[kubernetes-users] Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "client" cannot create clusterrolebindings.rbac.author

[Kubernetes user discussion and Q]

Hi All,

Getting this exception :

kubectl create clusterrolebinding cluster-admin-binding 
--clusterrole=cluster-admin [--user=username]


But still getting the below stated exception.I have assigned myself owner 
to the project as well as provided all the necessary roles, made my cluster 
non legacy authorised. but still keep getting the below exception : Kindly 
suggest what further needs to be done. BTW I am running this in halyard 
container with gke cluster version above 1.8.8

Error from server (Forbidden): 
clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "client" 
cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster 
scope: Unknown user "client"

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] Re: Slow response times using default Ingress on GKE

[Dave Jensen]

Is there a community of Kubernetes/GCP users that is more active than this 
Google Group?

On Wednesday, April 18, 2018 at 5:14:28 PM UTC-7, Dave Jensen wrote:
>
> We have what I believe to be a very straightforward ingress setup on GKE. 
> However, we started noticing random slowdowns almost immediately. On 
> further investigation it looked like the time to first byte (TTFB) was very 
> slow (1 - 3 seconds) but sporadically. Sometimes it would be a pre-flight 
> OPTIONS request, sometimes an application request, and other times on 
> static files. Even the echoserver would sporadically have a long TTFB.
>
> I set up a portforward to one of the pods serving up our REST API server. 
> Sure enough, the slowdown was eliminated. 
>
> Before I go down the rabbit hole of trying other ingress controllers, I 
> figured I'd ask the community if I was doing something wrong.
>
> ingress.yaml
>
> apiVersion: extensions/v1beta1
> kind: Ingress
> metadata:
>   name: brewd-ingress
> spec:
>   tls:
>   - hosts:
> - stage-api2.example.com
> - stage-app2.example.com
> - stage-echo.example.com
> secretName: redacted
>   rules:
>   - host: stage-api2.example.com
> http:
>   paths:
>   - backend:
>   serviceName: gateway-service
>   servicePort: 7000
>   - host: stage-app2.example.com
> http:
>   paths:
>   - backend:
>   serviceName: web-service
>   servicePort: 8080
>   - host: stage-echo.example.com
> http:
>   paths:
> - backend:
> serviceName: echoserver
> servicePort: 8080
>
> gateway-service.yaml
> apiVersion: v1
> kind: Service
> metadata:
>   name: gateway-service
>   labels: 
> app: gateway
> spec:
>   type: NodePort
>   ports:
>   - port: 7000
>   selector:
> app: gateway
> ---
> apiVersion: apps/v1beta2
> kind: Deployment
> metadata:
>   name: gateway-deployment
> spec:
>   selector:
> matchLabels:
>   app: gateway
>   replicas: 1
>   template:
> metadata:
>   labels:
> app: gateway
> spec:
>   containers:
>   - name: gateway
> image: us.gcr.io/redacted/gateway:1.3.0-rc.0
> imagePullPolicy: Always
> ports:
> - containerPort: 7000
> env:
> - name: REDACTED_ENV
>   value: stage
>
> The web-service yaml looks almost exactly the same as the above.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Disappearing k8s master

[Mayur Nagekar]

Also, I'd highly recommend open a bug in k8s repo in github. The responses
are much faster there.
If you happen to do that, please let me know or better copy me. I am
@miyurz there.

On Sun, Apr 22, 2018 at 1:20 AM, Mayur Nagekar 
wrote:

> Can you login into the master and run `docker images` and `docker ps -a` ?
> is the control plane intact/sane ?
>
> On Sat, Apr 21, 2018 at 2:05 PM,  wrote:
>
>> On Saturday, April 21, 2018 at 10:31:24 AM UTC+2, he...@andrewhowden.com
>> wrote:
>> > I0421 10:27:53.953721 620 round_trippers.go:417] curl -k -v -XGET
>> -H "Accept: application/json, */*" -H "User-Agent: kubectl/v1.8.6
>> (linux/amd64) kubernetes/6260bb0" https://104.155.__XXX__.__XXX__/api
>>
>> Obligatorily, I have actually checked that IP is the one I intended to
>> connect to.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Kubernetes user discussion and Q" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to kubernetes-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to kubernetes-users@googlegroups.com.
>> Visit this group at https://groups.google.com/group/kubernetes-users.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
>
> Thanks,
>
> Mayur
>



-- 

Thanks,

Mayur

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Disappearing k8s master

[Mayur Nagekar]

Can you login into the master and run `docker images` and `docker ps -a` ?
is the control plane intact/sane ?

On Sat, Apr 21, 2018 at 2:05 PM,  wrote:

> On Saturday, April 21, 2018 at 10:31:24 AM UTC+2, he...@andrewhowden.com
> wrote:
> > I0421 10:27:53.953721 620 round_trippers.go:417] curl -k -v -XGET
> -H "Accept: application/json, */*" -H "User-Agent: kubectl/v1.8.6
> (linux/amd64) kubernetes/6260bb0" https://104.155.__XXX__.__XXX__/api
>
> Obligatorily, I have actually checked that IP is the one I intended to
> connect to.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>



-- 

Thanks,

Mayur

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] Slow command on kubectl

[hello]

Hola Christian; 

That means that the kubetl client is not able to make a connection to the kube 
apiserver. I think, when enabled, the non TLS port is exposed over local host 
for that service? 

At any rate, it's worth:

- checking that the kube-apiserver is running, and is configured to listen on 
that port 
- there are no firewalls in place between the client (kubectl) and the 
kube-apiserver

If you run 

kubectl get pods -v=9

Kubectl will show you a cURL command you can use to further debug the issue. 

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] Slow command on kubectl

[cristianmonti1995]

Hi i'm triing to made a cluster on kubernetes but same times (like today) it 
give me to every kubernetes command:

Unable to connect to the server: dial tcp 192.168.0.101:6443: i/o timeout

Someone know how to fix this?

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Disappearing k8s master

[hello]

On Saturday, April 21, 2018 at 10:31:24 AM UTC+2, he...@andrewhowden.com wrote:
> I0421 10:27:53.953721 620 round_trippers.go:417] curl -k -v -XGET  -H 
> "Accept: application/json, */*" -H "User-Agent: kubectl/v1.8.6 (linux/amd64) 
> kubernetes/6260bb0" https://104.155.__XXX__.__XXX__/api

Obligatorily, I have actually checked that IP is the one I intended to connect 
to.

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Disappearing k8s master

[hello]

On Saturday, April 21, 2018 at 10:25:59 AM UTC+2, Mayur Nagekar wrote:
> Whats the output of kubectl get nodes ?

__USER_NAME__@__PROJECT_NAME__:~$ kubectl get nodes -v=9



I0421 10:27:53.952335 620 loader.go:357] Config loaded from file 
/home/__USER_NAME__/.kube/config
I0421 10:27:53.953721 620 round_trippers.go:417] curl -k -v -XGET  -H 
"Accept: application/json, */*" -H "User-Agent: kubectl/v1.8.6 (linux/amd64) 
kubernetes/6260bb0" https://104.155.__XXX__.__XXX__/api
I0421 10:28:23.958470 620 round_trippers.go:436] GET 
https://104.155.__XXX__.__XXX__/api  in 30004 milliseconds
I0421 10:28:23.958494 620 round_trippers.go:442] Response Headers:
I0421 10:28:23.958559 620 cached_discovery.go:126] skipped caching 
discovery info due to Get https://104.155.__XXX__.__XXX__/api: dial tcp 
104.155.__XXX__.__XXX__:443: i/o timeout
I0421 10:28:23.958586 620 helpers.go:225] Connection error: Get 
https://104.155.__XXX__.__XXX__/api: dial tcp 104.155.__XXX__.__XXX__:443: i/o 
timeout
F0421 10:28:23.958602 620 helpers.go:120] Unable to connect to the server: 
dial tcp 104.155.__XXX__.__XXX__:443: i/o timeout

__${FOO}__ <-- Something that was sanitized.

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Re: [kubernetes-users] Disappearing k8s master

[Mayur Nagekar]

Whats the output of kubectl get nodes ?

On Sat, Apr 21, 2018 at 1:53 PM,  wrote:

> Hola All,
>
> I am struggling with a bug currently that I don't reaaaly know how to
> resolve. In essence, my k8s master has disappeared.
>
> Specifically, it's not available:
>
> - Via kubectl
> - In the admin panel
> - To the (single) node within the cluster
>
> All signs point to it being switched off, or separated by a network
> partition. However, I'm not 100% sure how to debug such a case.
>
> Firstly, it's a personal account -- this particular cluster is "fine"
> (read: I feel stupid when people say my website is down but other than
> that), but I also use these in a professional capacity, for larger
> workloads -- that's suuper scary.
>
> Secondly, it's a cluster that only runs preemptable nodes. They're way
> cheaper and I don't care about small downtimes.
>
> From monitoring, it looks like it died on ~ April 13, 6:19 PM (I think
> AEST?). The cluster itself is fairly talkative until 2018-03-13 10:24:27
> where it no longer logs anything further, or logs are dropped. I would
> guess the former -- the incident will happen as the node gets rotated out,
> not when the master dies.
>
> I'm kiiind of at a loss. It's all still remaining there if a helpful
> Google Cloud person visits these forums (I want to understand the root
> cause so it doesn't happen to other, more important accounts) -- but has
> anyone else seen this?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Kubernetes user discussion and Q" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to kubernetes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to kubernetes-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/kubernetes-users.
> For more options, visit https://groups.google.com/d/optout.
>



-- 

Thanks,

Mayur

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

[kubernetes-users] Disappearing k8s master

[hello]

Hola All,

I am struggling with a bug currently that I don't reaaaly know how to resolve. 
In essence, my k8s master has disappeared. 

Specifically, it's not available:

- Via kubectl
- In the admin panel
- To the (single) node within the cluster

All signs point to it being switched off, or separated by a network partition. 
However, I'm not 100% sure how to debug such a case.

Firstly, it's a personal account -- this particular cluster is "fine" (read: I 
feel stupid when people say my website is down but other than that), but I also 
use these in a professional capacity, for larger workloads -- that's suuper 
scary.

Secondly, it's a cluster that only runs preemptable nodes. They're way cheaper 
and I don't care about small downtimes.

>From monitoring, it looks like it died on ~ April 13, 6:19 PM (I think AEST?). 
>The cluster itself is fairly talkative until 2018-03-13 10:24:27 where it no 
>longer logs anything further, or logs are dropped. I would guess the former -- 
>the incident will happen as the node gets rotated out, not when the master 
>dies.

I'm kiiind of at a loss. It's all still remaining there if a helpful Google 
Cloud person visits these forums (I want to understand the root cause so it 
doesn't happen to other, more important accounts) -- but has anyone else seen 
this?

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.