Skip to content

istio.md

Jump to bottom Edit New page
gobomb edited this page Aug 9, 2019 · 3 revisions

SecurityContext.RunAsUser is forbidden

kubectl describe rs details-v1-5544dc4896 -n bookinfo

报错:

Warning FailedCreate 12m replicaset-controller Error creating: pods "details-v1-5544dc4896-mmjps" is forbidden: SecurityContext.RunAsUser is forbidden

kube-apiserver 的配置 --admission-control=NamespaceLifecycle,LimitRanger,SecurityContextDeny,ResourceQuota,ServiceAccount 去掉 SecurityContextDeny 并重启 kube-apiserver

https://github.com/istio/istio/issues/324

安装 istio 需修改 kube-apiserver 参数

kube-apiserver 的参数 --admission-control 添加 ValidatingAdmissionWebhook,MutatingAdmissionWebhook;--runtime-config添加admissionregistration.k8s.io/v1alpha1

vim /etc/kubernetes/manifests/kube-apiserver.yaml修改参数

然后systemctl restart kubelet

test hello

To Be Done

配置文档(Configure Document)

笔记(Notes)

Other

Clone this wiki locally