I'm trying to deploy my web service to Google Container Engine:
Here's my deployment.yaml:
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: handfree
labels:
app: handfree
spec:
replicas: 3
template:
metadata:
labels:
app: handfree
spec:
containers:
- name: handfree
image: arycloud/mysecretrepo:latest
imagePullPolicy: Always
#Ports to expose
ports:
- name: api_port
containerPort: 8000 Here's my service.yaml:
kind: Service
apiVersion: v1
metadata:
#Service name
name: judge
spec:
selector:
app: handfree
ports:
- protocol: TCP
port: 8000
targetPort: 8000
type: LoadBalancer I have created a cluster on Google Container Engine with cluster size 4 and 8 vCPUs, I have successfully get credentials by using the command from connecting link of this cluster.
When I try to run the deployment.yml it returns an error as:
Error from server (Forbidden): error when retrieving current configuration of: default handfree deployment.yaml
from server for: "deployment.yaml" deployments.extensions "handfree" is forbidden: User "client" cannot get deployments.extensions in the namespace "default": Unknown user "client".
I'm new to kubernetes world, help me, please!
Thanks in advance!
Unknown user "client".
Means there is no RoleBinding or ClusterRoleBinding with a subjects: of type: User with a name: of client.
The fix is to create a ClusterRoleBinding or RoleBinding -- depending on whether you want client to have access to every Namespace or just default -- and point it at an existing (or created) Role or ClusterRole. The bad news is that since your current credential is invalid, you will need to track down the cluster-admin credential to be able to make that kind of change. Since I haven't used GKE, I can't specify the exact steps.
I know those paragraphs are filled with jargon, and for that I'm sorry - it's a complex topic. There are several RBAC summaries, including a recent one from GitLab, a CNCF webinar, and one from Sysdig, and (of course) the kubernetes docs