Adding Users / Roles / Rolebinding

[alyssakelley]

I made a new pull request so we only focused on the namespace and resourcequota in the other one, as you mentioend. Here I am trying to add glcoud users as we talked about, and following the instructions on the article, but I am getting errors telling me that the commands I am trying to run are invalid gcloud choices. This starts on line 198.

[oliverdain]

Here I am trying to add glcoud users as we talked about...

Sorry - comments on the other PR about the gcloud user stuff before I saw this. Feel free to ignore those.

Something a little funny happened to this PR: it shows up as only 1 commit but includes all the stuff from #7 and some more so maybe you copied the stuff into your new branch first???

I think you're going to be at code chops on Tuesday, right? Maybe we'll just go over the PRs and debug your errors live then?

Again - sorry for not having enough time to do this quickly...

[alyssakelley]

I feel like I might be going in circles with this code right now, but I was still working on adding the gcloud user which we talked about on Sunday, 4/7, and I'm unsure why this would be incorrect since I can see the service accounts being created, maybe we can talk about this tonight when we meet. Also, I had a chunk of commented out code (line 203-217) that is another way I saw to make a service account, so maybe that is the correct approach instead of the one liner I have on 219. Also, I have been seeing the creation of the service account in the format of ending with .iam.gserviceaccount.com instead of a specific email address, and so this is what I have been doing, but should this be the group_user email that is passed in as an argument from each Hack For A Cause team?

For the role and rolebinding, I created the files, and when opening and looking at them, they seem correct, but when I am actually trying to apply them, I get different errors. For instance, "error: error validating "test-2_role.yml": error validating data: [ValidationError(Role.rules[0].apiGroups): invalid type for io.k8s.api.rbac.v1.PolicyRule.apiGroups: got "string", expected "array", ValidationError(Role.rules[0]): unknown field "resourses" in io.k8s.api.rbac.v1.PolicyRule]; if you choose to ignore these errors, turn validation off with --validate=false" but I thought I was formatting it as an array and when it creates the file and I open it, it shows like this:

apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: alyssak@uoregon.edu namespace: test-2 rules:

• apiGroups: '' resourses:
  • pods verbs:
  • get
  • watch
  • list

In regards to getting the access token, I read online that you can specify what config you are trying to view so that is what I did on line 159 but I am not sure if this is accurate since the keys are still looking the same when I "view" different things.