stackoom
  简体   繁体   中英

Permission error when trying to deploy to Google Cloud Run

 原文  2019-05-09 23:36:26       google-cloud-platform/ google-cloud-run

Question

I'm getting a permission error when trying to deploy an image to cloud run:

gcloud beta run deploy endpoints_proxy \
    --image="gcr.io/endpoints-release/endpoints-runtime-serverless:1.30.0" \
    --allow-unauthenticated

This is the error:

ERROR: (gcloud.beta.run.deploy) User [email-goes-here] does not have permission to access namespace [project-id-goes-here] (or it may not exist): Cloud Run does not have permission to get access tokens for the default compute service account, 1088973916567-compute@developer.gserviceaccount.com. Please give Google Cloud Run Service Agent the permission iam.serviceAccounts.getAccessToken on the default compute service account.

My account has owner and editor permissions, I even tried attaching the Cloud Run Service Agent role.

I also tried adding these roles to the "default compute service account" listed in the error, didn't work.

4 answers

solution1
 16 ACCPTED  2019-05-09 23:36:26

The error message is very misleading, the error occurs because the Cloud Run Service Agent was missing.

After creating the following service account:

Name: service-<account-id>@serverless-robot-prod.iam.gserviceaccount.com
Role: Google Cloud Run Service Agent

The problem got solved. Looks like Cloud Run needs this service account to work, so don't ever delete it :)

solution2
 2  2021-05-18 23:36:11

You should enable permissions to the Cloud Build service account. It won't work unless you do so.

Google Cloud Console > Cloud Build > Cloud Build Settings > enable access to the GCP services that you are using. (see the images attached)

Cloud Build Panel

Cloud Build Panel - enable services that you want

solution3
 0  2022-07-27 16:47:45

Also, just make sure your card hasn't expired. When mine did, I got these opaque errors (such as this one) that didn't reference to billing in any way.

solution4
 0  2023-01-27 18:40:07

If the service-<project-id>@serverless-robot-prod.iam.gserviceaccount.com is not present in GCP console, just run this command:

gcloud projects add-iam-policy-binding --member=serviceAccount:service-<project-id>@serverless-robot-prod.iam.gserviceaccount.com --role=roles/run.serviceAgent <project-id>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Error when trying to deploy Google Cloud function with Vendor directory Getting error when trying to execute cloud build to deploy application to cloud run 'ERROR_DESTINATION_NOT_REACHABLE:' Error When Trying to Deploy to Google Cloud Platform Permission denied (publickey) error when trying to connect to Google Cloud Shell via SSH *** ConnectionError: ('Connection aborted.', error(13, 'Permission denied')) when trying to upload files to Google Cloud Storage Error when trying to deploy functions on Google Cloud Platform for API.ai webhook Error when trying to deploy Google cloud function in Go 1.11 using go modules A database name must be provided error when trying to deploy a spring boot app to google cloud Cloud build permission denied when deploy to cloud run with “--set-sql-instance” argument service exception error 60 when trying to run google cloud speech transcription
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM