gcloud.container.builds.submit HTTPError 40
赋予一个新用户权限(“cloud container builder” role),执行命令
1 | gcloud container builds submit --config cloudbuild.yaml . |
创建Image成功,但是输出错误信息
1 | ERROR: (gcloud.container.builds.submit) HTTPError 403: '1.0' encoding='UTF-8' xml version=<Error><Code>AccessDenied</Code><Message>Access denied.</Message><Details>jasonsu@fintend.com does not have storage.objects.get access to 727357779496.cloudbuild-logs.googleusercontent.com/log-2f28a385-5782-4f77-8ccb-49c1f6e9bc1d.txt.</Details></Error> |
原因:GCS permissions predate IAM and thus work a little differently. To view the logs, the Service Account in question needs to be a Viewer on the project in addition to have the Builder Editor role.
因此解决方案:赋予用户两种role,Viewer 和 Builder Editor
SSH方式无法连接Instance
在instance的.ssh/authorized_keys文件里面添加public key
(gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Required
使用contain builder时候,执行kubectl set命令失败,原因是@cloudbuild.gserviceaccount.com账号没有kubernetes权限。
解决方案:添加Kubernetes Engine Developer权限即可