按照部署文档执行,k8s集群已经自动建好,执行module.tidb-operator.null_resource.setup-env出错:
module.tidb-operator.null_resource.setup-env: Provisioning with ‘local-exec’… module.tidb-operator.null_resource.setup-env (local-exec): Executing: [“bash” “-c” “set -euo pipefail if ! kubectl get clusterrolebinding cluster-admin-binding 2>/dev/null; then kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user $(gcloud config get-value account) fi if ! kubectl get serviceaccount -n kube-system tiller 2>/dev/null ; then kubectl create serviceaccount --namespace kube-system tiller fi kubectl apply -f https://raw.githubusercontent.com/pingcap/tidb-operator/v1.0.1/manifests/crd.yaml kubectl apply -f https://raw.githubusercontent.com/pingcap/tidb-operator/v1.0.1/manifests/tiller-rbac.yaml kubectl apply -k manifests/local-ssd kubectl apply -f manifests/gke/persistent-disk.yaml helm init --service-account tiller --upgrade --wait until helm ls; do echo “Wait until tiller is ready” sleep 5 done ”] module.tidb-operator.null_resource.setup-env (local-exec): Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User “106939507055928422500” cannot create resource “clusterrolebindings” in API group “rbac.authorization.k8s.io” at the cluster scope: Required “container.clusterRoleBindings.create” permission.
Error: Error running command 'set -euo pipefail
if ! kubectl get clusterrolebinding cluster-admin-binding 2>/dev/null; then kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user $(gcloud config get-value account) fi
if ! kubectl get serviceaccount -n kube-system tiller 2>/dev/null ; then kubectl create serviceaccount --namespace kube-system tiller fi
kubectl apply -f https://raw.githubusercontent.com/pingcap/tidb-operator/v1.0.1/manifests/crd.yaml kubectl apply -f https://raw.githubusercontent.com/pingcap/tidb-operator/v1.0.1/manifests/tiller-rbac.yaml kubectl apply -k manifests/local-ssd kubectl apply -f manifests/gke/persistent-disk.yaml
helm init --service-account tiller --upgrade --wait until helm ls; do echo “Wait until tiller is ready” sleep 5 done ': exit status 1. Output: Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User “106939507055928422500” cannot create resource “clusterrolebindings” in API group “rbac.authorization.k8s.io” at the cluster scope: Required “container.clusterRoleBindings.create” permission.