Google Error

gcloud.container.builds.submit HTTPError 40

赋予一个新用户权限(“cloud container builder” role),执行命令

1
gcloud container builds submit --config cloudbuild.yaml .

创建Image成功,但是输出错误信息

1
ERROR: (gcloud.container.builds.submit) HTTPError 403: <?xml version='1.0' encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access denied.</Message><Details>jasonsu@fintend.com does not have storage.objects.get access to 727357779496.cloudbuild-logs.googleusercontent.com/log-2f28a385-5782-4f77-8ccb-49c1f6e9bc1d.txt.</Details></Error>

原因:GCS permissions predate IAM and thus work a little differently. To view the logs, the Service Account in question needs to be a Viewer on the project in addition to have the Builder Editor role.

因此解决方案:赋予用户两种role,Viewer 和 Builder Editor

SSH方式无法连接Instance

在instance的.ssh/authorized_keys文件里面添加public key

(gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Required

使用contain builder时候,执行kubectl set命令失败,原因是@cloudbuild.gserviceaccount.com账号没有kubernetes权限。

解决方案:添加Kubernetes Engine Developer权限即可