本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# RBAC 权限或绑定配置不正确
如果遇到任何 RBAC 权限或绑定问题,请验证`aws-batch`Kubernetes角色是否可以访问Kubernetes命名空间:
```
$ kubectl get namespace namespace --as=aws-batch
```
```
$ kubectl auth can-i get ns --as=aws-batch
```
还可以使用**kubectl describe**命令查看集群角色或Kubernetes命名空间的授权。
```
$ kubectl describe clusterrole aws-batch-cluster-role
```
下面是示例输出。
```
Name: aws-batch-cluster-role
Labels:
Annotations:
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
configmaps [] [] [get list watch]
nodes [] [] [get list watch]
pods [] [] [get list watch]
daemonsets.apps [] [] [get list watch]
deployments.apps [] [] [get list watch]
replicasets.apps [] [] [get list watch]
statefulsets.apps [] [] [get list watch]
clusterrolebindings.rbac.authorization.k8s.io [] [] [get list]
clusterroles.rbac.authorization.k8s.io [] [] [get list]
namespaces [] [] [get]
events [] [] [list]
```
```
$ kubectl describe role aws-batch-compute-environment-role -n my-aws-batch-namespace
```
下面是示例输出。
```
Name: aws-batch-compute-environment-role
Labels:
Annotations:
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
pods [] [] [create get list watch delete patch]
serviceaccounts [] [] [get list]
rolebindings.rbac.authorization.k8s.io [] [] [get list]
roles.rbac.authorization.k8s.io [] [] [get list]
```
要解决此问题,请重新应用 RBAC 权限和`rolebinding`命令。有关更多信息,请参阅 [第 2 步:为您的 Amazon EKS 集群做好准备 AWS Batch](getting-started-eks.md#getting-started-eks-step-1)。