更改 Google Container Engine 集群的权限 [英] Changing Permissions of Google Container Engine Cluster
问题描述
我已经能够在开发者控制台中成功创建一个 Google 容器集群并将我的应用程序部署到它.这一切都很好,但是我发现我无法连接到 Cloud SQL,我明白了;
I have been able to successfully create a Google Container Cluster in the developers console and have deployed my app to it. This all starts up fine, however I find that I can't connect to Cloud SQL, I get;
"Error: Handshake inactivity timeout"
经过一番挖掘,我从 App Engine 或我的本地机器连接到数据库没有任何问题,所以我觉得这有点奇怪.就在那时我注意到了集群权限...
After a bit of digging, I hadn't had any trouble connecting to the Database from App Engine or my local machine so I thought this was a little strange. It was then I noticed the cluster permissions...
当我选择我的集群时,我会看到以下内容;
When I select my cluster I see the following;
Permissions
User info Disabled
Compute Read Write
Storage Read Only
Task queue Disabled
BigQuery Disabled
Cloud SQL Disabled
Cloud Datastore Disabled
Cloud Logging Write Only
Cloud Platform Disabled
我真的希望在我的容器引擎节点中同时使用 Cloud Storage 和 Cloud SQL.我已经允许在我的项目设置中访问这些 API 中的每一个,并且我的 Cloud SQL 实例正在接受来自任何 IP 的连接(我之前一直在 App Engine 上的托管 VM 中运行 Node),所以我的想法是 Google 正在明确禁用这些 API.
I was really hoping to use both Cloud Storage and Cloud SQL in my Container Engine Nodes. I have allowed access to each of these API's in my project settings and my Cloud SQL instance is accepting connections from any IP (I've been running Node in a Managed VM on App Engine previously), so my thinking is that Google is Explicitly disabling these API's.
所以我的两部分问题是;
So my two part question is;
- 有什么办法可以修改这些权限吗?
- 禁用这些 API 有什么好的理由吗?(我认为一定有)
非常感谢任何帮助!
推荐答案
权限由集群创建期间附加到节点虚拟机的服务帐户定义(虚拟机实例化后服务帐户不能更改,因此这只有当您可以选择权限时).
The permissions are defined by the service accounts attached to your node VMs during cluster creation (service accounts can't be changed after a VM is instantiated, so this the only time you can pick the permissions).
如果您使用云控制台,点击创建集群页面上的更多"链接,您将看到可以添加到集群中节点的权限列表(所有默认为关闭).切换您想要的任何选项,在创建集群后您应该会看到相应的权限.
If you use the cloud console, click the "More" link on the create cluster page and you will see a list of permissions that you can add to the nodes in your cluster (all defaulting to off). Toggle any on that you'd like and you should see the appropriate permissions after your cluster is created.
如果您使用命令行创建集群,请将 --scopes 命令传递给 gcloud container clusters create 以在您的节点虚拟机上设置适当的服务帐户范围.
If you use the command line to create your cluster, pass the --scopes command to gcloud container clusters create to set the appropriate service account scopes on your node VMs.
这篇关于更改 Google Container Engine 集群的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
