本文介绍了使用Terraform权限错误在GCP上构建GKE集群的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试使用Terraform 0.12.5添加GKE集群[据我所知,这在0.11.7上还不错]
resource "google_container_cluster" "primary" {
name = "gke-${terraform.workspace}-cluster"
zone = "${var.region}-b"
initial_node_count = 3
network = "${var.vpc_name}"
subnetwork = "${var.subnet_name}"
addons_config {
horizontal_pod_autoscaling {
disabled = false
}
kubernetes_dashboard {
disabled = false
}
}
# getting a vpc-native network
ip_allocation_policy {
}
master_auth {
username = "${var.gke_master_user}"
password = "${var.gke_master_pass}"
}
node_config {
oauth_scopes = [
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
]
labels = {
env = "${var.gke_label[terraform.workspace]}"
}
disk_size_gb = 10
machine_type = "${var.gke_node_machine_type}"
tags = ["gke-node"]
}
}
我基于具有以下角色的服务帐户运行此服务
- Roles/Compute.networkAdmin
- 角色/resource cemanager.projectCreator
- 角色/storage.admin
但是,令我惊讶的是,我现在获得了构建GKE群集的权限问题。
1) deploy error: Not all instances running in IGM after 10.808470514s.
Expect 1. Current errors: [PERMISSIONS_ERROR]: Instance 'gke-gke-dev-
cluster-default-pool-6266baac-0pn3' creation failed: Required
'compute.instances.create' permission for
'projects/353065647996/zones/europe-west1-b/instances/gke-gke-dev-
cluster-default-pool-6266baac-0pn3' (when acting as
'[email protected]');
[PERMISSIONS_ERROR]: Instance 'gke-gke-dev-cluster-default-pool-
6266baac-0pn3' creation failed: Required 'compute.disks.create'
permission for 'projects/353065647996/zones/europe-west1-b/disks/gke-
gke-dev-cluster-default-pool-6266baac-0pn3' (when acting as
'[email protected]');
[PERMISSIONS_ERROR]: Instance 'gke-gke-dev-cluster-default-pool-
6266baac-0pn3' creation failed: Required 'compute.subnetworks.use'
permission for 'projects/353065647996/regions/europe-
west1/subnetworks/dev-subnet' (when acting as
'[email protected]');
[PERMISSIONS_ERROR]: Instance 'gke-gke-dev-cluster-default-pool-
6266baac-0pn3' creation failed: Required
'compute.subnetworks.useExternalIp' permission for
'projects/353065647996/regions/europe-west1/subnetworks/dev-subnet'
(when acting as '[email protected]');
[PERMISSIONS_ERROR]: Instance 'gke-gke-dev-cluster-default-pool-
6266baac-0pn3' creation failed: Required
'compute.instances.setMetadata' permission for
'projects/353065647996/zones/europe-west1-b/instances/gke-gke-dev-
cluster-default-pool-6266baac-0pn3' (when acting as
'[email protected]') (truncated)
推荐答案
这是因为在创建项目时将仅有查看权限的用户添加为最后一个用户。正在删除该用户,它按预期工作。
这篇关于使用Terraform权限错误在GCP上构建GKE集群的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!