This post was originally published on this site
I stood up my first ever GKE cluster! Woo, go me!
However when I was trying to setup Tanzu Service Mesh, I hit issues such as:
Error from server (Forbidden): error when creating "operator-deployment.yaml": roles.rbac.authorization.k8s.io is forbidden: User "email@example.com" cannot create resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "vmware-system-tsm": requires one of ["container.roles.create"] permission(s).
This is because your initial Kubernetes login has no cluster level permissions, due to the RBAC setup.
You need to create some new Cluster Level roles and bind to them with your account, or use the existing ones.
As this is a demo environment. I just bound my account to the out-of-the-box cluster-admin ClusterLevelRole (that is a mouthful!).
kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=[gcp user email] # Example kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --firstname.lastname@example.org
If you need to double check with google account you are using, you can run:
gcloud info | grep Account
The post GKE – User cannot create resource – requires one of [“container.roles.create”] permission(s) appeared first on vEducate.co.uk.