无法在 Google Compute Engine 上部署容器映像
Unable to deploy container images on Google Compute Engine
我正在尝试使用 cloudbuild.yaml 在 Compute Engine 上部署我的容器映像,但出现错误。下面是我的 cloudbuild.yaml 文件内容:
# gis-account-manager -> Project ID on GCP
steps:
# Build the Docker image.
- name: gcr.io/cloud-builders/docker
args: ['build', '-t', 'gcr.io/gis-account-manager/ams', '-f', 'Dockerfile', '.']
# Push it to GCR.
- name: gcr.io/cloud-builders/docker
args: ['push', 'gcr.io/gis-account-manager/ams']
# Deploy to Prod env (THIS STEP IS FAILING)
- name: gcr.io/cloud-builders/gcloud
args: [ 'compute', 'instances', 'update-container', 'instance-2-production' , '--container-image', 'gcr.io/gis-account-manager/ams:latest']
# Set the Docker image in Cloud Build
images: ['gcr.io/gis-account-manager/ams']
# Build timeout
timeout: '3600s'
错误:
Starting Step #2
Step #2: Already have image (with digest): gcr.io/cloud-builders/gcloud
Step #2: ERROR: (gcloud.compute.instances.update-container) Underspecified resource [instance-2-production]. Specify the [--zone] flag.
如果我 运行 来自 Cloud SDK Sheel 的相同命令,它会按预期工作。
PS:我也试过提供ZONE Flag。
您需要在 gcloud compute 命令中指定您的区域:
# Deploy to Prod env (THIS STEP IS FAILING)
- name: gcr.io/cloud-builders/gcloud
args: [ 'config', 'set', 'compute/zone', 'us-central1-a']
- name: gcr.io/cloud-builders/gcloud
args: [ 'compute', 'instances', 'update-container', 'instance-2-production' , '--container-image', 'gcr.io/gis-account-manager/ams:latest']
您需要将 asia-east1 更改为 zone from this list。由于您正在更新容器,因此可能已经指定了区域。
您可以编写命令:gcloud compute zones list 列出所有可用区域
Cloud Build does not have enough permissions to execute the operation, hence you are receiving an error when operating on Cloud Build, but not when executing the same operation in gcloud command-line tool, which works differently.
我向这些 Cloud Build 服务帐户和 Cloud Build 服务代理授予了计算管理员角色:
- [已编辑]@cloudbuild.gserviceaccount.com`
- service-[已编辑]@gcp-sa-cloudbuild.iam.gserviceaccount.com`
我的 cloudbuild.yaml 看起来和你现在应该拥有的一样:
steps:
- name: gcr.io/cloud-builders/gcloud
args: [ 'config', 'set', 'compute/zone', 'YOUR_ZONE']
- name: gcr.io/cloud-builders/gcloud
args: [ 'compute', 'instances', 'update-container', '[YOUR_INSTANCE_NAME]' , '--container-image', 'gcr.io/gis-account-manager/ams:latest']
其中 [YOUR_ZONE] 是您配置的区域,[YOUR_INSTANCE_NAME] 是您的实例名称。
我建议您阅读此 Documentation 以了解有关 Cloud Build 服务帐户权限的更多信息。
我已经通过服务帐户进行身份验证解决了这个问题(首先需要为 Compute Engine 服务帐户生成密钥)。
已更新 cloudbuild.yaml 文件:
# Deploy to GOOGLE COMPUTE ENGINE Prod env
- name: gcr.io/cloud-builders/gcloud
args: [ 'auth', 'activate-service-account', '123456789-compute@developer.gserviceaccount.com', '--key-file=PATH_TO_FILE', '--project=${_PROJECT_ID}']
- name: gcr.io/cloud-builders/gcloud
args: ['compute', 'instances', 'update-container', '${_VM_INSTANCE}' , '--container-image=gcr.io/${_PROJECT_ID}/ams:latest', '--zone=us-central1-a']
我正在尝试使用 cloudbuild.yaml 在 Compute Engine 上部署我的容器映像,但出现错误。下面是我的 cloudbuild.yaml 文件内容:
# gis-account-manager -> Project ID on GCP
steps:
# Build the Docker image.
- name: gcr.io/cloud-builders/docker
args: ['build', '-t', 'gcr.io/gis-account-manager/ams', '-f', 'Dockerfile', '.']
# Push it to GCR.
- name: gcr.io/cloud-builders/docker
args: ['push', 'gcr.io/gis-account-manager/ams']
# Deploy to Prod env (THIS STEP IS FAILING)
- name: gcr.io/cloud-builders/gcloud
args: [ 'compute', 'instances', 'update-container', 'instance-2-production' , '--container-image', 'gcr.io/gis-account-manager/ams:latest']
# Set the Docker image in Cloud Build
images: ['gcr.io/gis-account-manager/ams']
# Build timeout
timeout: '3600s'
错误:
Starting Step #2
Step #2: Already have image (with digest): gcr.io/cloud-builders/gcloud
Step #2: ERROR: (gcloud.compute.instances.update-container) Underspecified resource [instance-2-production]. Specify the [--zone] flag.
如果我 运行 来自 Cloud SDK Sheel 的相同命令,它会按预期工作。
PS:我也试过提供ZONE Flag。
您需要在 gcloud compute 命令中指定您的区域:
# Deploy to Prod env (THIS STEP IS FAILING)
- name: gcr.io/cloud-builders/gcloud
args: [ 'config', 'set', 'compute/zone', 'us-central1-a']
- name: gcr.io/cloud-builders/gcloud
args: [ 'compute', 'instances', 'update-container', 'instance-2-production' , '--container-image', 'gcr.io/gis-account-manager/ams:latest']
您需要将 asia-east1 更改为 zone from this list。由于您正在更新容器,因此可能已经指定了区域。
您可以编写命令:gcloud compute zones list 列出所有可用区域
Cloud Build does not have enough permissions to execute the operation, hence you are receiving an error when operating on Cloud Build, but not when executing the same operation in
gcloudcommand-line tool, which works differently.
我向这些 Cloud Build 服务帐户和 Cloud Build 服务代理授予了计算管理员角色:
- [已编辑]@cloudbuild.gserviceaccount.com`
- service-[已编辑]@gcp-sa-cloudbuild.iam.gserviceaccount.com`
我的 cloudbuild.yaml 看起来和你现在应该拥有的一样:
steps:
- name: gcr.io/cloud-builders/gcloud
args: [ 'config', 'set', 'compute/zone', 'YOUR_ZONE']
- name: gcr.io/cloud-builders/gcloud
args: [ 'compute', 'instances', 'update-container', '[YOUR_INSTANCE_NAME]' , '--container-image', 'gcr.io/gis-account-manager/ams:latest']
其中 [YOUR_ZONE] 是您配置的区域,[YOUR_INSTANCE_NAME] 是您的实例名称。
我建议您阅读此 Documentation 以了解有关 Cloud Build 服务帐户权限的更多信息。
我已经通过服务帐户进行身份验证解决了这个问题(首先需要为 Compute Engine 服务帐户生成密钥)。
已更新 cloudbuild.yaml 文件:
# Deploy to GOOGLE COMPUTE ENGINE Prod env
- name: gcr.io/cloud-builders/gcloud
args: [ 'auth', 'activate-service-account', '123456789-compute@developer.gserviceaccount.com', '--key-file=PATH_TO_FILE', '--project=${_PROJECT_ID}']
- name: gcr.io/cloud-builders/gcloud
args: ['compute', 'instances', 'update-container', '${_VM_INSTANCE}' , '--container-image=gcr.io/${_PROJECT_ID}/ams:latest', '--zone=us-central1-a']