kelseyhightower/istio-install.sh

## istio-install.sh
$ kubectl apply -f install/kubernetes/istio-rbac-beta.yaml
rolebinding "istio-pilot-admin-role-binding" created
rolebinding "istio-ca-role-binding" created
rolebinding "istio-ingress-admin-role-binding" created
rolebinding "istio-sidecar-role-binding" created
Error from server (Forbidden): error when creating "install/kubernetes/istio-rbac-beta.yaml": clusterroles.rbac.authorization.k8s.io "istio-pilot" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["istioconfigs"], APIGroups:["istio.io"], Verbs:["*"]} PolicyRule{Resources:["istioconfigs.istio.io"], APIGroups:["istio.io"], Verbs:["*"]} PolicyRule{Resources:["thirdpartyresources"], APIGroups:["extensions"], Verbs:["*"]} PolicyRule{Resources:["thirdpartyresources.extensions"], APIGroups:["extensions"], Verbs:["*"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["*"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["*"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["*"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["*"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["*"]}] user=&{kelsey.hightower@gmail.com  [system:authenticated] map[]} ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api" "/api/*" "/apis" "/apis/*" "/healthz" "/swaggerapi" "/swaggerapi/*" "/version"], Verbs:["get"]}] ruleResolutionErrors=[]
Error from server (Forbidden): error when creating "install/kubernetes/istio-rbac-beta.yaml": clusterroles.rbac.authorization.k8s.io "istio-ca" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["create"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["serviceaccounts"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["serviceaccounts"], APIGroups:[""], Verbs:["list"]}] user=&{kelsey.hightower@gmail.com  [system:authenticated] map[]} ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api" "/api/*" "/apis" "/apis/*" "/healthz" "/swaggerapi" "/swaggerapi/*" "/version"], Verbs:["get"]}] ruleResolutionErrors=[]
Error from server (Forbidden): error when creating "install/kubernetes/istio-rbac-beta.yaml": clusterroles.rbac.authorization.k8s.io "istio-sidecar" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["istioconfigs"], APIGroups:["istio.io"], Verbs:["get"]} PolicyRule{Resources:["istioconfigs"], APIGroups:["istio.io"], Verbs:["watch"]} PolicyRule{Resources:["istioconfigs"], APIGroups:["istio.io"], Verbs:["list"]} PolicyRule{Resources:["thirdpartyresources"], APIGroups:["extensions"], Verbs:["get"]} PolicyRule{Resources:["thirdpartyresources"], APIGroups:["extensions"], Verbs:["watch"]} PolicyRule{Resources:["thirdpartyresources"], APIGroups:["extensions"], Verbs:["list"]} PolicyRule{Resources:["thirdpartyresources"], APIGroups:["extensions"], Verbs:["update"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["get"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["watch"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["list"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["update"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["list"]}] user=&{kelsey.hightower@gmail.com  [system:authenticated] map[]} ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api" "/api/*" "/apis" "/apis/*" "/healthz" "/swaggerapi" "/swaggerapi/*" "/version"], Verbs:["get"]}] ruleResolutionErrors=[]
	$ kubectl apply -f install/kubernetes/istio-rbac-beta.yaml
	rolebinding "istio-pilot-admin-role-binding" created
	rolebinding "istio-ca-role-binding" created
	rolebinding "istio-ingress-admin-role-binding" created
	rolebinding "istio-sidecar-role-binding" created
	Error from server (Forbidden): error when creating "install/kubernetes/istio-rbac-beta.yaml": clusterroles.rbac.authorization.k8s.io "istio-pilot" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["istioconfigs"], APIGroups:["istio.io"], Verbs:[""]} PolicyRule{Resources:["istioconfigs.istio.io"], APIGroups:["istio.io"], Verbs:[""]} PolicyRule{Resources:["thirdpartyresources"], APIGroups:["extensions"], Verbs:[""]} PolicyRule{Resources:["thirdpartyresources.extensions"], APIGroups:["extensions"], Verbs:[""]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:[""]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:[""]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:[""]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:[""]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:[""]}] user=&{kelsey.hightower@gmail.com [system:authenticated] map[]} ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api" "/api/" "/apis" "/apis/" "/healthz" "/swaggerapi" "/swaggerapi/" "/version"], Verbs:["get"]}] ruleResolutionErrors=[]
	Error from server (Forbidden): error when creating "install/kubernetes/istio-rbac-beta.yaml": clusterroles.rbac.authorization.k8s.io "istio-ca" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["create"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["secrets"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["serviceaccounts"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["serviceaccounts"], APIGroups:[""], Verbs:["list"]}] user=&{kelsey.hightower@gmail.com [system:authenticated] map[]} ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api" "/api/" "/apis" "/apis/" "/healthz" "/swaggerapi" "/swaggerapi/*" "/version"], Verbs:["get"]}] ruleResolutionErrors=[]
	Error from server (Forbidden): error when creating "install/kubernetes/istio-rbac-beta.yaml": clusterroles.rbac.authorization.k8s.io "istio-sidecar" is forbidden: attempt to grant extra privileges: [PolicyRule{Resources:["istioconfigs"], APIGroups:["istio.io"], Verbs:["get"]} PolicyRule{Resources:["istioconfigs"], APIGroups:["istio.io"], Verbs:["watch"]} PolicyRule{Resources:["istioconfigs"], APIGroups:["istio.io"], Verbs:["list"]} PolicyRule{Resources:["thirdpartyresources"], APIGroups:["extensions"], Verbs:["get"]} PolicyRule{Resources:["thirdpartyresources"], APIGroups:["extensions"], Verbs:["watch"]} PolicyRule{Resources:["thirdpartyresources"], APIGroups:["extensions"], Verbs:["list"]} PolicyRule{Resources:["thirdpartyresources"], APIGroups:["extensions"], Verbs:["update"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["get"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["watch"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["list"]} PolicyRule{Resources:["ingresses"], APIGroups:["extensions"], Verbs:["update"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["configmaps"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["pods"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["endpoints"], APIGroups:[""], Verbs:["list"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["get"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["watch"]} PolicyRule{Resources:["services"], APIGroups:[""], Verbs:["list"]}] user=&{kelsey.hightower@gmail.com [system:authenticated] map[]} ownerrules=[PolicyRule{Resources:["selfsubjectaccessreviews"], APIGroups:["authorization.k8s.io"], Verbs:["create"]} PolicyRule{NonResourceURLs:["/api" "/api/" "/apis" "/apis/" "/healthz" "/swaggerapi" "/swaggerapi/*" "/version"], Verbs:["get"]}] ruleResolutionErrors=[]