更新 Kubernetes Ingress Controller 时无法更新资源

编程问答 2022-05-26

问题描述

我有一个 Kubernetes 集群 (v1.14.10),其中包含 kubernetes 入口控制器 (quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.20.0)。尝试将 IC 更新到 0.30.0 时,我在 Nginx pod 上收到以下日志消息:

error updating ingress rule: ingresses.networking.k8s.io "test" is forbidden: User "system:serviceaccount:ingress:Nginx" cannot update resource "ingresses/status" in API group "networking.k8s.io" in the namespace "test"

Nginx的clusterrolebinding和role包含如下权限:

#kubectl describe clusterrolebinding Nginx-role
Name:         Nginx-role
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  Nginx-role
Subjects:
  Kind            Name   Namespace
  ----            ----   ---------
  ServiceAccount  Nginx  ingress

#kubectl describe clusterrole Nginx-role
Name:         Nginx-role
Labels:       <none>
Annotations:  <none>
PolicyRule:
  Resources                           Non-Resource URLs  Resource Names  Verbs
  ---------                           -----------------  --------------  -----
  events                              []                 []              [create patch]
  services                            []                 []              [get list update watch]
  ingresses.extensions                []                 []              [get list watch update]
  ingresses.networking.k8s.io         []                 []              [get list watch]
  namespaces                          []                 []              [get update]
  configmaps                          []                 []              [list watch get create update]
  nodes                               []                 []              [list watch get]
  endpoints                           []                 []              [list watch]
  pods                                []                 []              [list watch]
  secrets                             []                 []              [list watch]
  ingresses.extensions/status         []                 []              [update]
  ingresses.networking.k8s.io/status  []                 []              [update]

ingress 配置包含以下 apiVersion,不知道是不是因为新的networking.k8s.io/v1beta1 包([4127]https://github.com/kubernetes/ingress-nginx/pull/4127)

apiVersion: extensions/v1beta1 种类:入口

你能告诉我这是 kubernetes 入口配置还是集群角色问题? 谢谢。

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

kuberneteskubernetes-ingressnginx-ingress