From b07bb7d3a47d0913ac805e7ae9da2a7da44e77a6 Mon Sep 17 00:00:00 2001 From: carmat88 Date: Mon, 8 Oct 2018 15:34:21 +0200 Subject: [PATCH] Adding side note about jupyter-role error Hey @dwhitena . I'm adding just a simple side note to help non highly skilled users like me to deal with an error when trying this tutorial in a different scenario. Of course if you have any preferences, please feel free to revise what I wrote (and/or its format). Hope this could be helpful for other users trying this very useful step-by-step tutorial. Cheers! --- README.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/README.md b/README.md index 755680f..7113fe5 100644 --- a/README.md +++ b/README.md @@ -139,6 +139,24 @@ tf-hub-0 ClusterIP None 8000/TCP 1m tf-hub-lb ClusterIP 10.100.25.109 80/TCP 1m tf-job-dashboard ClusterIP 10.104.119.108 80/TCP 1m ``` +*NOTE: if you are using GKE or minikube in other scenarios and getting an error while running the command `$ ks apply default -c kubeflow-core`, such as:* +``` +$ ks apply default -c kubeflow-core +INFO Applying configmaps kubeflow.kubeflow-version +INFO Creating non-existent configmaps kubeflow.kubeflow-version +INFO Applying services kubeflow.tf-hub-0 +INFO Creating non-existent services kubeflow.tf-hub-0 +INFO Applying services kubeflow.tf-hub-lb +INFO Creating non-existent services kubeflow.tf-hub-lb +INFO Applying clusterrolebindings kubeflow.centraldashboard +INFO Creating non-existent clusterrolebindings kubeflow.centraldashboard +INFO Applying roles kubeflow.jupyter-role +INFO Creating non-existent roles kubeflow.jupyter-role +ERROR handle object: creating object: creating object: roles.rbac.authorization.k8s.io "jupyter-role" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["create"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["delete"]} PolicyRule{Resources:["persistentvolumeclaims"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["persistentvolumeclaims"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["persistentvolumeclaims"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["persistentvolumeclaims"], APIGroups:[""], Verbs:["create"]} PolicyRule{Resources:["persistentvolumeclaims"], APIGroups:[""], Verbs:["delete"]} PolicyRule{Resources:["events"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["events"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["events"], APIGroups:[""], Verbs:["list"]}] user=&{matteo.carone88@gmail.com [system:authenticated] map[user-assertion.cloud.google.com:[AF1jyJAJJ/sQu2gA0l2zfozNzE254lfMkKSvgAMyFVTwdXBdHvX88uq57bG0lICNC+1wEmPb0HWziuEZqgan4oClBYl6K3XI4WIiY2K080hLDZFyRQNbGZ3Dys9aQKauKYoVZ03IjE2Ex5uJbg/2VPDuUIcDwomtfo1ltnbydUmKJ/gYEMdqjItkXY2+TzrZAuj5+9CyvJl1mchHFTLCgxUEcGEcVQ6BYIGQbLU+Y4GYP7g=]]} ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews" "selfsubjectrulesreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api" "/api/*" "/apis" "/apis/*" "/healthz" "/swagger-2.0.0.pb-v1" "/swagger.json" "/swaggerapi" "/swaggerapi/*" "/version"], Verbs:["get"]}] ruleResolutionErrors=[] +``` + +*then you need to create a ClusterRoleBinding making your self a cluster admin. For example when using GKE this can be achieved as follows:* +`kubectl create clusterrolebinding default-admin --clusterrole=cluster-admin --user="$(gcloud config get-value account --verbosity=error)"` ## 3. Deploy Pachyderm and Seldon on top of KubeFlow