Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Istio installation permission issue at GKE when following documentation #2814

Closed
lukas-lansky opened this issue Dec 31, 2018 · 8 comments
Closed

Comments

@lukas-lansky
Copy link

@lukas-lansky lukas-lansky commented Dec 31, 2018

Expected Behavior

Going through https://github.com/knative/docs/blob/master/install/Knative-with-GKE.md should get me a nice new cluster with functional Knative.

Actual Behavior

The Istio installation step results with:

PS C:\Source> kubectl apply --filename https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml
namespace "istio-system" created
configmap "istio-galley-configuration" created
configmap "istio-statsd-prom-bridge" created
configmap "istio-security-custom-resources" created
configmap "istio" created
configmap "istio-sidecar-injector" created
serviceaccount "istio-galley-service-account" created
serviceaccount "istio-egressgateway-service-account" created
serviceaccount "istio-ingressgateway-service-account" created
serviceaccount "istio-mixer-service-account" created
serviceaccount "istio-pilot-service-account" created
serviceaccount "istio-cleanup-secrets-service-account" created
clusterrolebinding.rbac.authorization.k8s.io "istio-cleanup-secrets-istio-system" created
job.batch "istio-cleanup-secrets" created
serviceaccount "istio-citadel-service-account" created
serviceaccount "istio-sidecar-injector-service-account" created
customresourcedefinition.apiextensions.k8s.io "virtualservices.networking.istio.io" created
customresourcedefinition.apiextensions.k8s.io "destinationrules.networking.istio.io" created
customresourcedefinition.apiextensions.k8s.io "serviceentries.networking.istio.io" created
customresourcedefinition.apiextensions.k8s.io "gateways.networking.istio.io" created
customresourcedefinition.apiextensions.k8s.io "envoyfilters.networking.istio.io" created
customresourcedefinition.apiextensions.k8s.io "httpapispecbindings.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "httpapispecs.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "quotaspecbindings.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "quotaspecs.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "rules.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "attributemanifests.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "bypasses.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "circonuses.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "deniers.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "fluentds.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "kubernetesenvs.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "listcheckers.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "memquotas.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "noops.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "opas.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "prometheuses.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "rbacs.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "redisquotas.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "servicecontrols.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "signalfxs.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "solarwindses.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "stackdrivers.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "statsds.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "stdios.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "apikeys.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "authorizations.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "checknothings.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "kuberneteses.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "listentries.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "logentries.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "edges.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "metrics.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "quotas.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "reportnothings.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "servicecontrolreports.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "tracespans.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "rbacconfigs.rbac.istio.io" created
customresourcedefinition.apiextensions.k8s.io "serviceroles.rbac.istio.io" created
customresourcedefinition.apiextensions.k8s.io "servicerolebindings.rbac.istio.io" created
customresourcedefinition.apiextensions.k8s.io "adapters.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "instances.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "templates.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "handlers.config.istio.io" created
clusterrolebinding.rbac.authorization.k8s.io "istio-galley-admin-role-binding-istio-system" created
clusterrolebinding.rbac.authorization.k8s.io "istio-egressgateway-istio-system" created
clusterrolebinding.rbac.authorization.k8s.io "istio-ingressgateway-istio-system" created
clusterrolebinding.rbac.authorization.k8s.io "istio-mixer-admin-role-binding-istio-system" created
clusterrolebinding.rbac.authorization.k8s.io "istio-pilot-istio-system" created
clusterrolebinding.rbac.authorization.k8s.io "istio-citadel-istio-system" created
clusterrolebinding.rbac.authorization.k8s.io "istio-sidecar-injector-admin-role-binding-istio-system" created
service "istio-galley" created
service "istio-egressgateway" created
service "istio-ingressgateway" created
service "istio-policy" created
service "istio-telemetry" created
service "istio-statsd-prom-bridge" created
deployment.extensions "istio-statsd-prom-bridge" created
service "istio-pilot" created
service "istio-citadel" created
service "istio-sidecar-injector" created
deployment.extensions "istio-galley" created
deployment.extensions "istio-egressgateway" created
deployment.extensions "istio-ingressgateway" created
deployment.extensions "istio-policy" created
deployment.extensions "istio-telemetry" created
deployment.extensions "istio-pilot" created
deployment.extensions "istio-citadel" created
deployment.extensions "istio-sidecar-injector" created
gateway.networking.istio.io "istio-autogenerated-k8s-ingress" created
horizontalpodautoscaler.autoscaling "istio-egressgateway" created
horizontalpodautoscaler.autoscaling "istio-ingressgateway" created
horizontalpodautoscaler.autoscaling "istio-policy" created
horizontalpodautoscaler.autoscaling "istio-telemetry" created
horizontalpodautoscaler.autoscaling "istio-pilot" created
mutatingwebhookconfiguration.admissionregistration.k8s.io "istio-sidecar-injector" created
attributemanifest.config.istio.io "istioproxy" created
attributemanifest.config.istio.io "kubernetes" created
stdio.config.istio.io "handler" created
logentry.config.istio.io "accesslog" created
logentry.config.istio.io "tcpaccesslog" created
rule.config.istio.io "stdio" created
rule.config.istio.io "stdiotcp" created
metric.config.istio.io "requestcount" created
metric.config.istio.io "requestduration" created
metric.config.istio.io "requestsize" created
metric.config.istio.io "responsesize" created
metric.config.istio.io "tcpbytesent" created
metric.config.istio.io "tcpbytereceived" created
prometheus.config.istio.io "handler" created
rule.config.istio.io "promhttp" created
rule.config.istio.io "promtcp" created
kubernetesenv.config.istio.io "handler" created
rule.config.istio.io "kubeattrgenrulerule" created
rule.config.istio.io "tcpkubeattrgenrulerule" created
kubernetes.config.istio.io "attributes" created
destinationrule.networking.istio.io "istio-policy" created
destinationrule.networking.istio.io "istio-telemetry" created
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-cleanup-secrets-istio-system" is forbidden: attempt to grant extra privileges: [{[list] [] [secrets] [] []} {[delete] [] [secrets] [] []}] user=&{
Lukas.Lansky.42@gmail.com  [system:authenticated] map[user-assertion.cloud.google.com:[AM6SrXjfbg0HWBBe3AIpt0M2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiPcawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2SCIoE/ZeMpmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL
+ARV3pTjA=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolutionErrors=[]
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-galley-istio-system" is forbidden: attempt to grant extra privileges: [{[*] [admissionregistration.k8s.io] [validatingwebhookconfigurations] [] []
} {[get] [config.istio.io] [*] [] []} {[list] [config.istio.io] [*] [] []} {[watch] [config.istio.io] [*] [] []} {[get] [*] [deployments] [istio-galley] []} {[get] [*] [endpoints] [istio-galley] []}] user=&{Lukas.Lansky.42@gmail.com  [system:authenticated] map[user-assertion.cloud.google.com:[AM6SrXjfbg0HWBBe3AIpt0M
2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiPcawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2SCIoE/ZeMpmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL+ARV3pTjA=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews]
[] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolutionErrors=[]
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-egressgateway-istio-system" is forbidden: attempt to grant extra privileges: [{[get] [extensions] [thirdpartyresources] [] []} {[watch] [extension
s] [thirdpartyresources] [] []} {[list] [extensions] [thirdpartyresources] [] []} {[update] [extensions] [thirdpartyresources] [] []} {[get] [extensions] [virtualservices] [] []} {[watch] [extensions] [virtualservices] [] []} {[list] [extensions] [virtualservices] [] []} {[update] [extensions] [virtualservices] [] [
]} {[get] [extensions] [destinationrules] [] []} {[watch] [extensions] [destinationrules] [] []} {[list] [extensions] [destinationrules] [] []} {[update] [extensions] [destinationrules] [] []} {[get] [extensions] [gateways] [] []} {[watch] [extensions] [gateways] [] []} {[list] [extensions] [gateways] [] []} {[updat
e] [extensions] [gateways] [] []}] user=&{Lukas.Lansky.42@gmail.com  [system:authenticated] map[user-assertion.cloud.google.com:[AM6SrXjfbg0HWBBe3AIpt0M2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiPcawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2SC
IoE/ZeMpmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL+ARV3pTjA=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] rul
eResolutionErrors=[]
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-ingressgateway-istio-system" is forbidden: attempt to grant extra privileges: [{[get] [extensions] [thirdpartyresources] [] []} {[watch] [extensio
ns] [thirdpartyresources] [] []} {[list] [extensions] [thirdpartyresources] [] []} {[update] [extensions] [thirdpartyresources] [] []} {[get] [extensions] [virtualservices] [] []} {[watch] [extensions] [virtualservices] [] []} {[list] [extensions] [virtualservices] [] []} {[update] [extensions] [virtualservices] []
[]} {[get] [extensions] [destinationrules] [] []} {[watch] [extensions] [destinationrules] [] []} {[list] [extensions] [destinationrules] [] []} {[update] [extensions] [destinationrules] [] []} {[get] [extensions] [gateways] [] []} {[watch] [extensions] [gateways] [] []} {[list] [extensions] [gateways] [] []} {[upda
te] [extensions] [gateways] [] []}] user=&{Lukas.Lansky.42@gmail.com  [system:authenticated] map[user-assertion.cloud.google.com:[AM6SrXjfbg0HWBBe3AIpt0M2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiPcawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2S
CIoE/ZeMpmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL+ARV3pTjA=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ru
leResolutionErrors=[]
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-mixer-istio-system" is forbidden: attempt to grant extra privileges: [{[create] [config.istio.io] [*] [] []} {[get] [config.istio.io] [*] [] []} {
[list] [config.istio.io] [*] [] []} {[watch] [config.istio.io] [*] [] []} {[patch] [config.istio.io] [*] [] []} {[get] [rbac.istio.io] [*] [] []} {[list] [rbac.istio.io] [*] [] []} {[watch] [rbac.istio.io] [*] [] []} {[get] [apiextensions.k8s.io] [customresourcedefinitions] [] []} {[list] [apiextensions.k8s.io] [cus
tomresourcedefinitions] [] []} {[watch] [apiextensions.k8s.io] [customresourcedefinitions] [] []} {[get] [] [configmaps] [] []} {[list] [] [configmaps] [] []} {[watch] [] [configmaps] [] []} {[get] [] [endpoints] [] []} {[list] [] [endpoints] [] []} {[watch] [] [endpoints] [] []} {[get] [] [pods] [] []} {[list] [] [
pods] [] []} {[watch] [] [pods] [] []} {[get] [] [services] [] []} {[list] [] [services] [] []} {[watch] [] [services] [] []} {[get] [] [namespaces] [] []} {[list] [] [namespaces] [] []} {[watch] [] [namespaces] [] []} {[get] [] [secrets] [] []} {[list] [] [secrets] [] []} {[watch] [] [secrets] [] []} {[get] [extens
ions] [replicasets] [] []} {[list] [extensions] [replicasets] [] []} {[watch] [extensions] [replicasets] [] []} {[get] [apps] [replicasets] [] []} {[list] [apps] [replicasets] [] []} {[watch] [apps] [replicasets] [] []}] user=&{Lukas.Lansky.42@gmail.com  [system:authenticated] map[user-assertion.cloud.google.com:[AM
6SrXjfbg0HWBBe3AIpt0M2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiPcawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2SCIoE/ZeMpmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL+ARV3pTjA=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews self
subjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolutionErrors=[]
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-pilot-istio-system" is forbidden: attempt to grant extra privileges: [{[*] [config.istio.io] [*] [] []} {[get] [rbac.istio.io] [*] [] []} {[watch]
 [rbac.istio.io] [*] [] []} {[list] [rbac.istio.io] [*] [] []} {[*] [networking.istio.io] [*] [] []} {[*] [authentication.istio.io] [*] [] []} {[*] [apiextensions.k8s.io] [customresourcedefinitions] [] []} {[*] [extensions] [thirdpartyresources] [] []} {[*] [extensions] [thirdpartyresources.extensions] [] []} {[*] [
extensions] [ingresses] [] []} {[*] [extensions] [ingresses/status] [] []} {[create] [] [configmaps] [] []} {[get] [] [configmaps] [] []} {[list] [] [configmaps] [] []} {[watch] [] [configmaps] [] []} {[update] [] [configmaps] [] []} {[get] [] [endpoints] [] []} {[list] [] [endpoints] [] []} {[watch] [] [endpoints]
[] []} {[get] [] [pods] [] []} {[list] [] [pods] [] []} {[watch] [] [pods] [] []} {[get] [] [services] [] []} {[list] [] [services] [] []} {[watch] [] [services] [] []} {[get] [] [namespaces] [] []} {[list] [] [namespaces] [] []} {[watch] [] [namespaces] [] []} {[get] [] [nodes] [] []} {[list] [] [nodes] [] []} {[wa
tch] [] [nodes] [] []} {[get] [] [secrets] [] []} {[list] [] [secrets] [] []} {[watch] [] [secrets] [] []}] user=&{Lukas.Lansky.42@gmail.com  [system:authenticated] map[user-assertion.cloud.google.com:[AM6SrXjfbg0HWBBe3AIpt0M2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiP
cawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2SCIoE/ZeMpmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL+ARV3pTjA=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.
0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolutionErrors=[]
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-citadel-istio-system" is forbidden: attempt to grant extra privileges: [{[create] [] [secrets] [] []} {[get] [] [secrets] [] []} {[watch] [] [secr
ets] [] []} {[list] [] [secrets] [] []} {[update] [] [secrets] [] []} {[delete] [] [secrets] [] []} {[get] [] [serviceaccounts] [] []} {[watch] [] [serviceaccounts] [] []} {[list] [] [serviceaccounts] [] []} {[get] [] [services] [] []} {[watch] [] [services] [] []} {[list] [] [services] [] []}] user=&{Lukas.Lansky.4
2@gmail.com  [system:authenticated] map[user-assertion.cloud.google.com:[AM6SrXjfbg0HWBBe3AIpt0M2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiPcawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2SCIoE/ZeMpmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL+ARV3pTjA=]]}
ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolutionErrors=[]
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-sidecar-injector-istio-system" is forbidden: attempt to grant extra privileges: [{[get] [*] [configmaps] [] []} {[list] [*] [configmaps] [] []} {[
watch] [*] [configmaps] [] []} {[get] [admissionregistration.k8s.io] [mutatingwebhookconfigurations] [] []} {[list] [admissionregistration.k8s.io] [mutatingwebhookconfigurations] [] []} {[watch] [admissionregistration.k8s.io] [mutatingwebhookconfigurations] [] []} {[patch] [admissionregistration.k8s.io] [mutatingweb
hookconfigurations] [] []}] user=&{Lukas.Lansky.42@gmail.com  [system:authenticated] map[user-assertion.cloud.google.com:[AM6SrXjfbg0HWBBe3AIpt0M2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiPcawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2SCIoE/ZeM
pmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL+ARV3pTjA=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolu
tionErrors=[]

Steps to Reproduce the Problem

  1. gcloud projects create knat-test --set-as-default
  2. gcloud services enable cloudapis.googleapis.com container.googleapis.com containerregistry.googleapis.com
  3. Assign payment account to the new project unless I want to get Project knat-test cannot accept requests to compute.projects.setCommonInstanceMetadata while in an inactive billing state. Billing state may take several minutes to update. in the next step. (Does this needs to happen in GUI, by the way, or is there a command line command for that?)
  4. gcloud container clusters create knat-cluster --zone=europe-west1-b --cluster-version=latest --machine-type=n1-standard-4 --enable-autoscaling --min-nodes=1 --max-nodes=10 --enable-autorepair --scopes=service-control,service-management,compute-rw,storage-ro,cloud-platform,logging-write,monitoring-write,pubsub,datastore --num-nodes=3
  5. kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)
  6. kubectl apply --filename https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml

Additional Info

Hopefully I didn't overlook any step. Thanks!

@patmagauran
Copy link

@patmagauran patmagauran commented Jan 5, 2019

Just encountered this error. When creating the clusterrolebinding, make sure the user is EXACTLY as it appears in the user field for the error. This fixed it for me.

@Fryuni
Copy link

@Fryuni Fryuni commented Jan 6, 2019

Just answering the comment on you 3rd step, you can use gcloud beta billing projects link [your_project_id] --billing-account=[billing_account_id]

@lukas-lansky
Copy link
Author

@lukas-lansky lukas-lansky commented Jan 11, 2019

@RotatingFans Yes, thanks a lot, that was it. gcloud config get-value core/account returns account in lower case, clusterrolebinding depends on it being the same case as original. I can reproduce the original issue with current documentation for version 0.3.0, but the issue disapears when I replace --user=$(gcloud config get-value core/account) with the proper value manually.

@Fryuni Thanks, that works nicely.

@MarkKropf
Copy link
Member

@MarkKropf MarkKropf commented Jan 24, 2019

There is another way to get the case-sensitive value with the existing configured environment variables.

gcloud projects get-iam-policy $PROJECT | grep 'user:' | cut -d: -f2

@knative-housekeeping-robot

Issues go stale after 90 days of inactivity.
Mark the issue as fresh by adding the comment /remove-lifecycle stale.
Stale issues rot after an additional 30 days of inactivity and eventually close.
If this issue is safe to close now please do so by adding the comment /close.

Send feedback to Knative Productivity Slack channel or file an issue in knative/test-infra.

/lifecycle stale

@knative-housekeeping-robot

Stale issues rot after 30 days of inactivity.
Mark the issue as fresh by adding the comment /remove-lifecycle rotten.
Rotten issues close after an additional 30 days of inactivity.
If this issue is safe to close now please do so by adding the comment /close.

Send feedback to Knative Productivity Slack channel or file an issue in knative/test-infra.

/lifecycle rotten

@knative-housekeeping-robot

Rotten issues close after 30 days of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh by adding the comment /remove-lifecycle rotten.

Send feedback to Knative Productivity Slack channel or file an issue in knative/test-infra.

/close

@knative-prow-robot
Copy link
Contributor

@knative-prow-robot knative-prow-robot commented Feb 20, 2020

@knative-housekeeping-robot: Closing this issue.

In response to this:

Rotten issues close after 30 days of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh by adding the comment /remove-lifecycle rotten.

Send feedback to Knative Productivity Slack channel or file an issue in knative/test-infra.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants