本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
RBAC 权限或绑定配置不正确
如果遇到任何 RBAC 权限或绑定问题,请验证aws-batchKubernetes角色是否可以访问Kubernetes命名空间:
$kubectl get namespacenamespace--as=aws-batch
$kubectl auth can-i get ns --as=aws-batch
还可以使用kubectl describe命令查看集群角色或Kubernetes命名空间的授权。
$kubectl describe clusterroleaws-batch-cluster-role
下面是示例输出。
Name: aws-batch-cluster-role
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
configmaps [] [] [get list watch]
nodes [] [] [get list watch]
pods [] [] [get list watch]
daemonsets.apps [] [] [get list watch]
deployments.apps [] [] [get list watch]
replicasets.apps [] [] [get list watch]
statefulsets.apps [] [] [get list watch]
clusterrolebindings.rbac.authorization.k8s.io [] [] [get list]
clusterroles.rbac.authorization.k8s.io [] [] [get list]
namespaces [] [] [get]
events [] [] [list]$kubectl describe roleaws-batch-compute-environment-role-nmy-aws-batch-namespace
下面是示例输出。
Name: aws-batch-compute-environment-role
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
pods [] [] [create get list watch delete patch]
serviceaccounts [] [] [get list]
rolebindings.rbac.authorization.k8s.io [] [] [get list]
roles.rbac.authorization.k8s.io [] [] [get list]要解决此问题,请重新应用 RBAC 权限和rolebinding命令。有关更多信息,请参阅 第 2 步:为您的 Amazon EKS 集群做好准备 Amazon Batch。