gcloud控制台无法查看gke资源 [英] gcloud console can't view gke resources
问题描述
我正在测试新项目对GCP的权限,已经创建了一个用户,并提供了基本的 storage.objects.get
和 storage.objects.list
权限,一切正常,但是当我移到GKE时,无论有多少权限( container.clusters.*
或 container.pods.*
或角色 Kubernetes Engine,它都停止了群集查看器
他无法查看带有错误消息的资源
I'm testing permissions on GCP on new project, I've created a user and gave basic storage.objects.get
and storage.objects.list
permissions and all work, but when I moved to GKE it stopped no matter how many permissions (container.clusters.*
or container.pods.*
or the role Kubernetes Engine Cluster Viewer
he can't view the resources with the error message
Can't access project settings for project <my_project> on service container.googleapis.com [view=CONSUMER_VIEW].
任何想法可能是什么问题?
any thoughts what might be the issue ?
我还启用了API服务
gcloud services enable cloudresourcemanager.googleapis.com
gcloud services enable compute.googleapis.com
gcloud services enable serviceusage.googleapis.com
gcloud services enable container.googleapis.com
gcloud services enable servicemanagement.googleapis.com
gcloud services enable sql-component.googleapis.com
有人看到我缺少的基本信息吗?
anyone see anything basic I'm missing ?
推荐答案
See the pre-defined GKE roles; while you might be lacking another role/permission (on the project itself, instead of GKE). It is impossible to tell without even knowing which command you've ran.
我建议启用故障排除:
gcloud services enable policytroubleshooter.googleapis.com --project=project-id
gcloud config set project project-id
gcloud policy-troubleshoot iam resource --principal-email=email --permission=permission
gcloud policy-troubleshoot iam //cloudresourcemanager.googleapis.com/projects/my-project --permission=resourcemanager.projects.getIamPolicy --principal-email=foo@example.com
这应该提供准确的见解,出了什么问题以及为什么
This should provide an accurate insight what is going wrong and why
(某些虚拟参数显然需要替换).
(some of the dummy arguments obviously require substitution).
这篇关于gcloud控制台无法查看gke资源的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!