google-kubernetes-engine

问题 I provisioned a managed GKE cluster (Kubernetes version 1.9.4-gke.1) with basic authentication disabled . When i try to create RBAC configuration (for running my ingress controller) I get a following error: Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "XXX@gmail.com" cannot create clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: Required "container.clusterRoleBindings.create" permission. I found two related questions: GKE

问题 Is there any advantage if I use Cloud Run instead of deploying a normal service/container in GKE? 回答1: I will try to add my perspective. This answer does not cover running containers in Google Cloud Run Kubernetes. The reason is that we wanted an almost zero cost solution for a legacy PHP website. Cloud Run fit perfectly and we had an easy time both porting the code and learning Cloud Run. We needed to do something with a legacy PHP website. This website was running on Windows Server 2012,

问题 I Have a pod that needs to connect to a Database located on GCE Vm's with the same subnet as the GKE nodes. I currently have a k8 Service and k8 Endpoint that the pod successfully connects to but the 10.128.0.2 cannot be routed. Im sure this pertains to a GCP firewall rule/route but I havn't had much luck. subnet -> 10.128.0.0/9 cbr0 -> 10.8.15.0/20 eth0 -> 10.128.0.1 k8 services -> 10.11.224/14 Master Version: 1.9.7-gke.3 kind: Endpoints apiVersion: v1 metadata: name: externalDB namespace:

问题 From the developer console, I want to disable Google Cloud Deployment Manager API, Google Compute Engine Autoscaler API, Google Compute Engine Instance Group Manager API, Google Compute Engine Instance Groups API, Google Container Engine API. However, those API cannot be disabled. When I disable the service, it show message to me that the api is disabled. However, after some time, they will be turned on again! I don't use compute engine or container engine. How can I disable those APIs? 回答1:

问题 I am trying to configure my GKE cluster to pull from a private GCR repo in the same project. I am not using OAuth scopes but have associated a least privilege service account with the default node pool and provided it with the roles/storage.objectViewer permission. However, I am still receiving the following when trying to access this image: Failed to pull image "eu.gcr.io/<project>/<image>": rpc error: code = Unknown desc = Error response from daemon: unauthorized: You don't have the needed

问题 I would like to mount Google storage bucket in Google Container Engine using gcafuse or any other tool/other provision. The container runs under Google container engine So,we need to use yaml file to define few parameters in it. If there is any kind of thing that can be used in .yaml file to build new replication controller/service using privileged and sys_admin or any other required parameters in it. 回答1: We can use gcsfuse or s3fuse to mount Google Storage bucket in Kubernetes pod/Container

问题 Below is how I am using kunbernetes on google. I have one node application let's say Book-portal . node app is using environment variables for configurations . Step1: I created docker file and pushed gcr.io/<project-id>/book-portal:v1 Step2: deployed with following commands kubectl run book-portal --image=gcr.io/<project-id>/book-portal:v1 --port=5555 --env ENV_VAR_KEY1=value1 --env ENV_VAR_KEY2=value2 --env ENV_VAR_KEY3=value3 Step3: kubectl expose deployment book-portal --type="LoadBalancer

问题 As in title. I want to clone (create a copy of existing cluster). If it's not possible to copy/clone Google Container Engine cluster, then how to clone Kubernetes cluster? If that's not possible, is there a way to dump the whole cluster config? Note: I try to modify the cluster's configs by calling: kubectl apply -f some-resource.yaml But nothing stops me/other employee modifying the cluster by running: kubectl edit service/resource Or setting properties from command line kubectl calls. 回答1:

问题 Does anyone know how to import the data inside my dump.sql file to a kubernetes pod either; Directly,same way as you dealing with docker containers: docker exec -i container_name mysql -uroot --password=secret database < Dump.sql Or using the data stored in an existing docker container volume and pass it to the pod . 回答1: Just if other people are searching for this : kubectl -n namespace exec -i my_sql_pod_name -- mysql -u user -ppassword < my_local_dump.sql 回答2: To answer your specific

问题 I have a docker image pushed to Container Registry with docker push gcr.io/go-demo/servertime and a pod created with kubectl run servertime --image=gcr.io/go-demo-144214/servertime --port=8080 . How can I enable automatic update of the pod everytime I push a new version of the image? 回答1: I would suggest switching to some kind of CI to manage the process, and instead of triggering on docker push triggering the process on pushing the commit to git repository. Also if you switch to using a