system:serviceaccount:c7n-system:runner-sa

Choerodon User Guide-Continuous Delivery
#1

  • Choerodon平台版本:0.15.0

  • 运行环境:自主搭建

  • 问题描述:

    请尽量详细的描述您遇到的问题,以便我们能更快速的提供解决办法。

    在使用gitlab打包的时候报错 system:serviceaccount:c7n-system:runner-sa

    image
    image1135×128 5.86 KB

    在此之前共执行了 N次打包操作都没有发现此问题,检查runner-sa 的时候发现有权限内容如下:
    image

image
image1600×443 52.6 KB

[root@k8s-master-01 ~]# kubectl get ClusterRole runner-cr -n c7n-system -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
choerodon.io/infra: gitlab-runner
choerodon.io/release: runner
name: runner-cr
resourceVersion: “58095232”
selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/runner-cr
uid: c9a0c9c4-6009-11e9-a927-005056ba4973
rules:

  • apiGroups:
    • “”
      resources:
    • persistentvolumes
      verbs:
    • get
    • list
    • watch
    • create
    • delete
  • apiGroups:
    • “”
      resources:
    • persistentvolumeclaims
      verbs:
    • get
    • list
    • watch
    • update
  • apiGroups:
  • apiGroups:
    • “”
      resources:
    • events
      verbs:
    • watch
    • create
    • update
    • patch
  • apiGroups:
    • “”
      resources:
    • services
    • endpoints
      verbs:
    • get
    • create
    • list
    • watch
    • update
  • apiGroups:
    • extensions
      resourceNames:
    • nfs-provisioner
      resources:
    • podsecuritypolicies
      verbs:
    • use

image
image749×265 8.08 KB

重新创建多次依旧无法解决,请帮忙分析指点

#2

问题已经解决,原因clusterrole 权限不够