google-kubernetes-engine

We are using elasticsearch/kibana instead of gcp for logging (based on what is described here ). To have fluentd-elsticsearch pod's launched we've set LOGGING_DESTINATION=elasticsearch and ENABLE_NODE_LOGGING="true" in the "Compute Instance Template" -> "Custom metadata" -> "kube-env". While this works fine when done manually it gets overwritten with every gcloud container clusters upgrade as a new Instance Template with defaults ( LOGGING_DESTINATION=gcp ...) is created. My question is: How do I persist this kind of configuration for GKE/GCE? I thought about adding a k8s-user-startup-script

I would like to avoid using type: "LoadBalancer" for a certain Kubernetes Service, but still to be able to publish it on the Internet. I am using Google Cloud Platform (GCP) to run a Kubernetes cluster currently running on a single node. I tried to us the externalIPs Service configuration and to give at turns, the IPs of: the instance hosting the Kubernetes cluster (External IP; which also conincides with the IP address of the Kubernetes node as reported by kubernetes describe node ) the Kubernetes cluster endpoint (as reported by the Google Cloud Console in the details of the cluster) the

From a VM in GCE, I did the following gcloud auth activate-service-account --key-file <blah> # "blah" is a service account key file (JSON) I generated from the web interface gcloud config set project <project-name> gcloud config set compute/zone <zone-name> gcloud set container/cluster <cluster-name> Then when I tried to run gcloud container clusters get-credentials <cluster-name> and it failed with the error message: Error message: "ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Request had insufficient authentication scopes." The VM is on the same network

Failed to create clusterroles. <> already assigned as the roles of "container engine admin" & "container engine cluster admin" Error from server (Forbidden): error when creating "prometheus- operator/prometheus-operator-cluster-role.yaml": clusterroles.rbac.authorization.k8s.io "prometheus-operator" is forbidden: attempt to grant extra privileges: [{[create] [extensions] [thirdpartyresources] [] []} {[*] [monitoring.coreos.com] [alertmanagers] [] []} {[*] [monitoring.coreos.com] [prometheuses] [] []} {[*] [monitoring.coreos.com] [servicemonitors] [] []} {[*] [apps] [statefulsets] [] []} {[*] [

I'm currently using Kubernetes on GKE to serve the various parts of my product on different subdomains with the Ingress resource. For example: api.mydomain.com , console.mydomain.com , etc. ingress.yml (current) : apiVersion: extensions/v1beta1 kind: Ingress metadata: name: ingress spec: rules: - host: api.mydomain.com http: paths: - backend: serviceName: api-service servicePort: 80 - host: console.mydomain.com http: paths: - backend: serviceName: console-service servicePort: 80 That works wonderfully, with the L7 GCE load balancer routing to the appropriate places. What I would like to do,