使用Kubernetes作为注册中心可能会遇到问题
Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. services is forbidden: User "system:serviceaccount:default:default" cannot list resource "services" in API group "" in the namespace "default".
解决
新建一个endpoints-cluster-role.yml 如下:
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: default
name: endpoints-reader
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "watch", "list"]
执行
kubectl apply -f endpoints-cluster-role.yml
添加serviceacount的binding如下
kubectl create clusterrolebinding endpoints-reader-mydefault \
--clusterrole=endpoints-reader \
--serviceaccount=default:default