gcloud 凭据使用了错误的集群
gcloud credentials using wrong cluster
我在 cloudbuild.yaml 中使用容器生成器,我的问题是正在使用不存在的旧集群名称。我已尝试删除我的服务密钥并重新创建它,但无济于事。
Starting Step #3
Step #3: Already have image (with digest): gcr.io/cloud-builders/kubectl
Step #3: Running: gcloud container clusters get-credentials --project="amx-instance-1" --zone="australia-southeast1-a" "amx-cluster-au9"
Step #3: Fetching cluster endpoint and auth data.
Step #3: ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Required "container.clusters.get" permission(s) for "projects/amx-instance-1/zones/australia-southeast1-a/clusters/amx-cluster-au9". See https://cloud.google.com/kubernetes-engine/docs/troubleshooting#gke_service_account_deleted for more info.
集群名称amx-cluster-au9 是一个不再存在的旧集群。是什么导致了这个问题,我该如何解决?
编辑:cloudbuild.yaml 文件
steps:
- name: gcr.io/cloud-builders/wget
args: [
"-O",
"go-cloud-debug",
"https://storage.googleapis.com/cloud-debugger/compute-go/go-cloud-debug"
]
- name: 'gcr.io/cloud-builders/go'
args: ["install", "-gcflags=-N", "-gcflags=-l", ".", ]
env: ['PROJECT_ROOT=github.com/amalexpress/amx-server', 'CGO_ENABLED=0', 'GOOS=linux']
- name: 'gcr.io/cloud-builders/docker'
args: ['build', '--tag=gcr.io/$PROJECT_ID/amx-img:$SHORT_SHA', '.']
- name: 'gcr.io/cloud-builders/kubectl'
args:
- set
- image
- deployment
- echoserver
- echoserver=gcr.io/$PROJECT_ID/amx-img:$SHORT_SHA
env:
- 'CLOUDSDK_COMPUTE_ZONE=australia-southeast1-a'
- 'CLOUDSDK_CONTAINER_CLUSTER=amx-cluster-au-2'
images: ['gcr.io/$PROJECT_ID/amx-img:$SHORT_SHA']
基本上我不知道为什么它一直引用我已删除且不再使用的集群。
这里是 logs 如果可能有帮助的话。
已通过删除 Cloud Source Repository 中的存储库解决问题。我不知道为什么这解决了这个问题。我应该注意到我删除了 github 存储库并重新初始化了它。尽管根本没有迹象表明根本原因,但仍然看起来像是一个错误。此外,虽然上面修复了集群名称问题,但我必须按照说明 here 来为集群提供适当的角色访问权限:
PROJECT="$(gcloud projects describe \
$(gcloud config get-value core/project -q) --format='get(projectNumber)')"
gcloud projects add-iam-policy-binding $PROJECT \
--member=serviceAccount:$PROJECT@cloudbuild.gserviceaccount.com \
--role=roles/container.developer
我在 cloudbuild.yaml 中使用容器生成器,我的问题是正在使用不存在的旧集群名称。我已尝试删除我的服务密钥并重新创建它,但无济于事。
Starting Step #3
Step #3: Already have image (with digest): gcr.io/cloud-builders/kubectl
Step #3: Running: gcloud container clusters get-credentials --project="amx-instance-1" --zone="australia-southeast1-a" "amx-cluster-au9"
Step #3: Fetching cluster endpoint and auth data.
Step #3: ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Required "container.clusters.get" permission(s) for "projects/amx-instance-1/zones/australia-southeast1-a/clusters/amx-cluster-au9". See https://cloud.google.com/kubernetes-engine/docs/troubleshooting#gke_service_account_deleted for more info.
集群名称amx-cluster-au9 是一个不再存在的旧集群。是什么导致了这个问题,我该如何解决?
编辑:cloudbuild.yaml 文件
steps:
- name: gcr.io/cloud-builders/wget
args: [
"-O",
"go-cloud-debug",
"https://storage.googleapis.com/cloud-debugger/compute-go/go-cloud-debug"
]
- name: 'gcr.io/cloud-builders/go'
args: ["install", "-gcflags=-N", "-gcflags=-l", ".", ]
env: ['PROJECT_ROOT=github.com/amalexpress/amx-server', 'CGO_ENABLED=0', 'GOOS=linux']
- name: 'gcr.io/cloud-builders/docker'
args: ['build', '--tag=gcr.io/$PROJECT_ID/amx-img:$SHORT_SHA', '.']
- name: 'gcr.io/cloud-builders/kubectl'
args:
- set
- image
- deployment
- echoserver
- echoserver=gcr.io/$PROJECT_ID/amx-img:$SHORT_SHA
env:
- 'CLOUDSDK_COMPUTE_ZONE=australia-southeast1-a'
- 'CLOUDSDK_CONTAINER_CLUSTER=amx-cluster-au-2'
images: ['gcr.io/$PROJECT_ID/amx-img:$SHORT_SHA']
基本上我不知道为什么它一直引用我已删除且不再使用的集群。
这里是 logs 如果可能有帮助的话。
已通过删除 Cloud Source Repository 中的存储库解决问题。我不知道为什么这解决了这个问题。我应该注意到我删除了 github 存储库并重新初始化了它。尽管根本没有迹象表明根本原因,但仍然看起来像是一个错误。此外,虽然上面修复了集群名称问题,但我必须按照说明 here 来为集群提供适当的角色访问权限:
PROJECT="$(gcloud projects describe \
$(gcloud config get-value core/project -q) --format='get(projectNumber)')"
gcloud projects add-iam-policy-binding $PROJECT \
--member=serviceAccount:$PROJECT@cloudbuild.gserviceaccount.com \
--role=roles/container.developer