[kubernetes-users] Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "client" cannot create clusterrolebindings.rbac.author
Hi All, Getting this exception : kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin [--user=username] But still getting the below stated exception.I have assigned myself owner to the project as well as provided all the necessary roles, made my cluster non legacy authorised. but still keep getting the below exception : Kindly suggest what further needs to be done. BTW I am running this in halyard container with gke cluster version above 1.8.8 Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "client" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: Unknown user "client" -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
[kubernetes-users] Re: Slow response times using default Ingress on GKE
Is there a community of Kubernetes/GCP users that is more active than this Google Group? On Wednesday, April 18, 2018 at 5:14:28 PM UTC-7, Dave Jensen wrote: > > We have what I believe to be a very straightforward ingress setup on GKE. > However, we started noticing random slowdowns almost immediately. On > further investigation it looked like the time to first byte (TTFB) was very > slow (1 - 3 seconds) but sporadically. Sometimes it would be a pre-flight > OPTIONS request, sometimes an application request, and other times on > static files. Even the echoserver would sporadically have a long TTFB. > > I set up a portforward to one of the pods serving up our REST API server. > Sure enough, the slowdown was eliminated. > > Before I go down the rabbit hole of trying other ingress controllers, I > figured I'd ask the community if I was doing something wrong. > > ingress.yaml > > apiVersion: extensions/v1beta1 > kind: Ingress > metadata: > name: brewd-ingress > spec: > tls: > - hosts: > - stage-api2.example.com > - stage-app2.example.com > - stage-echo.example.com > secretName: redacted > rules: > - host: stage-api2.example.com > http: > paths: > - backend: > serviceName: gateway-service > servicePort: 7000 > - host: stage-app2.example.com > http: > paths: > - backend: > serviceName: web-service > servicePort: 8080 > - host: stage-echo.example.com > http: > paths: > - backend: > serviceName: echoserver > servicePort: 8080 > > gateway-service.yaml > apiVersion: v1 > kind: Service > metadata: > name: gateway-service > labels: > app: gateway > spec: > type: NodePort > ports: > - port: 7000 > selector: > app: gateway > --- > apiVersion: apps/v1beta2 > kind: Deployment > metadata: > name: gateway-deployment > spec: > selector: > matchLabels: > app: gateway > replicas: 1 > template: > metadata: > labels: > app: gateway > spec: > containers: > - name: gateway > image: us.gcr.io/redacted/gateway:1.3.0-rc.0 > imagePullPolicy: Always > ports: > - containerPort: 7000 > env: > - name: REDACTED_ENV > value: stage > > The web-service yaml looks almost exactly the same as the above. > -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
Re: [kubernetes-users] Disappearing k8s master
Also, I'd highly recommend open a bug in k8s repo in github. The responses are much faster there. If you happen to do that, please let me know or better copy me. I am @miyurz there. On Sun, Apr 22, 2018 at 1:20 AM, Mayur Nagekarwrote: > Can you login into the master and run `docker images` and `docker ps -a` ? > is the control plane intact/sane ? > > On Sat, Apr 21, 2018 at 2:05 PM, wrote: > >> On Saturday, April 21, 2018 at 10:31:24 AM UTC+2, he...@andrewhowden.com >> wrote: >> > I0421 10:27:53.953721 620 round_trippers.go:417] curl -k -v -XGET >> -H "Accept: application/json, */*" -H "User-Agent: kubectl/v1.8.6 >> (linux/amd64) kubernetes/6260bb0" https://104.155.__XXX__.__XXX__/api >> >> Obligatorily, I have actually checked that IP is the one I intended to >> connect to. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Kubernetes user discussion and Q" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to kubernetes-users+unsubscr...@googlegroups.com. >> To post to this group, send email to kubernetes-users@googlegroups.com. >> Visit this group at https://groups.google.com/group/kubernetes-users. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > > Thanks, > > Mayur > -- Thanks, Mayur -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
Re: [kubernetes-users] Disappearing k8s master
Can you login into the master and run `docker images` and `docker ps -a` ? is the control plane intact/sane ? On Sat, Apr 21, 2018 at 2:05 PM,wrote: > On Saturday, April 21, 2018 at 10:31:24 AM UTC+2, he...@andrewhowden.com > wrote: > > I0421 10:27:53.953721 620 round_trippers.go:417] curl -k -v -XGET > -H "Accept: application/json, */*" -H "User-Agent: kubectl/v1.8.6 > (linux/amd64) kubernetes/6260bb0" https://104.155.__XXX__.__XXX__/api > > Obligatorily, I have actually checked that IP is the one I intended to > connect to. > > -- > You received this message because you are subscribed to the Google Groups > "Kubernetes user discussion and Q" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to kubernetes-users+unsubscr...@googlegroups.com. > To post to this group, send email to kubernetes-users@googlegroups.com. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. > -- Thanks, Mayur -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
[kubernetes-users] Slow command on kubectl
Hola Christian; That means that the kubetl client is not able to make a connection to the kube apiserver. I think, when enabled, the non TLS port is exposed over local host for that service? At any rate, it's worth: - checking that the kube-apiserver is running, and is configured to listen on that port - there are no firewalls in place between the client (kubectl) and the kube-apiserver If you run kubectl get pods -v=9 Kubectl will show you a cURL command you can use to further debug the issue. -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
[kubernetes-users] Slow command on kubectl
Hi i'm triing to made a cluster on kubernetes but same times (like today) it give me to every kubernetes command: Unable to connect to the server: dial tcp 192.168.0.101:6443: i/o timeout Someone know how to fix this? -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
Re: [kubernetes-users] Disappearing k8s master
On Saturday, April 21, 2018 at 10:31:24 AM UTC+2, he...@andrewhowden.com wrote: > I0421 10:27:53.953721 620 round_trippers.go:417] curl -k -v -XGET -H > "Accept: application/json, */*" -H "User-Agent: kubectl/v1.8.6 (linux/amd64) > kubernetes/6260bb0" https://104.155.__XXX__.__XXX__/api Obligatorily, I have actually checked that IP is the one I intended to connect to. -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
Re: [kubernetes-users] Disappearing k8s master
On Saturday, April 21, 2018 at 10:25:59 AM UTC+2, Mayur Nagekar wrote: > Whats the output of kubectl get nodes ? __USER_NAME__@__PROJECT_NAME__:~$ kubectl get nodes -v=9 I0421 10:27:53.952335 620 loader.go:357] Config loaded from file /home/__USER_NAME__/.kube/config I0421 10:27:53.953721 620 round_trippers.go:417] curl -k -v -XGET -H "Accept: application/json, */*" -H "User-Agent: kubectl/v1.8.6 (linux/amd64) kubernetes/6260bb0" https://104.155.__XXX__.__XXX__/api I0421 10:28:23.958470 620 round_trippers.go:436] GET https://104.155.__XXX__.__XXX__/api in 30004 milliseconds I0421 10:28:23.958494 620 round_trippers.go:442] Response Headers: I0421 10:28:23.958559 620 cached_discovery.go:126] skipped caching discovery info due to Get https://104.155.__XXX__.__XXX__/api: dial tcp 104.155.__XXX__.__XXX__:443: i/o timeout I0421 10:28:23.958586 620 helpers.go:225] Connection error: Get https://104.155.__XXX__.__XXX__/api: dial tcp 104.155.__XXX__.__XXX__:443: i/o timeout F0421 10:28:23.958602 620 helpers.go:120] Unable to connect to the server: dial tcp 104.155.__XXX__.__XXX__:443: i/o timeout __${FOO}__ <-- Something that was sanitized. -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
Re: [kubernetes-users] Disappearing k8s master
Whats the output of kubectl get nodes ? On Sat, Apr 21, 2018 at 1:53 PM,wrote: > Hola All, > > I am struggling with a bug currently that I don't reaaaly know how to > resolve. In essence, my k8s master has disappeared. > > Specifically, it's not available: > > - Via kubectl > - In the admin panel > - To the (single) node within the cluster > > All signs point to it being switched off, or separated by a network > partition. However, I'm not 100% sure how to debug such a case. > > Firstly, it's a personal account -- this particular cluster is "fine" > (read: I feel stupid when people say my website is down but other than > that), but I also use these in a professional capacity, for larger > workloads -- that's suuper scary. > > Secondly, it's a cluster that only runs preemptable nodes. They're way > cheaper and I don't care about small downtimes. > > From monitoring, it looks like it died on ~ April 13, 6:19 PM (I think > AEST?). The cluster itself is fairly talkative until 2018-03-13 10:24:27 > where it no longer logs anything further, or logs are dropped. I would > guess the former -- the incident will happen as the node gets rotated out, > not when the master dies. > > I'm kiiind of at a loss. It's all still remaining there if a helpful > Google Cloud person visits these forums (I want to understand the root > cause so it doesn't happen to other, more important accounts) -- but has > anyone else seen this? > > -- > You received this message because you are subscribed to the Google Groups > "Kubernetes user discussion and Q" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to kubernetes-users+unsubscr...@googlegroups.com. > To post to this group, send email to kubernetes-users@googlegroups.com. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. > -- Thanks, Mayur -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.
[kubernetes-users] Disappearing k8s master
Hola All, I am struggling with a bug currently that I don't reaaaly know how to resolve. In essence, my k8s master has disappeared. Specifically, it's not available: - Via kubectl - In the admin panel - To the (single) node within the cluster All signs point to it being switched off, or separated by a network partition. However, I'm not 100% sure how to debug such a case. Firstly, it's a personal account -- this particular cluster is "fine" (read: I feel stupid when people say my website is down but other than that), but I also use these in a professional capacity, for larger workloads -- that's suuper scary. Secondly, it's a cluster that only runs preemptable nodes. They're way cheaper and I don't care about small downtimes. >From monitoring, it looks like it died on ~ April 13, 6:19 PM (I think AEST?). >The cluster itself is fairly talkative until 2018-03-13 10:24:27 where it no >longer logs anything further, or logs are dropped. I would guess the former -- >the incident will happen as the node gets rotated out, not when the master >dies. I'm kiiind of at a loss. It's all still remaining there if a helpful Google Cloud person visits these forums (I want to understand the root cause so it doesn't happen to other, more important accounts) -- but has anyone else seen this? -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.