[英]Unable to create Serverless VPC Access Connector when using SharedVPC
SharedVPC
with a.network network01
and a su.net serverless-su.net01: 10.200.12.0/28
SharedVPC
的共享 VPC 项目,带有 a.network network01
和 su.net serverless serverless-su.net01: 10.200.12.0/28
project1
project1
共享 its.networks 和 su.netsserverless-su.net01
serverless-su.net01
us-central1
us-central1
owner
role in both projectsowner
角色vpcaccess.googleapis.com
is enabled in project1
vpcaccess.googleapis.com
在project1
中启用 I want to create a Serverless VPC Access Connector in project1
using network01
and serverless-su.net01
, but when trying to follow the documentation to create a connector, the following error occurs after clicking "create" with us-central1
as the region, network01
as the.network, and serverless-su.net01
as the su.net:我想使用
network01
和serverless-su.net01
在project1
中创建无服务器 VPC 访问连接器,但是当尝试按照文档创建连接器时,在单击“创建”并使用us-central1
作为区域network01
后出现以下错误作为.network,serverless serverless-su.net01
作为su.net:
Operation failed: VPC Access did not have permission to resolve the subnet or the provided subnet does not exist.
I have attempted to apply the troubleshooting steps in the documentation, with the following results:我尝试应用文档中的故障排除步骤,结果如下:
service-PROJECT_NUMBER@gcp-sa-vpcaccess.iam.gserviceaccount.com
or the role of roles/vpcaccess.serviceAgent
in either project1
or SharedVPC
SharedVPC
with the name service-SharedVPC_PROJECT_NUMBER@gcp-sa-vpcaccess.iam.gserviceaccount.com
, but it is only visible through gcloud commands and adding the appropriate roles to it does not fix the issue.project1
或SharedVPC
编辑中没有名称为service-PROJECT_NUMBER@gcp-sa-vpcaccess.iam.gserviceaccount.com
或roles/vpcaccess.serviceAgent
SharedVPC
中有一个名为service-SharedVPC_PROJECT_NUMBER@gcp-sa-vpcaccess.iam.gserviceaccount.com
的帐户service-SharedVPC_PROJECT_NUMBER@gcp-sa-vpcaccess.iam.gserviceaccount.com
,但它只能通过 gcloud 命令可见,并且向其添加适当的角色并不能解决问题。serverless-su.net-01
, serverless-su.net-01
重叠,The solution was that there was a vpc access service account for project1
, but it was only visible through gcloud commands rather than the console.解决方案是
project1
有一个 vpc 访问服务帐户,但它只能通过 gcloud 命令而不是控制台可见。 This account needs the roles/vpcaccess.serviceAgent
role in the shared vpc project in order to access the su.net.此帐户需要共享 vpc 项目中的
roles/vpcaccess.serviceAgent
角色才能访问 su.net。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.