Hi, i have been trying to deploy prefect on Google kubernetes, I have generated manifest file using command prefect agent kubernetes install --rbac -k my_key so when i try to deploy using skafold file build fails every time with this error Starting deploy... - deployment.apps/prefect-agent created - Error from server (Forbidden): error when creating "STDIN": roles.rbac.authorization.k8s.io is forbidden: User "468642734279@cloudbuild.gserviceaccount.com" cannot create resource "roles" in API group "rbac.authorization.k8s.io" in the namespace "default": requires one of ["container.roles.create"] permission(s). - Error from server (Forbidden): error when creating "STDIN": rolebindings.rbac.authorization.k8s.io is forbidden: User "468642734279@cloudbuild.gserviceaccount.com" cannot create resource "rolebindings" in API group "rbac.authorization.k8s.io" in the namespace "default": requires one of ["container.roleBindings.create"] permission(s). kubectl apply: exit status 1

@Aqib Fayyaz The

--rbac

is creating a

Role

with permissions for Prefect to create Kubernetes jobs, monitor and delete them, and it also creates a

RoleBinding

that grants permissions that were defined in the Role to the the default service account. However, for you it looks like you don’t have permissions to do that. Could it be that you need to enable some API in GCP for it, or that your permissions are somehow restricted? Apart from that, I could recommend checking this great blog post that shows how to manually create the Role and RoleBinding for Prefect.

than how this command works? prefect agent kubernetes install -k API_KEY | kubectl apply --namespace=my-namespace -f is this not creating role or rolebinding?

You’re right @Aqib Fayyaz, so this blog post is using an older Prefect version. The easiest way around it is to have a look at what resources will get created by only running the first part before |

prefect agent kubernetes install --rbac -k YOUR_KEY

This will show the YAML definition of the: • deployment • role • role binding and if you then pipe apply after that, this YAML definition will be applied to the cluster:

prefect agent kubernetes install --rbac --key API_KEY | kubectl apply --namespace=YOUR_NAMESPACE -f -

Great this is working using kubctl commands but not using skafold.yaml

Sorry, what is skafold.yaml? If you want to just apply some declarative manifest to Kubernetes cluster, you can run:

kubectl apply -f ./skafold.yaml

Skaffold is a command line tool that facilitates continuous development for Kubernetes-native applications. Skaffold handles the workflow for building, pushing, and deploying your application, and provides building blocks for creating CI/CD pipelines

sorry, never used that. Perhaps someone from the community can chime in and help.

ok so one last thing instead of referring this default image image: prefecthq/prefect:0.15.6-python3.6 can i refer my docker file which is present locally in my pc that contains everyting like my python code and prefect etc?

I think so, yes. As long as it uses base Prefect image, it should be fine. So it’s best if you modify the auto-generated YAML and apply it separately.

I think using a local image will not work because the Kubernetes Cluster on GKE will need access to pull it and it might not be able to pull it from local.

yeah so what i am doing i am pushing the image first to gcr and then i am trying to referring it from gcr

@Kevin Kho is right. Additionally, this deployment is only for the agent, you can still push the image to a container image repository like GCR and use it in your flows in

KubernetesRun