堆栈内存溢出
  简体   繁体   English

无法通过Web UI在Google Cloud中创建Kubernetes集群

[英]Can't create Kubernetes cluster in Google Cloud from web UI

 原文  2019-04-09 08:52:49       kubernetes/ google-cloud-platform

问题描述

I removed a bunch of IAM policies and think this is preventing me from creating k8s clusters in Google Cloud (through the UI). 我删除了许多IAM策略,并认为这阻止了我在Google Cloud中(通过UI)创建k8s集群。

Every time I click Create cluster , it processes for a bit, before hanging up and throwing the following error: 每次我单击Create cluster ,它都会处理一段时间,然后挂断并引发以下错误: 

Create Kubernetes Engine cluster "standard-cluster-1"
Just now
MyProject
Google Compute Engine: Required 'compute.zones.get' permission for 'projects/<MY_PROJECT_ID>/zones/us-central1-a'.

I'm mainly doing this through my host shell (iTerm) and NOT through the interactive shell found on cloud.google.com. 我主要是通过主机外壳(iTerm)进行此操作,而不是通过cloud.google.com上的交互式外壳进行此操作。

Here's the IAM policy for a user (I use my google email address under the Member column): 这是用户的IAM政策(我在“ Member列下使用我的Google电子邮件地址):

科陆电子

Really hoping to get unblocked so I can start creating clusters in my shell again and not have to use the interactive shell on the Google Cloud website. 真希望能不受阻碍,因此我可以再次在自己的Shell中创建集群,而不必使用Google Cloud网站上的交互式Shell。

2 个解决方案

解决方案1
 1 已采纳  2019-04-09 10:26:28

You are missing ServiceAgent roles. 您缺少ServiceAgent角色。 But only service accounts can be granted those roles. 但是只有服务帐户可以被授予这些角色。

1) First, copy you project number 1)首先,复制您的项目编号

2) create following members for the Service Agents replacing 77597574896 with your project number and set appropriate roles: 2)为服务代理创建以下成员,将其替换为您的项目编号77597574896 ,并设置适当的角色: 

service-77597574896@container-engine-robot.iam.gserviceaccount.com  - Kubernetes Engine Service Agent
service-77597574896@compute-system.iam.gserviceaccount.com - Kubernetes Engine Service Agent
77597574896@cloudservices.gserviceaccount.com - Editor

在此处输入图片说明

This should work now, because I've tested it with my cluster 现在应该可以使用了,因为我已经在集群中对其进行了测试

解决方案2
 0  2019-04-09 10:42:58

In order to create new cluster container - please just add new role in yours IAM settings: 为了创建新的群集容器-请在您的IAM设置中添加新角色:
- Kubernetes Engine Admin ,
Please share with the results. 请与结果分享。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法从Google Kubernetes Engine群集访问Google Cloud Datastore - Can't access Google Cloud Datastore from Google Kubernetes Engine cluster 为什么Kubernetes集群在VM实例上Google Cloud无法将主机与NodePort连接? - Why Kubernetes cluster on VM instances Google Cloud can't connect host with NodePort? Google Cloud Kubernetes - 如何创建区域或区域 GKE 集群? - Google Cloud Kubernetes - How to create Zonal or Regional GKE cluster? Terraform:如何使用命名空间在Google Cloud(GKE)上创建Kubernetes集群? - Terraform: How to create a Kubernetes cluster on Google Cloud (GKE) with namespaces? 如何通过 Google Cloud Classic VPN 从外部网络连接到 Kubernetes 工作负载集群 IP? - How can i connect to a Kubernetes Workload Cluster IP from an external network via a Google Cloud Classic VPN? Google Cloud Kubernetes集群无法连接到节点或删除吗? - Google Cloud Kubernetes cluster can not connect to nodes or delete? 如何将kubernetes事件从GKE集群传播到谷歌云日志 - How to propagate kubernetes events from a GKE cluster to google cloud log 无法使用 Google Cloud Kubernetes 替换 - Can't use Google Cloud Kubernetes substitutions Google的Cloud Run与传统的Kubernetes集群有何不同? - How is Google's Cloud Run different from a traditional Kubernetes cluster? Spring Cloud Data Flow:任务无法在Kubernetes集群上启动 - Spring Cloud Data Flow: task can't start on Kubernetes cluster
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM