问题
I want to deploy my containerised applications on Semaphore. I am using GCP for that. but whenever I run
gcloud container clusters get-credentials demo \
--project "${project}" \
--zone europe-west1-b
It gives error (gcloud.container.clusters.get) ResponseError: code=403, message=Google Compute Engine: Required 'container.clusters.get' permission
回答1:
- First, you need to see what service account are you using when doing that.
To list the account in use, login (as yourself), activate a service account, or authenticate an application, you may check this document. For example, to authenticate as yourself, use:
gcloud auth login
You can then add a role (that includes 'container.clusters.get') to that service account. The following roles from this document have the permission
Kubernetes Engine Admin (roles/container.admin)
Kubernetes Engine Cluster Admin (roles/container.clusterAdmin)
Kubernetes Engine Developer (roles/container.developer)
Kubernetes Engine Viewer(roles/container.viewer)
Sometimes it happens that you might need to create a custom role and inside, add individual permissions (e.g. 'container.clusters.get')
来源:https://stackoverflow.com/questions/50981033/which-permission-should-i-select-in-gcp-iam-console-while-creating-service-accou