403“请求的认证范围不足".在gcloud容器集群获取凭证期间 [英] 403 "Request had insufficient authentication scopes" during gcloud container cluster get-credentials
问题描述
在GCE中的虚拟机上,我执行了以下操作
From a VM in GCE, I did the following
gcloud auth activate-service-account --key-file <blah>
# "blah" is a service account key file (JSON) I generated from the web interface
gcloud config set project <project-name>
gcloud config set compute/zone <zone-name>
gcloud set container/cluster <cluster-name>
然后当我尝试运行
gcloud container clusters get-credentials <cluster-name>
,它失败并显示错误消息:
and it failed with the error message:
错误消息:错误:(gcloud.container.clusters.get-credentials) ResponseError:代码= 403,消息=请求不足 验证范围."
Error message: "ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Request had insufficient authentication scopes."
VM与GKE群集位于同一网络上.我在GCE外部的计算机上使用相同的服务帐户密钥文件对默认"网络上的GKE集群尝试了相同的操作,并成功...
The VM is on the same network as the GKE cluster. I tried the same thing, with the same service account key file from a machine outside GCE, against a GKE cluster on the "default" network and it succeeded...
推荐答案
要从GCE虚拟机使用Google Kubernetes Engine API,您需要添加云平台范围("
To use the Google Kubernetes Engine API from a GCE virtual machine you need to add the cloud platform scope ("https://www.googleapis.com/auth/cloud-platform") to your VM when it is created.
这篇关于403“请求的认证范围不足".在gcloud容器集群获取凭证期间的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!