我正在尝试从GCP存储桶访问存储桶。当我从本地运行它时,它运行完美。但是,当我在GCP Kubernetes中部署应用程序并运行相同的功能时,它将在控制台中抛出以下错误。我不确定如何解决该问题。谁能帮我吗?
E 2020-03-09T00:08:58.059173975Z {
E 2020-03-09T00:08:58.059192256Z "code" : 403,
E 2020-03-09T00:08:58.059197666Z "errors" : [ {
E 2020-03-09T00:08:58.059208250Z "domain" : "global",
E 2020-03-09T00:08:58.059213845Z "message" : "Request is prohibited by organization's policy.
vpcServiceControlsUniqueIdentifier: b4bca9177b2c10bb",
E 2020-03-09T00:08:58.059219532Z "reason" : "vpcServiceControls"
E 2020-03-09T00:08:58.059224892Z } ],
BillingCloudStorage bc = new BillingCloudStorage();
InputStream is = bc.test();
System.out.println("Input Stream is");
System.out.println(is);
options = StorageOptions.newBuilder()
.setProjectId(PROJECT_ID)
.setCredentials(GoogleCredentials.fromStream(
is) ).build();
System.out.println("Received the options");
Storage storage = options.getService();
Blob blob = storage.get(BUCKET_NAME, OBJECT_NAME);
答案 0 :(得分:0)
实际上,您的GCP中的VPC服务控件的配置方式似乎不允许您的GKE从您的Cloud Storage中访问存储桶-正如堆栈跟踪的这一部分所指示。
“原因”:“ vpcServiceControls”
根据文档Determine if an error is due to VPC Service Controls,错误403: Request violates VPC Service Controls.与Cloud Storage有关,这似乎就是您要面对的问题。 Known Limitations文档提供了有关该VPC配置工作所需的更多见解
此外,您需要确保已配置的GKE和Cloud Storage是相同的服务帐户,以便它们能够相互集成。 Integrating microservices with Pub/Sub and GKE这个文档-应该提供有关如何将GCP微服务与GKE集成的更多信息。
让我知道信息是否对您有帮助!