以聊天的形式解决traefik2.1.X的一个问题

海口-老男人 17:24:48
大哥，这个是啥报错呀

海口-老男人 17:27:04

E0413 09:23:13.134144       1 reflector.go:153] pkg/mod/k8s.io/client-go@v0.17.3/tools/cache/reflector.go:105: Failed to list *v1alpha1.IngressRouteUDP: ingressrouteudps.traefik.containo.us is forbidden: User "system:serviceaccount:kube-system:traefik-ingress-controller" cannot list resource "ingressrouteudps" in API group "traefik.containo.us" at the cluster scope

海口-老男人 17:35:42
部署的时候没有任何问题。。

海口-老男人 17:36:00
pod 也是 running状态

贯通golang之前不改名 17:36:09

海口-老男人 17:36:39
然后我发现访问不到 dash

海口-老男人 17:36:47
describe 也没报错

海口-老男人 17:36:51
就 log 提示了这个

海口-老男人 17:37:19

贯通golang之前不改名 17:46:06
权限呢

贯通golang之前不改名 17:48:23
权限的问题 没有给角色添加这个资源

贯通golang之前不改名 17:50:21
还在不在？？？

贯通golang之前不改名 17:50:45
让我瞅瞅你的rbac

apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: kube-system
  name: traefik-ingress-controller
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
rules:
  - apiGroups: [""]
    resources: ["services","endpoints","secrets"]
    verbs: ["get","list","watch"]
  - apiGroups: ["extensions"]
    resources: ["ingresses"]
    verbs: ["get","list","watch"]
  - apiGroups: ["extensions"]
    resources: ["ingresses/status"]
    verbs: ["update"]
  - apiGroups: ["traefik.containo.us"]
    resources: ["middlewares"]
    verbs: ["get","list","watch"]
  - apiGroups: ["traefik.containo.us"]
    resources: ["ingressroutes"]
    verbs: ["get","list","watch"]
  - apiGroups: ["traefik.containo.us"]
    resources: ["ingressroutetcps"]
    verbs: ["get","list","watch"]
  - apiGroups: ["traefik.containo.us"]
    resources: ["tlsoptions"]
    verbs: ["get","list","watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
  - kind: ServiceAccount
    name: traefik-ingress-controller
    namespace: kube-system

贯通golang之前不改名 17:53:27

贯通golang之前不改名 17:53:48

贯通golang之前不改名 17:53:58
少个udp的 rule

很是不解 我用的版本是1.17.2 配置没问题，朋友用的是1.17.4就存在问题，这个有待追究。