Google-Cloud-Platform
Velero 安裝從 GCP 中的 VM 主機失敗
我正在嘗試使用 以下步驟安裝
velero在GKE Cluster``GCP Compute Engine Hosthttps://github.com/vmware-tanzu/velero-plugin-for-gcp
我正在使用以下命令
velero從VM主機安裝velero install --provider gcp --plugins velero/velero-plugin-for-gcp:v1.1.0 --bucket ${VELEROBUCKET} --secret-file ./credentials-velero但它失敗並出現以下錯誤
Error installing Velero. Use `kubectl logs deploy/velero -n velero` to check the deploy logs: Error creating resource ClusterRoleBinding/velero: clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "116865650821658545991" cannot create resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope: requires one of ["container.clusterRoleBindings.create"] permission(s)為了解決這個錯誤,我正在嘗試這個
kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user velero但這也因以下錯誤而失敗
error: failed to create clusterrolebinding: clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "116865650821658545991" cannot create resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope: requires one of ["container.clusterRoleBindings.create"] permission(s).上述場景的兩個查詢
clusterrolebinding創建資源來解決我在安裝時看到的錯誤是否正確velero?- 如何辨識第二個錯誤中看到的“116865650821658545991”的相應使用者以及需要分配什麼角色來創建
clusterrolebinding資源?
現在解決了。
我確定了使用的服務
VM帳戶$ gcloud config list [core] account = 235897301806-compute@developer.gserviceaccount.com之後,我們將角色“Kubernetes Engine Admin”分配給上面
Service account並velero使用以下命令成功安裝VELERO_BUCKET=gkevelerobackup velero install --provider gcp --plugins velero/velero-plugin-for-gcp:v1.1.0 --bucket ${VELEROBUCKET} --secret-file ./credentials-velero