因管理要求,只能给namespace的最高权限,不给clusterrole权限,使用helm安装时,设置如下:
clusterScoped: false
rbac:
create: false
timezone: Asia/Shanghai
operatorImage: 10.17/zongbu-sre/pingcap/tidb-operator-arm64:v1.4.0
imagePullPolicy: IfNotPresent
tidbBackupManagerImage: 10.17/zongbu-sre/pingcap/tidb-backup-manager-arm64:v1.4.0
features: []
appendReleaseSuffix: false
controllerManager:
create: true
serviceAccount: tidb-controller-manager
clusterPermissions:
nodes: true
persistentvolumes: true
storageclasses: true
logLevel: 2
replicas: 1
resources:
requests:
cpu: 500m
memory: 500Mi
autoFailover: true
pdFailoverPeriod: 5m
tikvFailoverPeriod: 5m
tidbFailoverPeriod: 5m
tiflashFailoverPeriod: 5m
dmMasterFailoverPeriod: 5m
dmWorkerFailoverPeriod: 5m
affinity: {}
nodeSelector: {}
tolerations: []
selector: []
env: []
securityContext: {}
podAnnotations: {}
scheduler:
create: true
serviceAccount: tidb-scheduler
logLevel: 2
replicas: 1
schedulerName: tidb-scheduler
resources:
limits:
cpu: 500m
memory: 500Mi
requests:
cpu: 500m
memory: 500Mi
kubeSchedulerImageName: 10.17/zongbu-sre/dyrnq/kube-scheduler-arm64-1:v1.24.9
affinity: {}
nodeSelector: {}
tolerations: []
securityContext: {}
podAnnotations: {}
configmapAnnotations: {}
设置了 clusterScoped: false 、 rbac.create: false
部署时没有报错,但是没有Pod
$ helm install test-tidb-operator ./tidb-operator --namespace=tidb-xktkj
NAME: test-tidb-operator
LAST DEPLOYED: Tue Feb 21 14:24:10 2023
NAMESPACE: tidb-xktkj
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Make sure tidb-operator components are running:
kubectl get pods --namespace tidb-xktkj -l app.kubernetes.io/instance=test-tidb-operator
$ kubectl get pods --namespace tidb-xktkj
No resources found in tidb-xktkj namespace.
$ kubectl describe rs tidb-controller-manager-54dfd9d6d5 -n tidb-xktkj
Error creating: pods "tidb-controller-manager-54dfd9d6d5-" is forbidden: error looking up service account tidb-xktkj/tidb-controller-manager: serviceaccount "tidb-controller-manager" not found
