我正在使用 Terraform 脚本来创建集群(下面的 tf 代码)。它完成了 90%,然后是错误。在尝试应用其他更改或删除此集群时,我遇到了权限不足的问题。我在项目所有者中创建了每个帐户,但仍然存在问题。我如何清除它?
错误:
(1) (1) (1) Google Compute Engine: Required 'compute.instanceGroupManagers.delete' permission for 'projects/gke-eval-319218/zones/us-east4-a/instanceGroupManagers/gke-hello-default-pool-6e16e226-grp' (2) Google Compute Engine: Required 'compute.instanceGroupManagers.delete' permission for 'projects/gke-eval-319218/zones/us-east4-b/instanceGroupManagers/gke-hello-default-pool-a00f72b6-grp' (3) Google Compute Engine: Required 'compute.instanceGroupManagers.delete' permission for 'projects/gke-eval-319218/zones/us-east4-c/instanceGroupManagers/gke-hello-default-pool-ea0634bc-grp' (2) (1) Google Compute Engine: Required 'compute.projects.get' permission for 'projects/gke-eval-319218' (2) retry budget exhausted (5 attempts): Google Compute Engine: Required 'compute.routes.list' permission for 'projects/gke-eval-319218' (3) Google Compute Engine: Required 'compute.firewalls.delete' permission for 'projects/gke-eval-319218/global/firewalls/gke-hello-c4849243-all' (4) Google Compute Engine: Required 'compute.firewalls.delete' permission for 'projects/gke-eval-319218/global/firewalls/gke-hello-c4849243-ssh' (5) Google Compute Engine: Required 'compute.firewalls.delete' permission for 'projects/gke-eval-319218/global/firewalls/gke-hello-c4849243-vms' (2) Google Compute Engine: Required 'compute.subnetworks.get' permission for 'projects/gke-eval-319218/regions/us-east4/subnetworks/default'.
造成这种混乱的脚本:
variable project_id {}
variable zones {}
variable region {}
variable name {}
variable network {}
variable subnetwork {}
variable ip_range_pods { default = null }
variable ip_range_services { default = null }
locals {
service_account = "${var.name}-sa"
}
resource "google_service_account" "service_account" {
project = var.project_id
account_id = "${local.service_account}"
display_name = "${var.name} cluster service account"
}
resource "google_project_iam_binding" "service_account_iam" {
project = var.project_id
role = "roles/container.admin"
members = [
"serviceAccount:${local.service_account}@${var.project_id}.iam.gserviceaccount.com",
]
}
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google"
project_id = var.project_id
name = var.name
region = var.region
zones = var.zones
network = var.network
subnetwork = var.subnetwork
ip_range_pods = var.ip_range_pods
ip_range_services = var.ip_range_services
http_load_balancing = true
horizontal_pod_autoscaling = false
network_policy = false
service_account = "${local.service_account}@${var.project_id}.iam.gserviceaccount.com"
node_pools = [
{
name = "default-pool"
machine_type = "e2-medium"
min_count = 3
max_count = 20
local_ssd_count = 0
disk_size_gb = 100
auto_repair = true
auto_upgrade = true
preemptible = false
initial_node_count = 10
},
]
node_pools_oauth_scopes = {
all = []
default-pool = [
"https://www.googleapis.com/auth/cloud-platform",
]
}
node_pools_labels = {
all = {}
default-pool = {
default-pool = true
}
}
node_pools_metadata = {
all = {}
default-pool = {
node-pool-metadata-custom-value = "my-node-pool"
}
}
node_pools_taints = {
all = []
default-pool = [
{
key = "default-pool"
value = true
effect = "PREFER_NO_SCHEDULE"
},
]
}
node_pools_tags = {
all = []
default-pool = [
"default-pool",
]
}
}
答案 0 :(得分:1)
如果您忘记任何 API,您可能需要启用 API
喜欢
@media (min-height: 680px) {
.someClass {
margin: 5px;
}
}
另外,请确保您的服务帐户具有附加的角色或策略。
gcloud services enable container.googleapis.com