Serving: Istio installation permission issue at GKE when following documentation

Created on 31 Dec 2018  路  8Comments  路  Source: knative/serving

Expected Behavior

Going through https://github.com/knative/docs/blob/master/install/Knative-with-GKE.md should get me a nice new cluster with functional Knative.

Actual Behavior

The Istio installation step results with:

PS C:\Source> kubectl apply --filename https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml
namespace "istio-system" created
configmap "istio-galley-configuration" created
configmap "istio-statsd-prom-bridge" created
configmap "istio-security-custom-resources" created
configmap "istio" created
configmap "istio-sidecar-injector" created
serviceaccount "istio-galley-service-account" created
serviceaccount "istio-egressgateway-service-account" created
serviceaccount "istio-ingressgateway-service-account" created
serviceaccount "istio-mixer-service-account" created
serviceaccount "istio-pilot-service-account" created
serviceaccount "istio-cleanup-secrets-service-account" created
clusterrolebinding.rbac.authorization.k8s.io "istio-cleanup-secrets-istio-system" created
job.batch "istio-cleanup-secrets" created
serviceaccount "istio-citadel-service-account" created
serviceaccount "istio-sidecar-injector-service-account" created
customresourcedefinition.apiextensions.k8s.io "virtualservices.networking.istio.io" created
customresourcedefinition.apiextensions.k8s.io "destinationrules.networking.istio.io" created
customresourcedefinition.apiextensions.k8s.io "serviceentries.networking.istio.io" created
customresourcedefinition.apiextensions.k8s.io "gateways.networking.istio.io" created
customresourcedefinition.apiextensions.k8s.io "envoyfilters.networking.istio.io" created
customresourcedefinition.apiextensions.k8s.io "httpapispecbindings.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "httpapispecs.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "quotaspecbindings.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "quotaspecs.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "rules.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "attributemanifests.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "bypasses.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "circonuses.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "deniers.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "fluentds.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "kubernetesenvs.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "listcheckers.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "memquotas.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "noops.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "opas.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "prometheuses.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "rbacs.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "redisquotas.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "servicecontrols.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "signalfxs.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "solarwindses.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "stackdrivers.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "statsds.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "stdios.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "apikeys.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "authorizations.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "checknothings.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "kuberneteses.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "listentries.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "logentries.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "edges.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "metrics.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "quotas.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "reportnothings.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "servicecontrolreports.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "tracespans.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "rbacconfigs.rbac.istio.io" created
customresourcedefinition.apiextensions.k8s.io "serviceroles.rbac.istio.io" created
customresourcedefinition.apiextensions.k8s.io "servicerolebindings.rbac.istio.io" created
customresourcedefinition.apiextensions.k8s.io "adapters.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "instances.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "templates.config.istio.io" created
customresourcedefinition.apiextensions.k8s.io "handlers.config.istio.io" created
clusterrolebinding.rbac.authorization.k8s.io "istio-galley-admin-role-binding-istio-system" created
clusterrolebinding.rbac.authorization.k8s.io "istio-egressgateway-istio-system" created
clusterrolebinding.rbac.authorization.k8s.io "istio-ingressgateway-istio-system" created
clusterrolebinding.rbac.authorization.k8s.io "istio-mixer-admin-role-binding-istio-system" created
clusterrolebinding.rbac.authorization.k8s.io "istio-pilot-istio-system" created
clusterrolebinding.rbac.authorization.k8s.io "istio-citadel-istio-system" created
clusterrolebinding.rbac.authorization.k8s.io "istio-sidecar-injector-admin-role-binding-istio-system" created
service "istio-galley" created
service "istio-egressgateway" created
service "istio-ingressgateway" created
service "istio-policy" created
service "istio-telemetry" created
service "istio-statsd-prom-bridge" created
deployment.extensions "istio-statsd-prom-bridge" created
service "istio-pilot" created
service "istio-citadel" created
service "istio-sidecar-injector" created
deployment.extensions "istio-galley" created
deployment.extensions "istio-egressgateway" created
deployment.extensions "istio-ingressgateway" created
deployment.extensions "istio-policy" created
deployment.extensions "istio-telemetry" created
deployment.extensions "istio-pilot" created
deployment.extensions "istio-citadel" created
deployment.extensions "istio-sidecar-injector" created
gateway.networking.istio.io "istio-autogenerated-k8s-ingress" created
horizontalpodautoscaler.autoscaling "istio-egressgateway" created
horizontalpodautoscaler.autoscaling "istio-ingressgateway" created
horizontalpodautoscaler.autoscaling "istio-policy" created
horizontalpodautoscaler.autoscaling "istio-telemetry" created
horizontalpodautoscaler.autoscaling "istio-pilot" created
mutatingwebhookconfiguration.admissionregistration.k8s.io "istio-sidecar-injector" created
attributemanifest.config.istio.io "istioproxy" created
attributemanifest.config.istio.io "kubernetes" created
stdio.config.istio.io "handler" created
logentry.config.istio.io "accesslog" created
logentry.config.istio.io "tcpaccesslog" created
rule.config.istio.io "stdio" created
rule.config.istio.io "stdiotcp" created
metric.config.istio.io "requestcount" created
metric.config.istio.io "requestduration" created
metric.config.istio.io "requestsize" created
metric.config.istio.io "responsesize" created
metric.config.istio.io "tcpbytesent" created
metric.config.istio.io "tcpbytereceived" created
prometheus.config.istio.io "handler" created
rule.config.istio.io "promhttp" created
rule.config.istio.io "promtcp" created
kubernetesenv.config.istio.io "handler" created
rule.config.istio.io "kubeattrgenrulerule" created
rule.config.istio.io "tcpkubeattrgenrulerule" created
kubernetes.config.istio.io "attributes" created
destinationrule.networking.istio.io "istio-policy" created
destinationrule.networking.istio.io "istio-telemetry" created
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-cleanup-secrets-istio-system" is forbidden: attempt to grant extra privileges: [{[list] [] [secrets] [] []} {[delete] [] [secrets] [] []}] user=&{
[email protected]  [system:authenticated] map[user-assertion.cloud.google.com:[AM6SrXjfbg0HWBBe3AIpt0M2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiPcawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2SCIoE/ZeMpmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL
+ARV3pTjA=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolutionErrors=[]
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-galley-istio-system" is forbidden: attempt to grant extra privileges: [{[*] [admissionregistration.k8s.io] [validatingwebhookconfigurations] [] []
} {[get] [config.istio.io] [*] [] []} {[list] [config.istio.io] [*] [] []} {[watch] [config.istio.io] [*] [] []} {[get] [*] [deployments] [istio-galley] []} {[get] [*] [endpoints] [istio-galley] []}] user=&{[email protected]  [system:authenticated] map[user-assertion.cloud.google.com:[AM6SrXjfbg0HWBBe3AIpt0M
2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiPcawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2SCIoE/ZeMpmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL+ARV3pTjA=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews]
[] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolutionErrors=[]
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-egressgateway-istio-system" is forbidden: attempt to grant extra privileges: [{[get] [extensions] [thirdpartyresources] [] []} {[watch] [extension
s] [thirdpartyresources] [] []} {[list] [extensions] [thirdpartyresources] [] []} {[update] [extensions] [thirdpartyresources] [] []} {[get] [extensions] [virtualservices] [] []} {[watch] [extensions] [virtualservices] [] []} {[list] [extensions] [virtualservices] [] []} {[update] [extensions] [virtualservices] [] [
]} {[get] [extensions] [destinationrules] [] []} {[watch] [extensions] [destinationrules] [] []} {[list] [extensions] [destinationrules] [] []} {[update] [extensions] [destinationrules] [] []} {[get] [extensions] [gateways] [] []} {[watch] [extensions] [gateways] [] []} {[list] [extensions] [gateways] [] []} {[updat
e] [extensions] [gateways] [] []}] user=&{[email protected]  [system:authenticated] map[user-assertion.cloud.google.com:[AM6SrXjfbg0HWBBe3AIpt0M2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiPcawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2SC
IoE/ZeMpmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL+ARV3pTjA=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] rul
eResolutionErrors=[]
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-ingressgateway-istio-system" is forbidden: attempt to grant extra privileges: [{[get] [extensions] [thirdpartyresources] [] []} {[watch] [extensio
ns] [thirdpartyresources] [] []} {[list] [extensions] [thirdpartyresources] [] []} {[update] [extensions] [thirdpartyresources] [] []} {[get] [extensions] [virtualservices] [] []} {[watch] [extensions] [virtualservices] [] []} {[list] [extensions] [virtualservices] [] []} {[update] [extensions] [virtualservices] []
[]} {[get] [extensions] [destinationrules] [] []} {[watch] [extensions] [destinationrules] [] []} {[list] [extensions] [destinationrules] [] []} {[update] [extensions] [destinationrules] [] []} {[get] [extensions] [gateways] [] []} {[watch] [extensions] [gateways] [] []} {[list] [extensions] [gateways] [] []} {[upda
te] [extensions] [gateways] [] []}] user=&{[email protected]  [system:authenticated] map[user-assertion.cloud.google.com:[AM6SrXjfbg0HWBBe3AIpt0M2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiPcawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2S
CIoE/ZeMpmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL+ARV3pTjA=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ru
leResolutionErrors=[]
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-mixer-istio-system" is forbidden: attempt to grant extra privileges: [{[create] [config.istio.io] [*] [] []} {[get] [config.istio.io] [*] [] []} {
[list] [config.istio.io] [*] [] []} {[watch] [config.istio.io] [*] [] []} {[patch] [config.istio.io] [*] [] []} {[get] [rbac.istio.io] [*] [] []} {[list] [rbac.istio.io] [*] [] []} {[watch] [rbac.istio.io] [*] [] []} {[get] [apiextensions.k8s.io] [customresourcedefinitions] [] []} {[list] [apiextensions.k8s.io] [cus
tomresourcedefinitions] [] []} {[watch] [apiextensions.k8s.io] [customresourcedefinitions] [] []} {[get] [] [configmaps] [] []} {[list] [] [configmaps] [] []} {[watch] [] [configmaps] [] []} {[get] [] [endpoints] [] []} {[list] [] [endpoints] [] []} {[watch] [] [endpoints] [] []} {[get] [] [pods] [] []} {[list] [] [
pods] [] []} {[watch] [] [pods] [] []} {[get] [] [services] [] []} {[list] [] [services] [] []} {[watch] [] [services] [] []} {[get] [] [namespaces] [] []} {[list] [] [namespaces] [] []} {[watch] [] [namespaces] [] []} {[get] [] [secrets] [] []} {[list] [] [secrets] [] []} {[watch] [] [secrets] [] []} {[get] [extens
ions] [replicasets] [] []} {[list] [extensions] [replicasets] [] []} {[watch] [extensions] [replicasets] [] []} {[get] [apps] [replicasets] [] []} {[list] [apps] [replicasets] [] []} {[watch] [apps] [replicasets] [] []}] user=&{[email protected]  [system:authenticated] map[user-assertion.cloud.google.com:[AM
6SrXjfbg0HWBBe3AIpt0M2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiPcawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2SCIoE/ZeMpmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL+ARV3pTjA=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews self
subjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolutionErrors=[]
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-pilot-istio-system" is forbidden: attempt to grant extra privileges: [{[*] [config.istio.io] [*] [] []} {[get] [rbac.istio.io] [*] [] []} {[watch]
 [rbac.istio.io] [*] [] []} {[list] [rbac.istio.io] [*] [] []} {[*] [networking.istio.io] [*] [] []} {[*] [authentication.istio.io] [*] [] []} {[*] [apiextensions.k8s.io] [customresourcedefinitions] [] []} {[*] [extensions] [thirdpartyresources] [] []} {[*] [extensions] [thirdpartyresources.extensions] [] []} {[*] [
extensions] [ingresses] [] []} {[*] [extensions] [ingresses/status] [] []} {[create] [] [configmaps] [] []} {[get] [] [configmaps] [] []} {[list] [] [configmaps] [] []} {[watch] [] [configmaps] [] []} {[update] [] [configmaps] [] []} {[get] [] [endpoints] [] []} {[list] [] [endpoints] [] []} {[watch] [] [endpoints]
[] []} {[get] [] [pods] [] []} {[list] [] [pods] [] []} {[watch] [] [pods] [] []} {[get] [] [services] [] []} {[list] [] [services] [] []} {[watch] [] [services] [] []} {[get] [] [namespaces] [] []} {[list] [] [namespaces] [] []} {[watch] [] [namespaces] [] []} {[get] [] [nodes] [] []} {[list] [] [nodes] [] []} {[wa
tch] [] [nodes] [] []} {[get] [] [secrets] [] []} {[list] [] [secrets] [] []} {[watch] [] [secrets] [] []}] user=&{[email protected]  [system:authenticated] map[user-assertion.cloud.google.com:[AM6SrXjfbg0HWBBe3AIpt0M2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiP
cawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2SCIoE/ZeMpmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL+ARV3pTjA=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.
0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolutionErrors=[]
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-citadel-istio-system" is forbidden: attempt to grant extra privileges: [{[create] [] [secrets] [] []} {[get] [] [secrets] [] []} {[watch] [] [secr
ets] [] []} {[list] [] [secrets] [] []} {[update] [] [secrets] [] []} {[delete] [] [secrets] [] []} {[get] [] [serviceaccounts] [] []} {[watch] [] [serviceaccounts] [] []} {[list] [] [serviceaccounts] [] []} {[get] [] [services] [] []} {[watch] [] [services] [] []} {[list] [] [services] [] []}] user=&{Lukas.Lansky.4
[email protected]  [system:authenticated] map[user-assertion.cloud.google.com:[AM6SrXjfbg0HWBBe3AIpt0M2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiPcawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2SCIoE/ZeMpmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL+ARV3pTjA=]]}
ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolutionErrors=[]
Error from server (Forbidden): error when creating "https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml": clusterroles.rbac.authorization.k8s.io "istio-sidecar-injector-istio-system" is forbidden: attempt to grant extra privileges: [{[get] [*] [configmaps] [] []} {[list] [*] [configmaps] [] []} {[
watch] [*] [configmaps] [] []} {[get] [admissionregistration.k8s.io] [mutatingwebhookconfigurations] [] []} {[list] [admissionregistration.k8s.io] [mutatingwebhookconfigurations] [] []} {[watch] [admissionregistration.k8s.io] [mutatingwebhookconfigurations] [] []} {[patch] [admissionregistration.k8s.io] [mutatingweb
hookconfigurations] [] []}] user=&{[email protected]  [system:authenticated] map[user-assertion.cloud.google.com:[AM6SrXjfbg0HWBBe3AIpt0M2KvU6bP4OjuZYtVfpq/WjPf8rp6mhx4YfrIjyJfSKhTNONx719X+ERhUaheYrvL6EGQA2lFPpECFBTZq3q9dPc2AOaiPcawEvNgdUGn39ws6N2NKwW72KsL0uyDMAQM+qzP12CwwPl/mLqbRATLOtUsjVN8s95n5Wm2SCIoE/ZeM
pmcqqnppHmgrx0kgMuvpedEF2wc88UAOaUL+ARV3pTjA=]]} ownerrules=[{[create] [authorization.k8s.io] [selfsubjectaccessreviews selfsubjectrulesreviews] [] []} {[get] [] [] [] [/api /api/* /apis /apis/* /healthz /openapi /openapi/* /swagger-2.0.0.pb-v1 /swagger.json /swaggerapi /swaggerapi/* /version /version/]}] ruleResolu
tionErrors=[]

Steps to Reproduce the Problem

  1. gcloud projects create knat-test --set-as-default
  2. gcloud services enable cloudapis.googleapis.com container.googleapis.com containerregistry.googleapis.com
  3. Assign payment account to the new project unless I want to get Project knat-test cannot accept requests to compute.projects.setCommonInstanceMetadata while in an inactive billing state. Billing state may take several minutes to update. in the next step. (Does this needs to happen in GUI, by the way, or is there a command line command for that?)
  4. gcloud container clusters create knat-cluster --zone=europe-west1-b --cluster-version=latest --machine-type=n1-standard-4 --enable-autoscaling --min-nodes=1 --max-nodes=10 --enable-autorepair --scopes=service-control,service-management,compute-rw,storage-ro,cloud-platform,logging-write,monitoring-write,pubsub,datastore --num-nodes=3
  5. kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value core/account)
  6. kubectl apply --filename https://github.com/knative/serving/releases/download/v0.2.2/istio.yaml

Additional Info

Hopefully I didn't overlook any step. Thanks!

arenetworking kinbug kindoc kinquestion lifecyclrotten
Source
picture lukas-lansky
👍2

All 8 comments

Just encountered this error. When creating the clusterrolebinding, make sure the user is EXACTLY as it appears in the user field for the error. This fixed it for me.

patmagauran picture patmagauran on 5 Jan 2019
1

Just answering the comment on you 3rd step, you can use gcloud beta billing projects link [your_project_id] --billing-account=[billing_account_id]

Fryuni picture Fryuni on 6 Jan 2019
👍1

@RotatingFans Yes, thanks a lot, that was it. gcloud config get-value core/account returns account in lower case, clusterrolebinding depends on it being the same case as original. I can reproduce the original issue with current documentation for version 0.3.0, but the issue disapears when I replace --user=$(gcloud config get-value core/account) with the proper value manually.

@Fryuni Thanks, that works nicely.

lukas-lansky picture lukas-lansky on 11 Jan 2019

There is another way to get the case-sensitive value with the existing configured environment variables.

gcloud projects get-iam-policy $PROJECT | grep 'user:' | cut -d: -f2

MarkKropf picture MarkKropf on 24 Jan 2019

Issues go stale after 90 days of inactivity.
Mark the issue as fresh by adding the comment /remove-lifecycle stale.
Stale issues rot after an additional 30 days of inactivity and eventually close.
If this issue is safe to close now please do so by adding the comment /close.

Send feedback to Knative Productivity Slack channel or file an issue in knative/test-infra.

/lifecycle stale

knative-housekeeping-robot picture knative-housekeeping-robot on 22 Dec 2019

Stale issues rot after 30 days of inactivity.
Mark the issue as fresh by adding the comment /remove-lifecycle rotten.
Rotten issues close after an additional 30 days of inactivity.
If this issue is safe to close now please do so by adding the comment /close.

Send feedback to Knative Productivity Slack channel or file an issue in knative/test-infra.

/lifecycle rotten

knative-housekeeping-robot picture knative-housekeeping-robot on 21 Jan 2020

Rotten issues close after 30 days of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh by adding the comment /remove-lifecycle rotten.

Send feedback to Knative Productivity Slack channel or file an issue in knative/test-infra.

/close

knative-housekeeping-robot picture knative-housekeeping-robot on 20 Feb 2020

@knative-housekeeping-robot: Closing this issue.

In response to this:

Rotten issues close after 30 days of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh by adding the comment /remove-lifecycle rotten.

Send feedback to Knative Productivity Slack channel or file an issue in knative/test-infra.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

knative-prow-robot picture knative-prow-robot on 20 Feb 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

vagababov picture vagababov  路  3Comments
VladimirSmogitel picture VladimirSmogitel  路  7Comments
ysjjovo picture ysjjovo  路  5Comments
ZhiminXiang picture ZhiminXiang  路  3Comments
ahmetb picture ahmetb  路  5Comments