Google云:身份验证范围不足 [英] Google cloud: insufficient authentication scopes
问题描述
我无法将请求发送到部署在我的Google Cloud Kubernetes集群中的spring boot应用程序.我的应用程序收到一张照片,并将其发送到Google Vision API.我正在使用提供的客户端库( https://cloud. google.com/vision/docs/libraries#client-libraries-install-java ),如此处
I am having difficulties sending requests to my spring boot application deployed in my Google Cloud Kubernetes cluster. My application receives a photo and sends it to the Google Vision API. I am using the provided client library (https://cloud.google.com/vision/docs/libraries#client-libraries-install-java) as explained here https://cloud.google.com/vision/docs/auth:
如果您正在使用客户端库来调用Vision API,请使用应用程序默认凭据(ADC).使用ADC的服务会在GOOGLE_APPLICATION_CREDENTIALS环境变量中寻找凭据.除非您特别希望ADC使用其他凭据(例如,用户凭据),否则我们建议您将此环境变量设置为指向您的服务帐户密钥文件.
If you're using a client library to call the Vision API, use Application Default Credentials (ADC). Services using ADC look for credentials within a GOOGLE_APPLICATION_CREDENTIALS environment variable. Unless you specifically wish to have ADC use other credentials (for example, user credentials), we recommend you set this environment variable to point to your service account key file.
在我的本地计算机上,everinging可以正常工作,我有一个带有env的docker容器. varialbe GOOGLE_APPLICATION_CREDENTIALS指向我的服务帐户密钥文件.
On my local machine everyting works fine, I have a docker container with an env. varialbe GOOGLE_APPLICATION_CREDENTIALS pointing to my service account key file.
我的集群中没有此变量.这是我从Kubernetes集群中的应用程序获得的响应:
I do not have this variable in my cluster. This is the response I am getting from my application in the Kubernetes cluster:
{
"timestamp": "2018-05-10T14:07:27.652+0000",
"status": 500,
"error": "Internal Server Error",
"message": "io.grpc.StatusRuntimeException: PERMISSION_DENIED: Request had insufficient authentication scopes.",
"path": "/image"
}
我做错了什么?提前谢谢!
What I am doing wrong? Thx in advance!
推荐答案
我还必须在GKE设置中指定GOOGLE_APPLICATION_CREDENTIALS环境变量,这是我通过
I also had to specify the GOOGLE_APPLICATION_CREDENTIALS environment variable on my GKE setup, these are the steps I completed thanks to How to set GOOGLE_APPLICATION_CREDENTIALS on GKE running through Kubernetes:
1.创建密钥(以我为例,在Gitlab上的部署步骤中):
kubectl create secret generic google-application-credentials --from-file=./application-credentials.json
2.设置音量:
...
volumes:
- name: google-application-credentials-volume
secret:
secretName: google-application-credentials
items:
- key: application-credentials.json # default name created by the create secret from-file command
path: application-credentials.json
3.设置卷挂载:
spec:
containers:
- name: my-service
volumeMounts:
- name: google-application-credentials-volume
mountPath: /etc/gcp
readOnly: true
4.设置环境变量:
spec:
containers:
- name: my-service
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /etc/gcp/application-credentials.json
这篇关于Google云:身份验证范围不足的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
