403“请求的身份验证范围不足"在 gcloud 容器集群获取凭证期间 [英] 403 "Request had insufficient authentication scopes" during gcloud container cluster get-credentials

问题描述

从 GCE 中的 VM，我执行了以下操作

From a VM in GCE, I did the following

gcloud auth activate-service-account --key-file <blah>
# "blah" is a service account key file (JSON) I generated from the web interface
gcloud config set project <project-name>
gcloud config set compute/zone <zone-name>
gcloud set container/cluster <cluster-name>

然后当我试图运行

gcloud container clusters get-credentials <cluster-name>

它失败并显示错误消息:

and it failed with the error message:

错误消息:错误:(gcloud.container.clusters.get-credentials)ResponseError: 代码=403，消息=请求不足身份验证范围."

Error message: "ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Request had insufficient authentication scopes."

虚拟机与 GKE 集群在同一网络上.我尝试了同样的事情，使用来自 GCE 外部机器的相同服务帐户密钥文件，针对默认"网络上的 GKE 集群，它成功了......

The VM is on the same network as the GKE cluster. I tried the same thing, with the same service account key file from a machine outside GCE, against a GKE cluster on the "default" network and it succeeded...

推荐答案

要从 GCE 虚拟机使用 Google Kubernetes Engine API，您需要添加云平台范围 ("https://www.googleapis.com/auth/cloud-platform") 到您的 VM.

To use the Google Kubernetes Engine API from a GCE virtual machine you need to add the cloud platform scope ("https://www.googleapis.com/auth/cloud-platform") to your VM when it is created.

这篇关于403“请求的身份验证范围不足"在 gcloud 容器集群获取凭证期间的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！