I'm trying to deploy my web service to Google Container Engine:
Here's my deployment.yaml:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: handfree
labels:
app: handfree
spec:
replicas: 3
template:
metadata:
labels:
app: handfree
spec:
containers:
- name: handfree
image: arycloud/mysecretrepo:latest
imagePullPolicy: Always
#Ports to expose
ports:
- name: api_port
containerPort: 8000
Here's my service.yaml:
kind: Service
apiVersion: v1
metadata:
#Service name
name: judge
spec:
selector:
app: handfree
ports:
- protocol: TCP
port: 8000
targetPort: 8000
type: LoadBalancer
I have created a cluster on Google Container Engine with cluster size 4 and 8 vCPUs, I have successfully get credentials by using the command from connecting link of this cluster.
When I try to run the deployment.yml it returns an error as:
Error from server (Forbidden): error when retrieving current configuration of: default handfree deployment.yaml
from server for: "deployment.yaml" deployments.extensions "handfree" is forbidden: User "client" cannot get deployments.extensions in the namespace "default": Unknown user "client".
I'm new to kubernetes world, help me, please!
Thanks in advance!
Unknown user "client".
Means there is no RoleBinding
or ClusterRoleBinding
with a subjects:
of type: User
with a name:
of client
.
The fix is to create a ClusterRoleBinding
or RoleBinding
-- depending on whether you want client
to have access to every Namespace
or just default
-- and point it at an existing (or created) Role
or ClusterRole
. The bad news is that since your current credential is invalid, you will need to track down the cluster-admin
credential to be able to make that kind of change. Since I haven't used GKE, I can't specify the exact steps.
I know those paragraphs are filled with jargon, and for that I'm sorry - it's a complex topic. There are several RBAC summaries, including a recent one from GitLab, a CNCF webinar, and one from Sysdig, and (of course) the kubernetes docs