Google Compute Engine:必需的"compute.zones.get"权限错误 [英] Google Compute Engine: Required 'compute.zones.get' permission error

问题描述

我正在尝试在Google Cloud Platform中创建Kubernetes集群，当我尝试从Web应用程序创建集群时收到以下错误:

I am trying to create a Kubernetes cluster in Google Cloud Platform and I receive the following error when I try to create the cluster from the Web app:

Compute Engine中发生未知错误:"EXTERNAL:Google Compute Engine:所需的"compute.zones.get"权限 'projects/my-project-198766/zones/us-west1-a'.错误代码:"18"

An unknown error has occurred in Compute Engine: "EXTERNAL: Google Compute Engine: Required 'compute.zones.get' permission for 'projects/my-project-198766/zones/us-west1-a'". Error code: "18"

当我使用gcloud时，我收到以下响应:

When I use gcloud I receive this response:

(gcloud.container.clusters.create)ResponseError:代码= 403， message = Google Compute Engine:必需的"compute.zones.get"权限 用于"projects/my-project-198766/zones/us-west1-a"

(gcloud.container.clusters.create) ResponseError: code=403, message=Google Compute Engine: Required 'compute.zones.get' permission for 'projects/my-project-198766/zones/us-west1-a'

请注意，我具有所有者角色，可以创建VM实例而没有任何问题.

Please note that I have the Owner role and I can create VM instances without any issues.

有什么想法吗?

推荐答案

如果以某种方式将您的cloudservices机器人作为项目编辑器删除，则可能会出现这种问题.我最好的猜测是，这就是您的问题.

This sort of issue might arise if somehow your cloudservices robot gets removed as a project editor. My best guess is that in your case this is the issue.

这可能是由于具有 SetIamPolicy 的API调用从角色/编辑器"绑定中丢失了cloudservices机械手而导致的. SetIamPolicy 是一个直接的PUT，它将使用请求中提供的任何策略覆盖.您可以使用以下命令，通过获取项目的IAM策略列表.在本文中给出.

This might happen due to API call which has SetIamPolicy that is missing cloudservices robot from the "roles/editor" bindings. SetIamPolicy is a straight PUT, it will override with whatever policy is provided in the request. You can get the list of IAM policies for your project with below command as given in this article.

gcloud projects get-iam-policy [project-id]

从列表中，您可以检查以下服务帐户是否具有编辑权限.

From the list, you can check whether below service account has the editor permission or not.

[id] @ cloudservices.gserviceaccount.com

[id]@cloudservices.gserviceaccount.com

要解决此问题，您可以授予提及的服务帐户 编辑者" 权限，然后检查是否可以解决问题.

To fix the issue, you can grant the mentioned service account "Editor" permission and check whether that solves the issue or not.

希望这会有所帮助.

这篇关于Google Compute Engine:必需的"compute.zones.get"权限错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！