K8s 报错“error converting YAML to JSON: yaml: line 8: did not find expected key”
K8s 报错“error converting YAML to JSON: yaml: line 8: did not find expected key”
今天在创建kubernetes dashboard的登录用户授权指定名称空间执行yaml文件报错
# kubectl apply -f dev-user.yaml serviceaccount/dev-user unchanged role.rbac.authorization.k8s.io/role-dev-user unchanged rolebinding.rbac.authorization.k8s.io/role-bind-dev-user unchanged error: error parsing dev-user.yaml: error converting YAML to JSON: yaml: line 8: did not find expected key
YAML文件
查看YAML文件,检查第8行发现没有问题,那么问题来了
# cat -A dev-user.yaml ---$ # ServiceAccount$ apiVersion: v1$ kind: ServiceAccount$ metadata:$ name: dev-user$ namespace: dev$ $ ---$ # role$ kind: Role$ apiVersion: rbac.authorization.k8s.io/v1$ metadata:$ namespace: dev$ name: role-dev-user$ rules:$ - apiGroups: [""]$ resources: ["pods"]$ verbs: ["get", "list", "watch", "delete", "update", "patch"]$ - apiGroups: [""]$ resources: ["pods/portforward", "pods/proxy"]$ verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]$ - apiGroups: [""]$ resources: ["pods/log"]$ verbs: ["get", "list", "watch", "delete"]$ - apiGroups: ["extensions", "apps"]$ resources: ["deployments"]$ verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]$ - apiGroups: [""]$ resources: ["namespaces"]$ verbs: ["get", "watch", "list"]$ - apiGroups: [""]$ resources: ["events"]$ verbs: ["get", "watch", "list"]$ - apiGroups: ["apps", "extensions"]$ resources: ["replicasets"]$ verbs: ["get", "watch", "list", "create", "update", "pathch", "delete"]$ - apiGroups: [""]$ resources: ["configmaps"]$ verbs: ["get", "watch", "list", "create", "update", "pathch", "delete"]$ - apiGroups: [""]$ resources: ["persistentvolumeclaims"]$ verbs: ["get", "watch", "list"]$ - apiGroups: [""]$ resources: ["secrets"]$ verbs: ["get", "watch", "list"]$ - apiGroups: [""]$ resources: ["services"]$ verbs: ["get", "watch", "list", "create", "update", "pathch", "delete"]$ - apiGroups: ["extensions"]$ resources: ["ingresses"]$ verbs: ["get", "watch", "list"]$ - apiGroups: ["apps"]$ resources: ["daemonsets"]$ verbs: ["get", "watch", "list"]$ - apiGroups: ["batch"]$ resources: ["jobs"]$ verbs: ["get", "watch", "list"]$ - apiGroups: ["batch"]$ resources: ["cronjobs"]$ verbs: ["get", "watch", "list"]$ - apiGroups: [""]$ resources: ["replicationcontrollers"]$ verbs: ["get", "watch", "list"]$ - apiGroups: ["apps"]$ resources: ["statefulsets"]$ verbs: ["get", "watch", "list"]$ - apiGroups: [""]$ resources: ["endpoints"]$ verbs: ["get", "watch", "list"]$ ---$ # role bind$ kind: RoleBinding$ apiVersion: rbac.authorization.k8s.io/v1$ metadata:$ name: role-bind-dev-user$ namespace: dev$ subjects:$ - kind: ServiceAccount$ name: dev-user$ namespace: dev$ roleRef:$ kind: Role$ name: role-dev-user$ apiGroup: rbac.authorization.k8s.io$ ---$ # clusterrole$ kind: ClusterRole$ apiVersion: rbac.authorization.k8s.io/v1$ metadata:$ namespace: dev$ name: clusterrole-dev-user$ rules:$ - apiGroups: [""]$ resources: ["namespaces"]$ verbs: ["get", "watch", "list"]$ $ ---$ # clusterrole bind$ kind: ClusterRoleBinding$ apiVersion: rbac.authorization.k8s.io/v1$ metadata:$ name: clusterrole-bind-dev-user$ namespace: dev$ subjects:$ - kind: ServiceAccount$ name: dev-user$ namespace: dev$ roleRef:$ kind: ClusterRole$ name: clusterrole-dev-user$ apiGroup: rbac.authorization.k8s.io$
解决方法
在经过仔细检查后发现最后的clusterrole*缩进不对,即YAML文件的格式不对造成的
修改YAML文件
# cat dev-user.yaml --- # ServiceAccount apiVersion: v1 kind: ServiceAccount metadata: name: dev-user namespace: dev --- # role kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: dev name: role-dev-user rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch", "delete", "update", "patch"] - apiGroups: [""] resources: ["pods/portforward", "pods/proxy"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: [""] resources: ["pods/log"] verbs: ["get", "list", "watch", "delete"] - apiGroups: ["extensions", "apps"] resources: ["deployments"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: [""] resources: ["namespaces"] verbs: ["get", "watch", "list"] - apiGroups: [""] resources: ["events"] verbs: ["get", "watch", "list"] - apiGroups: ["apps", "extensions"] resources: ["replicasets"] verbs: ["get", "watch", "list", "create", "update", "pathch", "delete"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "watch", "list", "create", "update", "pathch", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "watch", "list"] - apiGroups: [""] resources: ["secrets"] verbs: ["get", "watch", "list"] - apiGroups: [""] resources: ["services"] verbs: ["get", "watch", "list", "create", "update", "pathch", "delete"] - apiGroups: ["extensions"] resources: ["ingresses"] verbs: ["get", "watch", "list"] - apiGroups: ["apps"] resources: ["daemonsets"] verbs: ["get", "watch", "list"] - apiGroups: ["batch"] resources: ["jobs"] verbs: ["get", "watch", "list"] - apiGroups: ["batch"] resources: ["cronjobs"] verbs: ["get", "watch", "list"] - apiGroups: [""] resources: ["replicationcontrollers"] verbs: ["get", "watch", "list"] - apiGroups: ["apps"] resources: ["statefulsets"] verbs: ["get", "watch", "list"] - apiGroups: [""] resources: ["endpoints"] verbs: ["get", "watch", "list"] --- # role bind kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: role-bind-dev-user namespace: dev subjects: - kind: ServiceAccount name: dev-user namespace: dev roleRef: kind: Role name: role-dev-user apiGroup: rbac.authorization.k8s.io --- # clusterrole kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: dev name: clusterrole-dev-user rules: - apiGroups: [""] resources: ["namespaces"] verbs: ["get", "watch", "list"] --- # clusterrole bind kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: clusterrole-bind-dev-user namespace: dev subjects: - kind: ServiceAccount name: dev-user namespace: dev roleRef: kind: ClusterRole name: clusterrole-dev-user apiGroup: rbac.authorization.k8s.io
检查执行
# kubectl apply -f dev-user.yaml serviceaccount/dev-user unchanged role.rbac.authorization.k8s.io/role-dev-user unchanged rolebinding.rbac.authorization.k8s.io/role-bind-dev-user unchanged clusterrole.rbac.authorization.k8s.io/clusterrole-dev-user created clusterrolebinding.rbac.authorization.k8s.io/clusterrole-bind-dev-user created
总结
在编写k8s的YAML文件的时候一定要检查定义好缩进问题,使用vim可视化模式批量插入一个空格解决,最终在.vimrc定义一个tab为2个空格
