从GKE上的pod访问GCP Cloud DNS
[英]Access GCP Cloud DNS from pods on GKE
问题描述
I'm investigating this letsencrypt controller ( https://github.com/tazjin/kubernetes-letsencrypt ). 
我正在调查这个letsencrypt控制器( https://github.com/tazjin/kubernetes-letsencrypt )。
It requires pods have permission to make changes to records in Cloud DNS. 它要求pod有权更改Cloud DNS中的记录。 I thought with the pods running on GKE I'd get that access with the default service account, but the requests are failing. 我认为在GKE上运行的pod我会使用默认服务帐户进行访问,但请求失败。 What do I need to do do to allow the pods access to Cloud DNS? 我需要做什么才能让pod访问Cloud DNS?
1 个解决方案
解决方案1
6 已采纳 2016-09-27 18:27:20
The Google Cloud DNS API's changes.create call requires either the https://www.googleapis.com/auth/ndev.clouddns.readwrite or https://www.googleapis.com/auth/cloud-platform scope, neither of which are enabled by default on a GKE cluster. Google Cloud DNS API的changes.create调用需要https://www.googleapis.com/auth/ndev.clouddns.readwrite或https://www.googleapis.com/auth/cloud-platform范围,两者都不需要默认情况下在GKE群集上启用。
You can add a new Node Pool to your cluster with the DNS scope by running: 您可以通过运行以下命令将新节点池添加到具有DNS范围的群集:
gcloud container node-pools create np1 --cluster my-cluster --scopes https://www.googleapis.com/auth/ndev.clouddns.readwrite
Or, you can create a brand new cluster with the scopes you need, either by passing the --scopes flag to gcloud container clusters create , or in the New Cluster dialog in Cloud Console, click "More", and set the necessary scopes to "Enabled". 或者,您可以创建一个包含所需范围的全新集群,方法是将--scopes标志传递给gcloud container clusters create ,或者在云控制台的“ 新建集群”对话框中单击“更多”,并将必要的范围设置为“已启用”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.