You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What version of Kubernetes are you using?
[root@devops-jenkins-slave01 chaos-mesh]# kubectl version --short
Client Version: v1.14.10
Server Version: v1.18.8-aliyun.1
Apply the secert of this rbac, but the console error does not have permissions
The following error message is displayed
error.api.no_cluster_privilege: jvmchaos.chaos-mesh.org is forbidden: User "system:serviceaccount:super-app:account-super-app-manager-mhktq" cannot list resource "jvmchaos" in API group "chaos-mesh.org" at the cluster scope
error.api.no_cluster_privilege: schedules.chaos-mesh.org is forbidden: User "system:serviceaccount:super-app:account-super-app-manager-mhktq" cannot list resource "schedules" in API group "chaos-mesh.org" at the cluster scopeerror.api.no_cluster_privilege: workflows.chaos-mesh.org is forbidden: User "system:serviceaccount:super-app:account-super-app-manager-mhktq" cannot list resource "workflows" in API group "chaos-mesh.org" at the cluster scope
error.api.no_cluster_privilege: can't list resource in the cluster
The purpose is to control permissions through RBAC and only allow work under a specific namespace. But what to do when you encounter this problem
The text was updated successfully, but these errors were encountered:
Bug Report
What version of Kubernetes are you using?
[root@devops-jenkins-slave01 chaos-mesh]# kubectl version --short
Client Version: v1.14.10
Server Version: v1.18.8-aliyun.1
What version of Chaos Mesh are you using?
https://charts.chaos-mesh.org/chaos-mesh-2.6.2.tgz
What did you do? / Minimal Reproducible Example
helm3 install chaos-mesh chaos-mesh/ -n chaos-mesh --set images.registry=amway-devops-registry-vpc.cn-shenzhen.cr.aliyuncs.com
--set imagePullSecrets[0].name=docker-secret
--set controllerManager.image.repository=devops/chaos-mesh
--set chaosDaemon.image.repository=devops/chaos-daemon
--set dashboard.image.repository=devops/chaos-dashboard
--set dnsServer.image=amway-devops-registry-vpc.cn-shenzhen.cr.aliyuncs.com/devops/chaos-coredns:v0.2.6
--set dashboard.env.TTL_EVENT=240h
--set dashboard.env.TTL_EXPERIMENT=720h
--set dashboard.env.DATABASE_DRIVER=mysql
--set dashboard.env.DATABASE_DATASOURCE='chaos_admin:QWRtaW5AMTIz@tcp(rm-wz94jcure76r1438j.mysql.rds.aliyuncs.com:3306)/chao-mesh?parseTime=true'
--set chaosDaemon.env.DOCKER_API_VERSION=1.39
--set chaosDaemon.resources.limits.cpu=500m
--set chaosDaemon.resources.limits.memory=1024Mi
--set dashboard.resources.limits.cpu=500m
--set dashboard.resources.limits.memory=1024Mi
--set controllerManager.resources.limits.cpu=500m
--set controllerManager.resources.limits.memory=1024Mi
--set controllerManager.enableFilterNamespace=true
RBAC Profiles
kind: ServiceAccount
apiVersion: v1
metadata:
namespace: super-app
name: account-super-app-manager-mhktq
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: super-app
name: role-super-app-manager-mhktq
rules:
resources: ["pods", "namespaces"]
verbs: ["get", "watch", "list"]
resources: [ "*" ]
verbs: ["get", "list", "watch", "create", "delete", "patch", "update"]
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: bind-super-app-manager-mhktq
namespace: super-app
subjects:
name: account-super-app-manager-mhktq
namespace: super-app
roleRef:
kind: Role
name: role-super-app-manager-mhktq
apiGroup: rbac.authorization.k8s.io
Apply the secert of this rbac, but the console error does not have permissions
The following error message is displayed
error.api.no_cluster_privilege: jvmchaos.chaos-mesh.org is forbidden: User "system:serviceaccount:super-app:account-super-app-manager-mhktq" cannot list resource "jvmchaos" in API group "chaos-mesh.org" at the cluster scope
error.api.no_cluster_privilege: schedules.chaos-mesh.org is forbidden: User "system:serviceaccount:super-app:account-super-app-manager-mhktq" cannot list resource "schedules" in API group "chaos-mesh.org" at the cluster scopeerror.api.no_cluster_privilege: workflows.chaos-mesh.org is forbidden: User "system:serviceaccount:super-app:account-super-app-manager-mhktq" cannot list resource "workflows" in API group "chaos-mesh.org" at the cluster scope
error.api.no_cluster_privilege: can't list resource in the cluster
The purpose is to control permissions through RBAC and only allow work under a specific namespace. But what to do when you encounter this problem
The text was updated successfully, but these errors were encountered: