Home > Enterprise >  Permission error in GCP when creating a new compute instance but service account does have permissio
Permission error in GCP when creating a new compute instance but service account does have permissio

Time:06-22

I am running a cloudbuild.yaml job in Google Cloud Platform that builds, pushes and tags a Docker Image and then it creates a Compute Engine instance to run that image via gcr.io/cloud-builders/gcloud.create-with-container. I also specify a service account to be used in this step:

- id: "Create Compute Engine instance"
  name: gcr.io/cloud-builders/gcloud
  args: [
    'compute',
    'instances',
    'create-with-container',
    '${INSTANCE_NAME}',
    '--container-image',
    'eu.gcr.io/${PROJECT_ID}/${PROJECT_ID}-${REPO_NAME}',
    '--zone',
    '${ZONE}',
    '--service-account',
    '${SERVICE_ACCOUNT},
    '--machine-type',
    'n2-standard-4'
    ]

However I am getting an error:

Already have image (with digest): gcr.io/cloud-builders/gcloud
ERROR: (gcloud.compute.instances.create-with-container) Could not fetch resource:
 - Required 'compute.instances.create' permission for 'projects/...'

The service account in use does have the permissions for that as it has been assigned "role": "roles/compute.instanceAdmin.v1", which includes compute.instances.* as per Cloud Console

Page link:https//www.codepudding.com/Enterprise/450134.html

Prev:changing python version in docker
Next:How to stop uvicorn ASGI web server running when building Dockerfile?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding