报错!clusterrolebindings.rbac.authorization.k8s.io “cluster-admin-binding“ already exists解决办法

最新推荐文章于 2025-06-07 16:00:15 发布
原创 最新推荐文章于 2025-06-07 16:00:15 发布 · 8.1k 阅读 · 6 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#kubernetes #运维 #分布式 #centos

在二进制方式部署K8s集群时遇到证书创建问题,已存在的`cluster-admin-binding`文件导致权限更新失败。通过删除现有`clusterrolebinding`,然后重新创建`kubelet-bootstrap`的`clusterrolebinding`,可以成功解决这个问题。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

项目场景:

在使用二进制部署k8s群集时,遇到了签名证书无法创建的问题

问题描述:

在创建bootstrap角色赋予权限用于连接apiserver请求签名时,出现以下报错信息:

[root@master kubeconfig]# kubectl create clusterrolebinding kubelet-bootstrap --clusterrole=system:node-bootstrapper --user=kubelet-bootstrap
Error from server (AlreadyExists): clusterrolebindings.rbac.
最低0.47元/天 解锁文章

新学期VIP享超值加赠
k8s: error: failed to create clusterrolebinding connection refused
mzhan017的博客
05-21 940
从错误上看是要连123.456.87.99:6443,这个IP端口的tcp。就是我方发SYN,对方回RST。我方client,期望对方是server(是否已经监听在这个服务端口)。需要ss看端口是否打开。如果开了端口,还是有问题,就要使用tcpdump抓包看看,是否是网络上的防火墙导致问题。这种问题的一般原因就是端口没有开放,内核主动发RST。
错误集——k8s 创建bootstrap角色赋予权限用于连接apiserver请求签名报错
愿你成为自己喜欢的模样,不抱怨,不将就,有自由,有光芒!
04-14 954
错误集——k8s 创建bootstrap角色赋予权限用于连接apiserver请求签名报错 错误代码:Error from server (AlreadyExists): clusterrolebindings.rbac.authorization.k8s.io “kubelet-tstrap” already exists [root@hellolic ~/k8s/kubeconfig] # kubectl create clusterrolebinding kubelet-bootstrap --cte
Clusterrolebindings 创建错误
热门推荐
知行合一 止于至善
07-29 1万+
这篇文章memo一下kubernetesclusterrolebinding创建错误的问题确认过程。kubernetes从1.8之后将RBAC作为了缺省的认证方式,自然clusterrole和clusterrolebinding相关的操作也会越来越多,这篇文章以一个常见的粗心的错误来介绍一下对应的方法。
k8s RBAC 多租户权限控制实现
zhd930818的博客
04-21 8012
更多kubernetes文章:k8s专栏目录访问到权限分两部分1.Authenticating认证授权配置由kube-apiserver管理这里使用的是 Static Password File 方式。apiserver启动yaml里配置basic-auth-file即可,容器启动apiserver的话要注意这个文件需要是在容器内能访问到的。(可以通过挂载文件,或者在已经挂载的路径里增加配置文件)...
ClusterRole 和 ClusterRoleBinding 的关系及使用
最新发布
u011091936的博客
06-07 768
ClusterRole 和 ClusterRoleBindingKubernetes 中用于控制集群范围权限的两个重要资源,它们共同构成了 Kubernetes RBAC (基于角色的访问控制) 系统的核心部分。
Kubernetes权限管理与控制-RBAC
gulang0309的专栏
03-05 1647
Kubernetes权限管理模式之RBAC模式
K8S单节点部署报错Error from server (AlreadyExists): clusterrolebindings.rbac.authorization.k8s.io “kubelet
weixin_39608791的博客
09-30 6097
Error from server (AlreadyExists): clusterrolebindings.rbac.authorization.k8s.io "kubelet-bootstrap" already exists
【错误解决】kubectl权限不够,报错:User “kubernetes“ cannot create resource “clusterrolebindings“ in API group “rb
weixin_42072280的博客
03-11 9635
错误: kubectl --server=https://192.168.56.169:6443 create clusterrolebinding kubernetes --clusterrole=cluster-admin --user=kubernetes 报错信息: error: failed to create clusterrolebinding: clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "kubern
k8s RBAC权限控制
2401_86274572的博客
08-04 1243
使用k8s RBAC权限控制
error parsing calico.yaml: error converting YAML to JSON: yaml: line 206: mapping values are not allowed in this context Error from server (Forbidden): error when retrieving current configuration of: Resource: "policy/v1, Resource=poddisruptionbudgets", GroupVersionKind: "policy/v1, Kind=PodDisruptionBudget" Name: "calico-kube-controllers", Namespace: "kube-system" from server for: "calico.yaml": poddisruptionbudgets.policy "calico-kube-controllers" is forbidden: User "system:node:master" cannot get resource "poddisruptionbudgets" in API group "policy" in the namespace "kube-system" Error from server (Forbidden): error when retrieving current configuration of: Resource: "/v1, Resource=serviceaccounts", GroupVersionKind: "/v1, Kind=ServiceAccount" Name: "calico-kube-controllers", Namespace: "kube-system" from server for: "calico.yaml": serviceaccounts "calico-kube-controllers" is forbidden: User "system:node:master" cannot get resource "serviceaccounts" in API group "" in the namespace "kube-system": can only create tokens for individual service accounts Error from server (Forbidden): error when retrieving current configuration of: Resource: "/v1, Resource=serviceaccounts", GroupVersionKind: "/v1, Kind=ServiceAccount" Name: "calico-node", Namespace: "kube-system" from server for: "calico.yaml": serviceaccounts "calico-node" is forbidden: User "system:node:master" cannot get resource "serviceaccounts" in API group "" in the namespace "kube-system": can only create tokens for individual service accounts Error from server (Forbidden): error when retrieving current configuration of: Resource: "/v1, Resource=configmaps", GroupVersionKind: "/v1, Kind=ConfigMap" Name: "calico-config", Namespace: "kube-system" from server for: "calico.yaml": configmaps "calico-config" is forbidden: User "system:node:master" cannot get resource "configmaps" in API group "" in the namespace "kube-system": no relationship found between node 'master' and this object Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "bgpconfigurations.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "bgpconfigurations.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "bgppeers.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "bgppeers.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "blockaffinities.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "blockaffinities.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "caliconodestatuses.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "caliconodestatuses.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "clusterinformations.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "clusterinformations.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "felixconfigurations.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "felixconfigurations.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "globalnetworkpolicies.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "globalnetworkpolicies.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "globalnetworksets.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "globalnetworksets.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "hostendpoints.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "hostendpoints.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "ipamblocks.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "ipamblocks.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "ipamconfigs.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "ipamconfigs.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "ipamhandles.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "ipamhandles.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "ippools.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "ippools.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "ipreservations.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "ipreservations.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "kubecontrollersconfigurations.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "kubecontrollersconfigurations.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "networkpolicies.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "networkpolicies.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition" Name: "networksets.crd.projectcalico.org", Namespace: "" from server for: "calico.yaml": customresourcedefinitions.apiextensions.k8s.io "networksets.crd.projectcalico.org" is forbidden: User "system:node:master" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "rbac.authorization.k8s.io/v1, Resource=clusterroles", GroupVersionKind: "rbac.authorization.k8s.io/v1, Kind=ClusterRole" Name: "calico-kube-controllers", Namespace: "" from server for: "calico.yaml": clusterroles.rbac.authorization.k8s.io "calico-kube-controllers" is forbidden: User "system:node:master" cannot get resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "rbac.authorization.k8s.io/v1, Resource=clusterroles", GroupVersionKind: "rbac.authorization.k8s.io/v1, Kind=ClusterRole" Name: "calico-node", Namespace: "" from server for: "calico.yaml": clusterroles.rbac.authorization.k8s.io "calico-node" is forbidden: User "system:node:master" cannot get resource "clusterroles" in API group "rbac.authorization.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "rbac.authorization.k8s.io/v1, Resource=clusterrolebindings", GroupVersionKind: "rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding" Name: "calico-kube-controllers", Namespace: "" from server for: "calico.yaml": clusterrolebindings.rbac.authorization.k8s.io "calico-kube-controllers" is forbidden: User "system:node:master" cannot get resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope Error from server (Forbidden): error when retrieving current configuration of: Resource: "rbac.authorization.k8s.io/v1, Resource=clusterrolebindings", GroupVersionKind: "rbac.authorization.k8s.io/v1, Kind=ClusterRoleBinding" Name: "calico-node", Namespace: "" from server for: "calico.yaml": clusterrolebindings.rbac.authorization.k8s.io "calico-node" is forbidden: User "system:node:master" cannot get resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope
05-12
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: calico-node rules: - apiGroups: ["networking.k8s.io"] resources: ["networkpolicies"] verbs: ["get", "list", ...
kubekey部署k8s1.22.10与kube-vip实现高可用
weixin_50763319的博客
07-31 601
vip。
k8s部署juicefs
weixin_50763319的博客
01-02 1010
本文k8s较老采用老版本的juicefs,中间件也都是部署在k8s上。测试是否能成功创建动态pvc挂在到测试pod当中并查看到数据信息。一些偏理论知识就不多说了,直接开始操作参考以上两篇文章将中间件依赖环境先搭建起来。
k8s给default serviceaccount绑定cluster-admin操作命令
学亮编程手记
03-09 1257
zxl-test: namespace default: 默认的sa名称 system:serviceaccount: 是固定写法 kubectl create clusterrolebinding zxl-test-cluster-admin-binding --clusterrole=cluster-admin --user=system:serviceaccount:zxl-test:default kubectl create clusterrolebinding zxl-test-clust
K8SK8S部署常见错误及解决方法
云计算之路
05-11 6157
本文主要讲解K8S在二进制部署和kubeadm部署时常见的错误以及排查思路
kubectl exec 遇到Error from server forbidden问题
weixin_34331102的博客
04-13 1753
问题: [root@k8s-master yaml_all]# kubectl get po NAME READY STATUS RESTARTS AGE nginx-648b5cc477-7b5pt 1/1 Running 0 3h41m nginx-648b5cc477-mplmg 1/1 Ru...
K8s集群RBAC认证授权详解
RSQ博客
06-19 3311
RBAC(Role-Based Access Control) 基于角色的访问控制,顾名思义就是通过给角色赋予相应的权限,从而使得该角色具有访问相关资源的权限,而在K8s中这些资源分属于两个级别,名称空间(`role/rolebinding`)和集群级别(`clusterrole/clusterrolebinding`)这两个都是标准的K8s资源,可以直接定义。
K8s 创建bootstrap角色赋予权限用于连接apiserver请求签名报错
HB199753的博客
12-15 1331
错误集——k8s 创建bootstrap角色赋予权限用于连接apiserver请求签名报错 错误代码:Error from server (AlreadyExists): clusterrolebindings.rbac.authorization.k8s.io “kubelet-tstrap” already exists [root@hellolic ~/k8s/kubeconfig] # kubectl create clusterrolebinding kubelet-bootstrap --
解决k8s拉取flannel失败的方法
llzhh的博客
06-22 8424
我们可以wget或者直接网页打开该地址,获取该yaml文件内容,保存到本地,文件名仍然为。中报错信息有denied等字样,可能是阿里云仓库中设为私有仓库,设为公有仓库即可。作为一个完全不懂k8s和docker的新手,我琢磨出以下曲线解决方案。这里使用的阿里云个人镜像仓库,网上有很多教程如何注册,不再赘述。时失败了,默认拉取的镜像仓库在国外,被墙了。这一步网上资料很多,不再赘述,只要保证执行。,再将步骤3.2下载的镜像上传到仓库中。可得到需要的镜像的地址,此时就可以用。对比步骤3.2,更改后的。
k8s之Flannel网络插件安装提示forbidden无权限
一掬净土
10-24 2500
一、在安装k8s的网络插件时,提示如下信息各种forbidden无权限。
serviceaccount/weave-net created clusterrole.rbac.authorization.k8s.io/weave-net created clusterrolebinding.rbac.authorization.k8s.io/weave-net created role.rbac.authorization.k8s.io/weave-net created rolebinding.rbac.authorization.k8s.io/weave-net created daemonset.apps/weave-net created
07-11
这些命令是在 Kubernetes 中创建 Weave Net 网络插件所需的资源。以下是每个资源的解释: 1. serviceaccount/weave-net: 创建一个名为 "weave-net" 的 ServiceAccount,用于授权 Weave Net 访问 Kubernetes API。 2. clusterrole.rbac.authorization.k8s.io/weave-net: 创建一个名为 "weave-net" 的 ClusterRole,定义了 Weave Net 所需的权限。 3. clusterrolebinding.rbac.authorization.k8s.io/weave-net: 创建一个名为 "weave-net" 的 ClusterRoleBinding,将 ClusterRole "weave-net" 绑定到默认的 serviceaccount/weave-net。 4. role.rbac.authorization.k8s.io/weave-net: 创建一个名为 "weave-net" 的 Role,定义了 Weave Net 在命名空间中所需的权限。 5. rolebinding.rbac.authorization.k8s.io/weave-net: 创建一个名为 "weave-net" 的 RoleBinding,将 Role "weave-net" 绑定到 ServiceAccount "weave-net"。 6. daemonset.apps/weave-net: 创建一个名为 "weave-net" 的 DaemonSet,它确保在每个节点上运行一个 Pod,该 Pod 包含 Weave Net 容器和所需的网络配置。 这些资源的创建是为了在 Kubernetes 集群中部署和配置 Weave Net 网络插件,以提供集群内部的网络通信和跨节点的 Pod 互联。通过这些资源的创建,Weave Net 将在每个节点上自动部署并配置网络功能。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值