(Terraform、Cloud Run)错误:禁止 您的客户端无权从该服务器获取 URL /
4 google-cloud-platform terraform devops terraform-provider-gcp google-cloud-run
我正在尝试使用以下Terraform代码在Cloud Run上运行 docker 映像:
provider "google" {
credentials = file("myCredentials.json")
project = "myproject-214771"
region = "asia-northeast1"
}
resource "google_cloud_run_service" "default" {
name = "hello-world"
location = "asia-northeast1"
template {
spec {
containers {
image = "gcr.io/myproject-214771/hello-world:latest"
}
}
}
traffic {
percent = 100
latest_revision = true
}
}
然后,docker镜像运行成功:
但是当我访问该 URL 时,它显示:
错误:禁止 您的客户端无权从该服务器获取 URL /
我的Terraform代码中有任何错误吗?
小智 9
将此代码添加(复制并粘贴)到您的Terraform代码中,以允许对公共 API 或网站进行未经身份验证的调用:
data "google_iam_policy" "noauth" {
binding {
role = "roles/run.invoker"
members = [
"allUsers",
]
}
}
resource "google_cloud_run_service_iam_policy" "noauth" {
location = google_cloud_run_service.default.location
project = google_cloud_run_service.default.project
service = google_cloud_run_service.default.name
policy_data = data.google_iam_policy.noauth.policy_data
}
这是完整的代码:
provider "google" {
credentials = file("myCredentials.json")
project = "myproject-214771"
region = "asia-northeast1"
}
resource "google_cloud_run_service" "default" {
name = "hello-world"
location = "asia-northeast1"
template {
spec {
containers {
image = "gcr.io/myproject-214771/hello-world:latest"
}
}
}
traffic {
percent = 100
latest_revision = true
}
}
data "google_iam_policy" "noauth" {
binding {
role = "roles/run.invoker"
members = [
"allUsers",
]
}
}
resource "google_cloud_run_service_iam_policy" "noauth" {
location = google_cloud_run_service.default.location
project = google_cloud_run_service.default.project
service = google_cloud_run_service.default.name
policy_data = data.google_iam_policy.noauth.policy_data
}
最后,您的 URL 正确显示您的网站:
此外,现在“身份验证”是“允许未经身份验证”:
不要忘记将角色“Cloud Run Admin”添加到您的服务帐户:
否则,您不能允许对公共 API 或网站进行未经身份验证的调用,那么您将收到以下错误:
为cloudrun服务“v1/projects/myproject-214771/locations/asia-northeast1/services/hello-world”设置IAM策略时出错:googleapi:错误403:资源“projects/myproject-”上的权限“run.services.setIamPolicy”被拒绝214771/locations/asia-northeast1/services/hello-world'(或者资源可能不存在)。
此外,通过以下这些角色,您不能允许对公共 API 或网站进行未经身份验证的调用:
只有“Cloud Run Admin”角色可以允许对公共 API 或网站进行未经身份验证的调用。
| 归档时间: |
|
| 查看次数: |
8004 次 |
| 最近记录: |