运行terraform应用程序允许Kubernetes提供商在Azure Cloud中部署k8s资源
运行terraform应用程序允许Kubernetes提供商在Azure Cloud中部署k8s资源
提问于 2020-12-16 23:02:30
我正在部署一个带有terraform的AKS k8s集群。
集群启用了rbac,并启用了azure活动目录。
集群的创建进行得很好,在这个terraform试图对集群执行一些操作之后,比如创建k8s-roles storage classes.,如果出现Unauthorized错误消息,就会失败,如下所示:
module.k8s_cluster.module.infra.kubernetes_storage_class.managed-premium-retain: Creating...
module.k8s_cluster.module.infra.kubernetes_cluster_role.containerlogs: Creating...
module.k8s_cluster.module.infra.kubernetes_namespace.add_pod_identity: Creating...
module.k8s_cluster.module.infra.kubernetes_storage_class.managed-standard-retain: Creating...
module.k8s_cluster.module.infra.kubernetes_storage_class.managed-premium-delete: Creating...
module.k8s_cluster.module.appgw.kubernetes_namespace.agic[0]: Creating...
module.k8s_cluster.module.infra.kubernetes_storage_class.managed-standard-delete: Creating...
Error: Unauthorized
on .terraform/modules/k8s_cluster/modules/infra/k8s-roles.tf line 1, in resource "kubernetes_cluster_role" "containerlogs":
1: resource "kubernetes_cluster_role" "containerlogs" {
Error: Unauthorized
on .terraform/modules/k8s_cluster/modules/infra/k8s-storages-classes.tf line 1, in resource "kubernetes_storage_class" "managed-standard-retain":
1: resource "kubernetes_storage_class" "managed-standard-retain" {
Error: Unauthorized
on .terraform/modules/k8s_cluster/modules/infra/k8s-storages-classes.tf line 14, in resource "kubernetes_storage_class" "managed-standard-delete":
14: resource "kubernetes_storage_class" "managed-standard-delete" {
Error: Unauthorized
on .terraform/modules/k8s_cluster/modules/infra/k8s-storages-classes.tf line 27, in resource "kubernetes_storage_class" "managed-premium-retain":
27: resource "kubernetes_storage_class" "managed-premium-retain" {
Error: Unauthorized
on .terraform/modules/k8s_cluster/modules/infra/k8s-storages-classes.tf line 40, in resource "kubernetes_storage_class" "managed-premium-delete":
40: resource "kubernetes_storage_class" "managed-premium-delete" {
Error: Unauthorized
on .terraform/modules/k8s_cluster/modules/infra/r-aad-pod-identity.tf line 5, in resource "kubernetes_namespace" "add_pod_identity":
5: resource "kubernetes_namespace" "add_pod_identity" {
Error: Unauthorized
on .terraform/modules/k8s_cluster/modules/tools/agic/helm-agic.tf line 1, in resource "kubernetes_namespace" "agic":
1: resource "kubernetes_namespace" "agic" {如您所见,这些不是azure错误,而是kubernetes
似乎我没有在新创建的集群上执行上述资源创建任务的权限。为了授予这些terraform任务的用户帐户权限,应该做什么和在哪里?
回答 1
Stack Overflow用户
发布于 2022-01-12 14:35:41
一个解决方案可以是将kubernetes提供程序配置更改为
provider "kubernetes" {
load_config_file = "false"
host = azurerm_kubernetes_cluster.main.kube_config.0.host
username = azurerm_kubernetes_cluster.main.kube_config.0.username
password = azurerm_kubernetes_cluster.main.kube_config.0.password
client_certificate = "${base64decode(azurerm_kubernetes_cluster.main.kube_config.0.client_certificate)}"
client_key = "${base64decode(azurerm_kubernetes_cluster.main.kube_config.0.client_key)}"
cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.main.kube_config.0.cluster_ca_certificate)}"
}至
provider "kubernetes" {
load_config_file = "false"
host = azurerm_kubernetes_cluster.main.kube_admin_config.0.host
username = azurerm_kubernetes_cluster.main.kube_admin_config.0.username
password = azurerm_kubernetes_cluster.main.kube_admin_config.0.password
client_certificate = "${base64decode(azurerm_kubernetes_cluster.main.kube_admin_config.0.client_certificate)}"
client_key = "${base64decode(azurerm_kubernetes_cluster.main.kube_admin_config.0.client_key)}"
cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.main.kube_admin_config.0.cluster_ca_certificate)}"
}请注意,如果禁用集群上的local account使用,则此解决方案不起作用。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/65332389
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号