403“请求的身份验证范围不足"在 gcloud 容器集群获取凭证期间 [英] 403 "Request had insufficient authentication scopes" during gcloud container cluster get-credentials
问题描述
从 GCE 中的 VM,我执行了以下操作
From a VM in GCE, I did the following
gcloud auth activate-service-account --key-file <blah>
# "blah" is a service account key file (JSON) I generated from the web interface
gcloud config set project <project-name>
gcloud config set compute/zone <zone-name>
gcloud set container/cluster <cluster-name>
然后当我试图运行
gcloud container clusters get-credentials <cluster-name>
它失败并显示错误消息:
and it failed with the error message:
错误消息:错误:(gcloud.container.clusters.get-credentials)ResponseError: 代码=403,消息=请求不足身份验证范围."
Error message: "ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Request had insufficient authentication scopes."
虚拟机与 GKE 集群在同一网络上.我尝试了同样的事情,使用来自 GCE 外部机器的相同服务帐户密钥文件,针对默认"网络上的 GKE 集群,它成功了......
The VM is on the same network as the GKE cluster. I tried the same thing, with the same service account key file from a machine outside GCE, against a GKE cluster on the "default" network and it succeeded...
推荐答案
要从 GCE 虚拟机使用 Google Kubernetes Engine API,您需要添加云平台范围 ("https://www.googleapis.com/auth/cloud-platform") 到您的 VM.
To use the Google Kubernetes Engine API from a GCE virtual machine you need to add the cloud platform scope ("https://www.googleapis.com/auth/cloud-platform") to your VM when it is created.
这篇关于403“请求的身份验证范围不足"在 gcloud 容器集群获取凭证期间的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!