RBAC权限或绑定配置不正确 - AWS Batch

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

RBAC权限或绑定配置不正确

如果您遇到任何RBAC权限或绑定问题,请确认 aws-batch Kubernetes 角色可以访问 Kubernetes 命名空间:

$ kubectl get namespace namespace --as=aws-batch
$ kubectl auth can-i get ns --as=aws-batch

您也可以使用kubectl describe命令查看群集角色的授权或 Kubernetes 命名空间。

$ kubectl describe clusterrole aws-batch-cluster-role

下面是示例输出。

Name: aws-batch-cluster-role Labels: <none> Annotations: <none> PolicyRule: Resources Non-Resource URLs Resource Names Verbs --------- ----------------- -------------- ----- configmaps [] [] [get list watch] nodes [] [] [get list watch] pods [] [] [get list watch] daemonsets.apps [] [] [get list watch] deployments.apps [] [] [get list watch] replicasets.apps [] [] [get list watch] statefulsets.apps [] [] [get list watch] clusterrolebindings.rbac.authorization.k8s.io [] [] [get list] clusterroles.rbac.authorization.k8s.io [] [] [get list] namespaces [] [] [get]
$ kubectl describe role aws-batch-compute-environment-role -n my-aws-batch-namespace

下面是示例输出。

Name: aws-batch-compute-environment-role Labels: <none> Annotations: <none> PolicyRule: Resources Non-Resource URLs Resource Names Verbs --------- ----------------- -------------- ----- pods [] [] [create get list watch delete patch] serviceaccounts [] [] [get list] rolebindings.rbac.authorization.k8s.io [] [] [get list] roles.rbac.authorization.k8s.io [] [] [get list]

要解决此问题,请重新应用RBAC权限和rolebinding命令。有关更多信息,请参阅 为 AWS Batch 准备您的 Amazon EKS 集群