'Google Cloud get cluster credentials unauthorized
I've created a service account in the IAM page of google cloud console but unfortunately I'm unable to assign roles to this account - or I'm missing something.
When attempting to get the cluster credentials for kubectl, GCloud always responds with the following:
gcloud container clusters get-credentials api --zone europe-west1-b --project *****
Fetching cluster endpoint and auth data.
ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Required "container.clusters.get" permission for "projects/*****/zones/europe-west1-b/clusters/api".
I've also added all the roles to the account as demonstrated here:
gcloud projects get-iam-policy project-tilas
bindings:
- members:
- serviceAccount:travis@*****.iam.gserviceaccount.com
role: roles/container.admin
- members:
- serviceAccount:travis@*****.iam.gserviceaccount.com
role: roles/editor
- members:
- user:Tj****[email protected]
role: roles/owner
- members:
- serviceAccount:travis@*****.iam.gserviceaccount.com
role: roles/viewer
etag: BwVqZB734TY=
version: 1
What am I missing? Authentication is successful, and the project id/number's match up to what I see in the GCloud dashboard...
Solution 1:[1]
While not a definitive answer, I actually solved this but just deleting the service account and recreating it.
Frustrating.
Solution 2:[2]
I was facing same issue, my fault is I was mentioning project name instead of project id. I solved the issue with:
gcloud config set project <project_id>
and then:
gcloud container clusters get-credentials <cluster-name> --zone=<zone>
Just thought about leaving this here as it may help someone in the future
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Thomas Nairn |
| Solution 2 | Idhem |