faint-motherboard-95438
12/11/2018, 4:57 PMerror: Plan apply failed: ingresses.extensions is forbidden: User "REDACTED" cannot create ingresses.extensions in the namespace "default": Required "container.ingresses.create" permission.
(same problem for a pulumi refresh
related to the permission container.ingresses.get
)
given that :
- the user showed here is the right one with more permissions than needed assigned to it (container.admin
and editor
amongst them, which are more than enough)
- gcloud auth
and gcloud config
show me the right account is selected
- the key exported by GOOGLE_APPLICATION_CREDENTIALS
is also the right one for this user (I even compared the id with the one in the web console to be sure)
- the pulumi stack selected is the right one too
I definitely have something wrong here, but I can’t spot it and I didn’t change a thing related to the service account or auth related.kubectl
config..big-piano-35669
const config = new pulumi.Config();
const kubeconfig = config.require("kubeconfig");
const provider = new k8s.Provider("k8s", { kubeconfig });
const service = new k8s.v1.core.Service(..., { provider });
This configures an explicit Kubernetes provider that uses kubeconfig supplied via the Pulumi configuration system. All resources that use it (note the ..., { provider }
bit) will then target your kubeconfig, not the ambient kubectl
one. You can similarly specify cluster
or context
.
I'm not sure if there's a way to set the stack-wide config in the same manner, however, e.g.
$ cat kubeconfig.json | \
pulumi config set kubernetes:kubeconfig --
(or cluster
, or context
...)
@creamy-potato-29402 @gorgeous-egg-16927 Is this currently possible?gorgeous-egg-16927
12/12/2018, 6:01 AMfaint-motherboard-95438
12/12/2018, 10:04 AMgcloud
tool.