kubectl获得秘密:来自服务器的错误(禁止)

Question

我已经在本地安装了向上绑定的CLI，从那时起，当我尝试使用receiving Error from server (Forbidden)执行不同的命令时，我(我想)是kubectl错误消息。

kubectl get secrets

Error from server (Forbidden): secrets is forbidden: User "upbound-cloud-impersonator" cannot list resource "secrets" in API group "" in the namespace "default"

kubectl get all

Error from server (Forbidden): replicationcontrollers is forbidden: User "upbound-cloud-impersonator" cannot list resource "replicationcontrollers" in API group "" in the namespace "default"
Error from server (Forbidden): services is forbidden: User "upbound-cloud-impersonator" cannot list resource "services" in API group "" in the namespace "default"
Error from server (Forbidden): daemonsets.apps is forbidden: User "upbound-cloud-impersonator" cannot list resource "daemonsets" in API group "apps" in the namespace "default"
Error from server (Forbidden): deployments.apps is forbidden: User "upbound-cloud-impersonator" cannot list resource "deployments" in API group "apps" in the namespace "default"
Error from server (Forbidden): replicasets.apps is forbidden: User "upbound-cloud-impersonator" cannot list resource "replicasets" in API group "apps" in the namespace "default"
Error from server (Forbidden): statefulsets.apps is forbidden: User "upbound-cloud-impersonator" cannot list resource "statefulsets" in API group "apps" in the namespace "default"
Error from server (Forbidden): horizontalpodautoscalers.autoscaling is forbidden: User "upbound-cloud-impersonator" cannot list resource "horizontalpodautoscalers" in API group "autoscaling" in the namespace "default"
Error from server (Forbidden): cronjobs.batch is forbidden: User "upbound-cloud-impersonator" cannot list resource "cronjobs" in API group "batch" in the namespace "default"
Error from server (Forbidden): jobs.batch is forbidden: User "upbound-cloud-impersonator" cannot list resource "jobs" in API group "batch" in the namespace "default"

用户似乎已经被更改为“向上绑定云模拟器”，但我不知道为什么以及如何将其切换到以前的状态。

如果有帮助的话，以下是名称空间：

crossplane-system   Active   2d21h
default             Active   2d21h
kube-node-lease     Active   2d21h
kube-public         Active   2d21h
kube-system         Active   2d21h
upbound-system      Active   2d21h
velero              Active   2d21h

和kubectl config view -o jsonpath='{.users[*].name}'用户列表

minikube upbound-3f93ea79-ba0e-4fdc-ae69-f2c562279579

Answer 1

• 用户upbound-cloud-impersonator没有足够的RBAC权限来获取秘密。另一种解决方案是设置足够的RBAC权限。

您可以使用以下命令验证这一点：

kubectl auth can-i get secret --as upbound-cloud-impersonator

或者只运行(因为您的上下文已经更改)：

kubectl auth can-i get secret

• 您当前的上下文将切换到其他内容。新的上下文使用upbound-cloud-impersonator。您可以运行以下命令来列出当前上下文 kubectl配置当前-上下文

切换到另一个上下文，您可以首先运行以下命令来列出上下文列表。请注意表示当前上下文的*符号。请注意，这里使用的上下文名称是示例，对于您的集群可能有所不同。

kubectl config get-contexts
CURRENT   NAME                                 CLUSTER   AUTHINFO                     NAMESPACE
          default                              default   default
*         upbound-cloud-impersonator@default   default   upbound-cloud-impersonator

若要切换到另一个上下文，将将当前上下文更改为提供的上下文。使用适当的上下文进行切换。

 kubectl config use-context default

注意*标志：

kubectl config get-contexts
CURRENT   NAME                                 CLUSTER   AUTHINFO                     NAMESPACE
*         default                              default   default
          upbound-cloud-impersonator@default   default   upbound-cloud-impersonator

验证授权：

kubectl auth can-i get secret
yes