451984 (2) [Avatar] Offline

As I am reading the first part of this chapter. there seems to be - that is missing next to image
$ kubectl run test -image=luksa/kubectl-proxy:1.6.2 -n foo
deployment "test" created
$ kubectl create ns bar
namespace "bar" created
$ kubectl run test -image=luksa/kubectl-proxy:1.6.2 -n bar
deployment "test" created 

Also while trying the first example of the rolebinding (service-reader.yaml) namespace: foo is missing from the code.
and I was hit with this error.

kubectl create -f pv-reader.yaml -n foo 
Error from server (Forbidden): error when creating "pv-reader.yaml": clusterroles.rbac.authorization.k8s.io "pv-reader" is forbidden: attempt to grant extra privileges: [{[get] [] [persistentvolumes] [] []} {[list] [] [persistentvolumes] [] []}] user=&{[b]MYEMAIL[/b] [system:authenticated] map[]} ownerrules=[{[create delete deletecollection get list patch update watch] [] [pods pods/attach pods/exec pods/portforward pods/proxy] [] []} {[create delete deletecollection get list patch update watch] [] [configmaps endpoints persistentvolumeclaims replicationcontrollers replicationcontrollers/scale secrets serviceaccounts services services/proxy] []

it turns out that I needed to grant cluster-role for my user.
kubectl create clusterrolebinding myname-cluster-admin-binding --clusterrole=cluster-admin --user=myname@example.org

this is for GKE.


Marko Lukša (65) [Avatar] Offline
Thank you so much. You're absolutely right. I also see 1.6 is now the default version on GKE.

I'll update the chapter with this info.

Thanks again.