Thiết kế website giá rẻ

Question

My cron workflows are running fine, but at the end I am getting the following error that I am investigating:
Error (exit code 1): pods "argo-cron-test-1720194660-run-script-2326994143" is forbidden: User "system:serviceaccount:default:default" cannot patch resource "pods" in API group "" in the namespace "default"

I investigated the following settings:

<code>kubectl get rolebindings -n argo

NAME ROLE AGE

argo-binding Role/argo-role 12d

agent-default Role/agent 12d

artifactgc-default Role/artifactgc 12d

executor-default Role/executor 12d

github.com Role/submit-workflow-template 12d

pod-manager-default Role/pod-manager 12d

workflow-manager-default Role/workflow-manager 12d

kubectl get serviceaccounts -n argo

NAME SECRETS AGE

default 0 12d

argo 0 12d

argo-server 0 12d

github.com 0 12d

ali@v141:~/ali$ kubectl describe rolebinding agent-default -n argo

Name: agent-default

Labels: <none>

Annotations: <none>

Role:

Kind: Role

Name: agent

Subjects:

Kind Name Namespace

---- ---- ---------

ServiceAccount default

kubectl describe rolebinding executor-default -n argo

Name: executor-default

Labels: <none>

Annotations: <none>

Role:

Kind: Role

Name: executor

Subjects:

Kind Name Namespace

---- ---- ---------

ServiceAccount default

kubectl describe role executor -n argo

Name: executor

Labels: <none>

Annotations: workflows.argoproj.io/description: Recomended minimum permissions for the `emissary` executor.

PolicyRule:

Resources Non-Resource URLs Resource Names Verbs

--------- ----------------- -------------- -----

workflowtaskresults.argoproj.io [] [] [create patch]

</code>

<code>kubectl get rolebindings -n argo NAME ROLE AGE argo-binding Role/argo-role 12d agent-default Role/agent 12d artifactgc-default Role/artifactgc 12d executor-default Role/executor 12d github.com Role/submit-workflow-template 12d pod-manager-default Role/pod-manager 12d workflow-manager-default Role/workflow-manager 12d kubectl get serviceaccounts -n argo NAME SECRETS AGE default 0 12d argo 0 12d argo-server 0 12d github.com 0 12d ali@v141:~/ali$ kubectl describe rolebinding agent-default -n argo Name: agent-default Labels: <none> Annotations: <none> Role: Kind: Role Name: agent Subjects: Kind Name Namespace ---- ---- --------- ServiceAccount default kubectl describe rolebinding executor-default -n argo Name: executor-default Labels: <none> Annotations: <none> Role: Kind: Role Name: executor Subjects: Kind Name Namespace ---- ---- --------- ServiceAccount default kubectl describe role executor -n argo Name: executor Labels: <none> Annotations: workflows.argoproj.io/description: Recomended minimum permissions for the `emissary` executor. PolicyRule: Resources Non-Resource URLs Resource Names Verbs --------- ----------------- -------------- ----- workflowtaskresults.argoproj.io [] [] [create patch] </code>

kubectl get rolebindings -n argo

NAME                       ROLE                            AGE
argo-binding               Role/argo-role                  12d
agent-default              Role/agent                      12d
artifactgc-default         Role/artifactgc                 12d
executor-default           Role/executor                   12d
github.com                 Role/submit-workflow-template   12d
pod-manager-default        Role/pod-manager                12d
workflow-manager-default   Role/workflow-manager           12d

kubectl get serviceaccounts -n argo
NAME          SECRETS   AGE
default       0         12d
argo          0         12d
argo-server   0         12d
github.com    0         12d
ali@v141:~/ali$ kubectl describe rolebinding agent-default -n argo
Name:         agent-default
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  Role
  Name:  agent
Subjects:
  Kind            Name     Namespace
  ----            ----     ---------
  ServiceAccount  default

kubectl describe rolebinding executor-default -n argo
Name:         executor-default
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  Role
  Name:  executor
Subjects:
  Kind            Name     Namespace
  ----            ----     ---------
  ServiceAccount  default

kubectl describe role executor -n argo
Name:         executor
Labels:       <none>
Annotations:  workflows.argoproj.io/description: Recomended minimum permissions for the `emissary` executor.
PolicyRule:
  Resources                        Non-Resource URLs  Resource Names  Verbs
  ---------                        -----------------  --------------  -----
  workflowtaskresults.argoproj.io  []                 []              [create patch]

The default service account seems to have the required create patch permissions through role binding.

Why am I getting the error?

Thiết kế website giá rẻ

Danh mục

Argo Workflow: Permission issue with `system:serviceaccount:default:default`