Google Cloud:无法删除集群:compute.instanceGroups.update

tag-icon tag-icon google-cloud-platform google-compute-engine google-kubernetes-engine
Google Cloud:无法删除集群:compute.instanceGroups.update

删除集群时:

gcloud container clusters delete demo

我经常遇到以下错误信息:

ERROR: (gcloud.container.clusters.delete) Some requests did not succeed:
 - args: ['Operation [<Operation
 clusterConditions: [<StatusCondition
 canonicalCode: CanonicalCodeValueValuesEnum(PERMISSION_DENIED, 7)
 message: "Google Compute Engine: Required \'compute.instanceGroups.update\' permission for \'gke-demo-default-pool-11319969-grp\'.">]
 detail: "Google Compute Engine: Required \'compute.instanceGroups.update\' permission for \'gke-demo-default-pool-11319969-grp\'."
 endTime: \'2021-04-21T17:31:06.780378597Z\'
 error: <Status
 code: 7
 details: []
 message: "Google Compute Engine: Required \'compute.instanceGroups.update\' permission for \'gke-demo-default-pool-11319969-grp\'.">
 name: \'operation-1619026203457-4c931621\'
 nodepoolConditions: []
 operationType: OperationTypeValueValuesEnum(DELETE_CLUSTER, 2)
 selfLink: \'https://container.googleapis.com/v1/projects/824185028708/zones/us-west1-a/operations/operation-1619026203457-4c931621\'
 startTime: \'2021-04-21T17:30:03.457738447Z\'
 status: StatusValueValuesEnum(DONE, 3)
 statusMessage: "Google Compute Engine: Required \'compute.instanceGroups.update\' permission for \'gke-demo-default-pool-11319969-grp\'."
 targetLink: \'https://container.googleapis.com/v1/projects/824185028708/zones/us-west1-a/clusters/demo\'
 zone: \'us-west1-a\'>] finished with error: Google Compute Engine: Required \'compute.instanceGroups.update\' permission for \'gke-demo-default-pool-11319969-grp\'.']
   exit_code: 1

似乎与此类似邮政。但是当我为找到的所有服务账户添加“编辑者”角色后,删除命令仍然失败。

更新:根据检查结果活动中,真正试图删除集群创建的实例组的“用户”是“ [12DigitNumber]@cloudservices.gserviceaccount.com”。

有任何想法吗?

答案1

检查后活动页面查阅了 Google 文档中有关服务帐户的内容后,我意识到这是由之前的错误导致的,该错误删除了 Google 创建的默认服务帐户。为了恢复它,我使用了:

gcloud projects add-iam-policy-binding PROJECT_ID \
    --member serviceAccount:[email protected] \
    --role roles/editor

参考:Google APIs Service Agent 服务帐号被误删除

答案2

该错误表示缺少权限,无法继续删除。您可以设置所需的权限并重试删除吗?permission_required:“compute.instanceGroups.update”

请按照以下步骤添加所需的权限:

  1. 转到导航菜单,然后单击 IAM 和管理
  2. 选择 IAM
  3. 点击“编辑”或成员的铅笔图标
  4. 选择 + 添加其他角色
  5. 在“选择角色”中查找 Compute Engine,然后单击 Compute Admin。

相关内容