堆栈内存溢出
  繁体   English   中英

如何使用云构建在谷歌云上使用云 sql 部署云运行?

[英]How to use cloud build to deploy cloud run with cloud sql on google cloud?

 原文  2021-01-08 01:35:11       google-cloud-platform/ google-cloud-sql/ google-cloud-run/ google-cloud-build/ google-cloud-iam

问题描述

我的 cloudbuild.yaml 文件(我已经构建了一个 docker 映像并将其推送到 gcr)

此应用程序在云 SQL 上使用 mysql。 所以需要连接它。

steps:
  - id: cloud-run
    name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
    entrypoint: gcloud
    args:
      - 'run'
      - 'deploy'
      - 'my-service'
      - '--image'
      - 'asia.gcr.io/$_PROJECT_ID/my-service:$_COMMIT_SHA'
      - '--region'
      - 'asia-northeast1'
      - '--platform'
      - 'managed'
      - '--service-account'
      - '$_CLOUD_RUN_PUBSUB_INVOKER'
      - '--add-cloudsql-instances'
      - '$_MYSQL_MAIN_INSTANCE_NAME'
      - '--set-env-vars'
      - 'MYSQL_MAIN_CONNECTIONS=$_MYSQL_MAIN_CONNECTIONS'
      - '--set-env-vars'
      - 'MYSQL_MAIN_INSTANCE_NAME=$_MYSQL_MAIN_INSTANCE_NAME'
      - '--set-env-vars'
      - 'MYSQL_MAIN_DB=$_MYSQL_MAIN_DB'
      - '--set-env-vars'
      - 'MYSQL_MAIN_USER=$_MYSQL_MAIN_USER'
      - '--set-env-vars'
      - 'MYSQL_MAIN_PASSWORD_SECRET_ID=$_MYSQL_MAIN_PASSWORD_SECRET_ID'
      - '--set-env-vars'

当运行构建提交时,得到云 SQL API 未激活错误

$ gcloud builds submit
Creating temporary tarball archive of 5 file(s) totalling 47.4 KiB before compression.
Uploading tarball of [.] to [gs://my-project_cloudbuild/source/1610067564.911628-8d7f3de581ca4b8faa57bd5a8ea75ef1.tgz]
Created [https://cloudbuild.googleapis.com/v1/projects/my-project/locations/global/builds/b4e1bf9c-bc06-4ce8-b252-3b34f164719d].
Logs are available at [https://console.cloud.google.com/cloud-build/builds/b4e1bf9c-bc06-4ce8-b252-3b34f164719d?project=421686839359].
---------------------------------------------------------------------------------------------- REMOTE BUILD OUTPUT -----------------------------------------------------------------------------------------------
starting build "b4e1bf9c-bc06-4ce8-b252-3b34f164719d"

FETCHSOURCE
Fetching storage object: gs://my-project_cloudbuild/source/1610067564.911628-8d7f3de581ca4b8faa57bd5a8ea75ef1.tgz#1610067566084932
Copying gs://my-project_cloudbuild/source/1610067564.911628-8d7f3de581ca4b8faa57bd5a8ea75ef1.tgz#1610067566084932...
/ [1 files][ 17.1 KiB/ 17.1 KiB]
Operation completed over 1 objects/17.1 KiB.
BUILD
Pulling image: gcr.io/google.com/cloudsdktool/cloud-sdk
Using default tag: latest
latest: Pulling from google.com/cloudsdktool/cloud-sdk
6c33745f49b4: Already exists
...
ffa0764d79dc: Pull complete
Digest: sha256:3f32cb39cdfe8902bc85e31111a9f1bc7cbd9d37f31c6164f2b41cfdaa66284f
Status: Downloaded newer image for gcr.io/google.com/cloudsdktool/cloud-sdk:latest
gcr.io/google.com/cloudsdktool/cloud-sdk:latest
Skipped validating Cloud SQL API and Cloud SQL Admin API enablement due to an issue contacting the Service Usage  API. Please ensure the Cloud SQL API and Cloud SQL Admin API are activated (see https://console.cloud.google.com/apis/dashboard).
ERROR: (gcloud.run.deploy) PERMISSION_DENIED: The caller does not have permission
ERROR
ERROR: build step 0 "gcr.io/google.com/cloudsdktool/cloud-sdk" failed: step exited with non-zero status: 1
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ERROR: (gcloud.builds.submit) build b4e1bf9c-bc06-4ce8-b252-3b34f164719d completed with status "FAILURE"

I have checked dashboard https://console.cloud.google.com/apis/dashboard , both Cloud SQL API and Cloud SQL Admin API are activated.

我还运行了https://cloud.google.com/cloud-build/docs/deploying-builds/deploy-cloud-run#continuous-iam的权限设置

gcloud iam service-accounts add-iam-policy-binding \
  PROJECT_NUMBER-compute@developer.gserviceaccount.com \
  --member="serviceAccount:PROJECT_NUMBER@cloudbuild.gserviceaccount.com" \
  --role="roles/iam.serviceAccountUser"

但仍然是同样的错误。

1 个解决方案

解决方案1
 2 已采纳  2021-01-08 05:39:18

似乎错误与 IAM 权限有关。

PERMISSION_DENIED:调用者没有权限

您还需要遵循本文档中所需的 IAM 权限步骤:

要部署到 Cloud Run(完全托管),请将 Cloud Run 管理员和服务帐户用户角色授予 Cloud Build 服务帐户:

  1. 在 Cloud Console 中,go 到 Cloud Build Settings 页面:

  2. 打开设置页面

  3. 在服务帐号权限面板中,将 Cloud Run 管理员角色的状态设置为启用:

  4. 在“可能需要附加步骤”弹出窗口中,单击“跳过”或单击“授予对所有服务帐户的访问权限”。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我们如何在谷歌云部署中使用云构建privatePool 使用远程触发器/Webhookin Google Cloud 触发 Cloud Run 构建/部署 如何使用具有替代功能的Google Cloud Build部署Google Cloud Function 如何在 Cloud Run 中从 Cloud Build 自动部署最新映像 将 Google Cloud Build 连接到 Google Cloud SQL 开始使用 Google Cloud Kubernetes 集群后,Cloud Build 无法部署 Cloud Run 如何在Google Cloud Run上部署UDP服务器 如何让 puppeteer 在 Google Cloud Run/Cloud Build 中工作? 从 Cloud Run on Google Cloud 访问 Cloud SQL 使用 Cloud Run 的 Google Cloud 工作流程
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM