本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
RBAC权限或绑定配置不正确
如果您遇到任何RBAC权限或绑定问题,请确认 aws-batch
Kubernetes 角色可以访问 Kubernetes 命名空间:
$
kubectl get namespace
namespace
--as=aws-batch
$
kubectl auth can-i get ns --as=aws-batch
您也可以使用kubectl describe
命令查看群集角色的授权或 Kubernetes 命名空间。
$
kubectl describe clusterrole
aws-batch-cluster-role
下面是示例输出。
Name: aws-batch-cluster-role
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
configmaps [] [] [get list watch]
nodes [] [] [get list watch]
pods [] [] [get list watch]
daemonsets.apps [] [] [get list watch]
deployments.apps [] [] [get list watch]
replicasets.apps [] [] [get list watch]
statefulsets.apps [] [] [get list watch]
clusterrolebindings.rbac.authorization.k8s.io [] [] [get list]
clusterroles.rbac.authorization.k8s.io [] [] [get list]
namespaces [] [] [get]
$
kubectl describe role
aws-batch-compute-environment-role
-nmy-aws-batch-namespace
下面是示例输出。
Name: aws-batch-compute-environment-role
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
pods [] [] [create get list watch delete patch]
serviceaccounts [] [] [get list]
rolebindings.rbac.authorization.k8s.io [] [] [get list]
roles.rbac.authorization.k8s.io [] [] [get list]
要解决此问题,请重新应用RBAC权限和rolebinding
命令。有关更多信息,请参阅 为 AWS Batch 准备您的 Amazon EKS 集群。