Include RBAC command in GKE deploy instructions

pachyderm · Mar 15, 2019 · 49ef074 · 49ef074
1 parent 1b9a623
commit 49ef074
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/doc/deployment/google_cloud_platform.md b/doc/deployment/google_cloud_platform.md
@@ -32,7 +32,16 @@ $ gcloud config set container/cluster ${CLUSTER_NAME}
 $ MACHINE_TYPE=<machine type for the k8s nodes, we recommend "n1-standard-4" or larger>
 
 # By default the following command spins up a 3-node cluster. You can change the default with `--num-nodes VAL`.
-$ gcloud container clusters create ${CLUSTER_NAME} --scopes storage-rw --machine-type ${MACHINE_TYPE} 
+$ gcloud container clusters create ${CLUSTER_NAME} --scopes storage-rw --machine-type ${MACHINE_TYPE}
+
+# By default, GKE clusters have RBAC enabled. To allow 'pachctl deploy' to give the 'pachyderm' service account
+# the requisite privileges via clusterrolebindings, you will need to grant *your user account* the privileges
+# needed to create those clusterrolebindings.
+#
+# Note that this command is simple and concise, but gives your user account more privileges than necessary. See
+# https://docs.pachyderm.io/en/latest/deployment/rbac.html for the complete list of privileges that the
+# pachyderm serviceaccount needs.
+$ kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value account)
 ```
 **Important Note: You must create the Kubernetes cluster via the gcloud command-line tool rather than the Google Cloud Console, as it's currently only possible to grant the `storage-rw` scope via the command-line tool**. Also note, you should deploy a 1.8.x cluster if possible to take full advantage of Pachyderm's latest features.