使用kubesphere 3.0构建镜像服务,构建一直不成功,报错如下:
E1209 06:08:51.259796 1 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:126: Failed to list *v1alpha1.S2iRun: s2iruns.devops.kubesphere.io is forbidden: User "system:serviceaccount:s01029:s2irun" cannot list resource "s2iruns" in API group "devops.kubesphere.io" at the cluster scope
E1209 06:08:51.260686 1 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:126: Failed to list *v1alpha1.S2iBuilder: s2ibuilders.devops.kubesphere.io is forbidden: User "system:serviceaccount:s01029:s2irun" cannot list resource "s2ibuilders" in API group "devops.kubesphere.io" at the cluster scope
E1209 06:08:51.261747 1 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:126: Failed to list *v1.ConfigMap: configmaps is forbidden: User "system:serviceaccount:s01029:s2irun" cannot list resource "configmaps" in API group "" at the cluster scope
E1209 06:08:51.264307 1 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:126: Failed to list *v1.Namespace: namespaces is forbidden: User "system:serviceaccount:s01029:s2irun" cannot list resource "namespaces" in API group "" at the cluster scope
E1209 06:08:51.265380 1 reflector.go:134] sigs.k8s.io/controller-runtime/pkg/cache/internal/informers_map.go:126: Failed to list *v1.Job: jobs.batch is forbidden: User "system:serviceaccount:s01029:s2irun" cannot list resource "jobs" in API group "batch" at the cluster scope
根据报错信息感觉是权限问题,查了serviceacount s2irun 绑定的一个role叫做s2i-regular-role只有对pod的操作权限。但是其他集群也是相同的配置,其他集群的镜像构建是好用的,只有这一个集群一直报failed to list xxxx的错误
