.io [] [] [get list watch]
ingresses.networking.k8s.io [] [] [get list watch]
configmaps [] [] [list watch get]
nodes [] [] [list watch get]
endpoints [] [] [list watch]
pods [] [] [list watch]
secrets [] [] [list watch]
ingresses.extensions/status [] [] [update]
ingresses.networking.k8s.io/status [] [] [update]
可见权限资源绑定configmap没有update权限
2.赋权
kubectl edit clusterRole ingress-nginx -ningress-nginx
再最后添加
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- update