以下链接https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters讨论了如何在单独的自定义VPC中设置私有GKE集群。可从https://github.com/rajtmana/gcp-terraform/blob/master/k8s-cluster/main.tf获得用于创建集群和VPC的Terraform代码。集群创建已经完成,我想使用Google Cloud Shell。我使用了以下命令
$ gcloud container clusters get-credentials mservice-dev-cluster --region europe-west2
$ gcloud container clusters update mservice-dev-cluster \
> --region europe-west2 \
> --enable-master-authorized-networks \
> --master-authorized-networks "35.241.216.229/32"
Updating mservice-dev-cluster...done.
ERROR: (gcloud.container.clusters.update) Operation [<Operation
clusterConditions: []
detail: u'Patch failed'
$ gcloud container clusters update mservice-dev-cluster \
> --region europe-west2 \
> --enable-master-authorized-networks \
> --master-authorized-networks "172.17.0.2/32"
Updating mservice-dev-cluster...done.
Updated [https://container.googleapis.com/v1/projects/protean-
XXXX/zones/europe-west2/clusters/mservice-dev-cluster].
To inspect the contents of your cluster, go to:
https://console.cloud.google.com/kubernetes/workload_/gcloud/europe-
west2/mservice-dev-cluster?project=protean-XXXX
$ kubectl config current-context …vpc google-cloud-platform kubernetes google-kubernetes-engine google-cloud-shell
我使用 Terraform 在 GCP 中创建了一个服务帐户和一个自定义角色。如何将此自定义角色附加到服务帐户?我可以使用 GCP Console 来做到这一点,但这不是这里的需要,因为我必须使用 Terraform 来做到这一点。请在下面找到我用于创建服务帐户和自定义规则的代码片段。
resource "google_service_account" "mservice_infra_service_account" {
account_id = "mserviceinfra-service-account"
display_name = "Infrastructure Service Account"
}
resource "google_project_iam_custom_role" "mservice_infra_admin" {
role_id = "mservice_infra_admin"
title = "mservice_infra_admin"
description = "Infrastructure Administrator Custom Role"
permissions = ["compute.disks.create", "compute.firewalls.create", "compute.firewalls.delete", "compute.firewalls.get", "compute.instanceGroupManagers.get", "compute.instances.create", "compute.instances.delete", "compute.instances.get", "compute.instances.setMetadata", "compute.instances.setServiceAccount", "compute.instances.setTags", "compute.machineTypes.get", "compute.networks.create", "compute.networks.delete", "compute.networks.get", "compute.networks.updatePolicy", "compute.subnetworks.create", "compute.subnetworks.delete", "compute.subnetworks.get", "compute.subnetworks.setPrivateIpGoogleAccess", "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", "compute.zones.get", "container.clusters.create", "container.clusters.delete", "container.clusters.get", "container.clusters.update", "container.operations.get"]
}
如果有人能找到基于 Terraform 的解决方案来解决此问题,将不胜感激。谢谢