Open mann1mal opened 5 years ago
@mann1mal Is this issue still relevant?
@rocknes yes, the issue is still relevant. When following the directions in the CSE documentation to create a new service account to use with PKS, that user does not have sufficient scope to perform the required actions.
Hi Joe,
Creation of compute profile requires the scope "pks.clusters.admin". This scope is missing from our documentation.
Please refer http://docs-pcf-staging.cfapps.io/pks/1-6/uaa-scopes.html for now until we fix our documentation.
Thanks Sahithi
Thanks Sahithi!
Following the directions from the CSE docs to create a PKS Service Account to use to enable an OvDC for Enterprise PKS:
When using this service account in the
pks-config.yaml,
enabling the OVDC fails with the following error:Looking at the
cse-server-debug
log, we see the following error string:Appears to be an issue with the permissions (or scope) on the service account I created according to the CSE documentation.
After using the default admin user created upon PKS install in the
pks-config.yaml,
I am able to enable the OvDC as expected:Not sure if this is user error or doc bug, please let me know if you require any additional information, thank you!