本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# RBAC 許可或繫結未正確設定
如果您遇到任何 RBAC 許可或繫結問題,請確認`aws-batch`Kubernetes角色可以存取Kubernetes命名空間:
```
$ kubectl get namespace namespace --as=aws-batch
```
```
$ kubectl auth can-i get ns --as=aws-batch
```
您也可以使用 **kubectl describe**命令來檢視叢集角色或Kubernetes命名空間的授權。
```
$ kubectl describe clusterrole aws-batch-cluster-role
```
下列為範例輸出。
```
Name: aws-batch-cluster-role
Labels:
Annotations:
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
configmaps [] [] [get list watch]
nodes [] [] [get list watch]
pods [] [] [get list watch]
daemonsets.apps [] [] [get list watch]
deployments.apps [] [] [get list watch]
replicasets.apps [] [] [get list watch]
statefulsets.apps [] [] [get list watch]
clusterrolebindings.rbac.authorization.k8s.io [] [] [get list]
clusterroles.rbac.authorization.k8s.io [] [] [get list]
namespaces [] [] [get]
events [] [] [list]
```
```
$ kubectl describe role aws-batch-compute-environment-role -n my-aws-batch-namespace
```
下列為範例輸出。
```
Name: aws-batch-compute-environment-role
Labels:
Annotations:
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
pods [] [] [create get list watch delete patch]
serviceaccounts [] [] [get list]
rolebindings.rbac.authorization.k8s.io [] [] [get list]
roles.rbac.authorization.k8s.io [] [] [get list]
```
若要解決此問題,請重新套用 RBAC 許可和`rolebinding`命令。如需詳細資訊,請參閱[步驟 2:準備您的 Amazon EKS 叢集 AWS Batch](getting-started-eks.md#getting-started-eks-step-1)。