錯誤「已經存在」

Question

當我嘗試執行此：

oc create -f custom_clusterPolicyBinding.yml 
Error from server: error when creating "custom_clusterPolicyBinding.yml": clusterpolicybindings ":default" already exists 

oc version 
oc v1.4.1 
kubernetes v1.4.0+776c994 
features: Basic-Auth GSSAPI Kerberos SPNEGO 

這是custom_clusterPolicyBinding.yml

apiVersion: v1 
kind: ClusterPolicyBinding 
metadata: 
    name: custom 
policyRef: 
    name: custom 
roleBindings: 
- name: custom:label-nodos 
    roleBinding: 
    groupNames: 
    - pachi 
    metadata: 
     name: custom:label-nodos 
    roleRef: 
     name: custom:label-nodos 
    subjects: 
    - kind: Group 
     name: pachi 
    userNames: null 

集羣作用結合定製：標籤nodos已經存在

oc get clusterroleBinding | grep custom:label-nodos 
custom:label-nodos        /custom:label-nodos  

而集羣角色綁定yaml的內容是：

apiVersion: v1 
groupNames: null 
kind: ClusterRoleBinding 
metadata: 
    name: custom:label-nodos 
roleRef: 
    name: custom:label-nodos 
subjects: [] 
userNames: null 

任何想法？

Answer 1

不要直接編輯政策。只有一個集羣策略和集羣策略綁定。

相反，你會想創建一個clusterrole的內容與此類似（編輯它給予你想給出來的權限）：

apiVersion: v1 
kind: ClusterRole 
metadata: 
    name: some-user 
rules: 
- apiGroups: 
    - project.openshift.io 
    - "" 
    resources: 
    - projects 
    verbs: 
    - list 

而且隨着內容的clusterrolebinding像這樣（編輯綁定正確的科目）：

apiVersion: v1 
kind: ClusterRoleBinding 
metadata: 
    name: some-users 
roleRef: 
    name: some-user 
subjects: 
- kind: User 
    name: foo 

您也可以使用oadm policy add-*role-to-*命令，以幫助綁定角色：

add-cluster-role-to-group 
add-cluster-role-to-user 
add-role-to-group 
add-role-to-user