使用服务帐户从Compute Engine部署App Engine Flex
[英]Deploying App Engine Flex from Compute Engine with service account
问题描述
I have setup a compute engine instance for centralised maintenance and updating of App Engine Flex instances. 
我已经设置了一个计算引擎实例,用于集中维护和更新App Engine Flex实例。 One reason for this is to keep the database and other credentials inside the Google Project and not to store them on local development machines. 原因之一是将数据库和其他凭据保留在Google Project中,而不是将其存储在本地开发计算机上。
When I am trying to flex deploy with 当我尝试灵活部署
gcloud app deploy
I get an error 我得到一个错误
ERROR: (gcloud.beta.app.deploy) Permissions error fetching application [<project here>]. Please make sure you are using the correct project ID and that you have permission to view applications on the project.
Service account is default compute engine account and I have enabled Editor role for it in the IAM. 服务帐户是默认的计算引擎帐户,并且我已在IAM中为其启用了编辑者角色。 I also tried enabling all App Engine roles but it did not change the situation. 我还尝试启用所有App Engine角色,但并没有改变这种情况。
Is there a way to make deployments from Compute Engine and if so what would be the correct credentials or am I missing some steps here? 有没有一种方法可以从Compute Engine进行部署,如果可以,那么正确的凭据是什么?或者我在这里缺少一些步骤?
1 个解决方案
解决方案1
5 已采纳 2018-02-21 15:18:59
I created a new Compute Engine Instance and tried issuing the same command as you are running. 我创建了一个新的Compute Engine实例,并尝试发出与您正在运行的命令相同的命令。 I also encountered the same issue. 我也遇到了同样的问题。 Here is how I've managed to resolve it. 这是我设法解决它的方法。
1) Stop the instance 1)停止实例
2) Navigate to IAM > Service Accounts > Create Service Account 2)导航到IAM>服务帐户>创建服务帐户
3) Create a new service account and ensure you add roles for 'App Engine Admin'or 'App Engine Deployer' in addition to 'Storage Admin', 'Project Editor' and 'Cloud Container Builder Editor' to the service account. 3)创建一个新的服务帐户,并确保为服务帐户添加“存储管理员”,“项目编辑器”和“云容器构建器编辑器”之外的“ App Engine Admin”或“ App Engine Deployer”角色。 So in total you should have a minimum of 4 roles assigned to the service account, plus any other roles you think you may need for your application. 因此,总共应该为服务帐户分配至少4个角色,以及您认为应用程序可能需要的其他任何角色。
4) Edit the stopped instance (from step 1) and change the service account to the new service account you created. 4)编辑停止的实例(从步骤1开始),然后将服务帐户更改为您创建的新服务帐户。
When you restart the instance you should now have the correct permissions/roles to deploy your App Engine Flex App from the instance. 重新启动实例后,您现在应该具有正确的权限/角色,可以从实例部署App Engine Flex App。
There was an authorisation issue because the Compute Engine default service account isn't assigned the roles required for deploying applications to App Engine flex, as various APIs are utilised in this process. 存在授权问题,因为未为Compute Engine默认服务帐户分配将应用程序部署到App Engine flex所需的角色,因为此过程中使用了各种API。 By assigning the roles required for App Engine Flex deployments to a new service account, and then adding the service account to the instance, the instance then has the required authorisation to interact with other GCP APIs needed for App Engine Flex deployments. 通过将App Engine Flex部署所需的角色分配给新的服务帐户,然后将该服务帐户添加到实例,该实例便具有与App Engine Flex部署所需的其他GCP API交互所需的授权。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.