堆栈内存溢出
  简体   繁体   English

(gcloud.container.clusters.create)ResponseError:代码= 400,消息=用户无权访问服务帐户“默认”

[英](gcloud.container.clusters.create) ResponseError: code=400, message=The user does not have access to service account “default”

 原文  2017-08-10 14:32:51       google-cloud-platform/ google-kubernetes-engine

问题描述

gcloud auth activate-service-account --key-file aysc.json
gcloud config set project abcxyz
gcloud config set compute/zone europe-west1-b
gcloud container clusters create wordpress --num-nodes=2

I'm running the above commands, on the last command I'm getting an error of: 我正在运行以上命令,在上一个命令中出现以下错误: 

ERROR: (gcloud.container.clusters.create) ResponseError: code=400, message=The user does not have access to service account "default".

However this account is part of the service account actor group. 但是,此帐户是服务帐户参与者组的一部分。 I've also disabled and enabled the container API, which did not change the behavior. 我还禁用并启用了容器API,该容器API并未更改行为。 It was suggested by this question: https://serverfault.com/questions/780363/external-the-user-does-not-have-access-to-service-account-default 有人提出了以下问题: https : //serverfault.com/questions/780363/external-the-user-does-not-have-access-to-service-account-default

1 个解决方案

解决方案1
 0 已采纳  2017-08-10 19:00:39

I saw this situation a few days ago. 我几天前看到了这种情况。 This error means that the service account you are are running gcloud with using cannot ActAs the service account the VMs will run as (default compute service account in this case). 此错误表示您正在使用gcloud运行的服务帐户无法作为虚拟机将作为该服务帐户运行(在这种情况下为默认计算服务帐户)。

I would sanity check the following: 我会仔细检查以下内容:

  • Does the service account in aync.json have the Service Account Actor role for the project abcxyz? aync.json中的服务帐户是否对项目abcxyz具有“服务帐户角色”角色? (giving it Service Account Actor for just the default compute service account seems insufficient) (仅为默认的计算服务帐户提供服务帐户Actor似乎不够)
  • Does the default compute service account exist in the project abcxyz? 项目abcxyz中是否存在默认的计算服务帐户? It typically looks like #######-compute@developer.gserviceaccount.com with Editor permissions to your project. 它通常看起来像#######-compute@developer.gserviceaccount.com,具有对项目的“编辑者”权限。 If it does not exist, re-enabling container API should re-create it as the other question suggests. 如果它不存在,则重新启用容器API应该按照另一个问题的建议重新创建它。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ERROR: (gcloud.beta.container.clusters.create) ResponseError: code=400, message=v1 API 无法用于访问 GKE 区域集群 - ERROR: (gcloud.beta.container.clusters.create) ResponseError: code=400, message=v1 API cannot be used to access GKE regional clusters gcloud:用户无权访问服务帐户“默认” - gcloud: The user does not have access to service account “default” 为什么我会收到“(gcloud.alpha.container.clusters.create) ResponseError: code=404, message=Method not found”。 在 alpha 集群创建期间? - Why am I getting "(gcloud.alpha.container.clusters.create) ResponseError: code=404, message=Method not found." during alpha cluster creation? “错误:(gcloud.asset.export) 用户没有权限”仅在使用服务帐户进行身份验证时 - "ERROR: (gcloud.asset.export) User does not have permission" only when authenticated with a service account 服务帐户是否必须模拟用户才能访问目录 Api? - Does a Service Account have to impersonate a user to access the Directory Api? “错误:(gcloud.functions.call)ResponseError:状态= [404],代码= [确定],消息= [项目ABC中us-central1区域中的函数XYZ不存在]” - "ERROR: (gcloud.functions.call) ResponseError: status=[404], code=[Ok], message=[Function XYZ in region us-central1 in project ABC does not exist]" 错误:(gcloud.builds.submit)错误 403:<service account> 没有 storage.objects.get 访问谷歌云存储 object</service> - ERROR: (gcloud.builds.submit) Error 403: <SERVICE ACCOUNT> does not have storage.objects.get access to the Google Cloud Storage object “ gcloud容器集群创建失败”,权限为“ container.clusters.create” - “gcloud container clusters create fails” with “container.clusters.create” permission error 允许 GCloud 服务帐号访问特定用户的 G Suite 帐号吗? - Allow GCloud service account to access specific user's G Suite account? 如何将我的 gcloud 用户凭据安全地放入容器中,并在本地测试时使用它们来模拟服务帐户? - how can I get my gcloud user creds into a container securely and use them to impersonate a service account when testing locally?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM