Google Compute Engine:必需的“compute.zones.get"权限错误 [英] Google Compute Engine: Required 'compute.zones.get' permission error
问题描述
我正在尝试在 Google Cloud Platform 中创建 Kubernetes 集群,但当我尝试从 Web 应用创建集群时收到以下错误:
I am trying to create a Kubernetes cluster in Google Cloud Platform and I receive the following error when I try to create the cluster from the Web app:
Compute Engine 中出现未知错误:EXTERNAL: GoogleCompute Engine:需要compute.zones.get"权限'projects/my-project-198766/zones/us-west1-a'".错误代码:18"
An unknown error has occurred in Compute Engine: "EXTERNAL: Google Compute Engine: Required 'compute.zones.get' permission for 'projects/my-project-198766/zones/us-west1-a'". Error code: "18"
当我使用 gcloud 时,我收到此回复:
When I use gcloud I receive this response:
(gcloud.container.clusters.create) 响应错误:代码=403,message=Google Compute Engine:需要compute.zones.get"权限对于projects/my-project-198766/zones/us-west1-a"
(gcloud.container.clusters.create) ResponseError: code=403, message=Google Compute Engine: Required 'compute.zones.get' permission for 'projects/my-project-198766/zones/us-west1-a'
请注意,我拥有所有者角色,我可以毫无问题地创建 VM 实例.
Please note that I have the Owner role and I can create VM instances without any issues.
有什么想法吗?
推荐答案
如果您的云服务机器人以某种方式作为项目编辑器被删除,则可能会出现此类问题.我最好的猜测是,在您的情况下,这就是问题所在.
This sort of issue might arise if somehow your cloudservices robot gets removed as a project editor. My best guess is that in your case this is the issue.
这可能是由于 API 调用具有 SetIamPolicy 而缺少角色/编辑器"绑定中的云服务机器人.SetIamPolicy 是一个直接的 PUT,它将被请求中提供的任何策略覆盖.您可以使用以下命令获取项目的 IAM 策略列表 在本文中给出.
This might happen due to API call which has SetIamPolicy that is missing cloudservices robot from the "roles/editor" bindings. SetIamPolicy is a straight PUT, it will override with whatever policy is provided in the request. You can get the list of IAM policies for your project with below command as given in this article.
gcloud projects get-iam-policy [project-id]
从列表中,您可以检查以下服务帐户是否具有编辑权限.
From the list, you can check whether below service account has the editor permission or not.
[id]@cloudservices.gserviceaccount.com
[id]@cloudservices.gserviceaccount.com
要解决此问题,您可以授予提到的服务帐户 编辑"权限并检查是否解决了问题.
To fix the issue, you can grant the mentioned service account "Editor" permission and check whether that solves the issue or not.
希望这会有所帮助.
这篇关于Google Compute Engine:必需的“compute.zones.get"权限错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
