I'm looking for a way to automate config updates for Google API Gateway, i.e. change config for an existing instance of "API Gateway" in a single step.
What I've tried so far, assuming that new API config name is "my-new-config" and API Gateway name is "my-gateway":
> gcloud beta api-gateway gateways update my-gateway --api-config=my-new-config --location=us-central1
Output:
ERROR: (gcloud.beta.api-gateway.gateways.update) INVALID_ARGUMENT: update_mask does not contain any field paths
> gcloud beta api-gateway gateways update my-gateway --api-config=my-new-config --location=us-central1 --display-name random-string-for-display-name
Output:
Command executes successfully, but config change is not applied.
gcloud version: 333.0.0
OS: Debian linux
I've created 2 tickets in Google's issue tracker (one, two), but there's no activity for them after 3 weeks.
Try with aplha instead of beta and specifying de API ID flag (--api):
gcloud alpha api-gateway gateways update my-gateway --api=api-id --api-config=my-new-config --location=us-central1
You're missing the --api flag in step 2, which seems to be required. It looks like without that specified, it doesn't make the right request.
You try to update api-config of api-gateway, here api is a required flag:
From the docs, when first is specified, second is mandatory:
[--api-config=API_CONFIG : --api=API]
api-config: This flag must be specified if any of the other arguments in this group are specified.
After i've added --api, it was possible to update the gateway with the new api-config
Related
It doesn't seem possible to create an API Gateway config for a gateway i've created using:
gcloud api-gateway apis create test-api --project=acme-prd
Then the following command fails
gcloud api-gateway api-configs create 01 \
--api=test-api --openapi-spec=./acme-web-gateway-v2.yaml \
--project=acme-prd --backend-auth-service-account=svc-owner#acme-prd.iam.gserviceaccount.com
With the error:
ERROR: (gcloud.api-gateway.api-configs.create) FAILED_PRECONDITION: API Gateway Management Service Agent does not have permission to create Service Configs for Service "test-api-3qz6mxqfw7klr.apigateway.acme-prd.cloud.goog", or the Service does not exist.
Noting the service account svc-owner#acme-prd.iam.gserviceaccount.com has Owner privileges on the project.
Is there something I am missing? This is preventing a Terraform deployment. I've used gcloud commands to demonstrate the issue.
Also of note, this does not work in the GCP UI either. :(
Permissions granted to the account being used:
Cheers
KH
To resolve this, you will need to ensure that the Service Agent account has the necessary permissions for the specified service. Check API Gateway Service Account and verify if it has “Service Account User '' role associated with it.The apigateway.apis.create should have owner/editor permissions.
Check the Google Cloud Console or by using command gcloud services list to see if the Gateway API, Service Management API, Service Control API are enabled because these api are prerequisites.You will need to enable it if it is not already enabled.you enable by using below commands:
gcloud services enable apigateway.googleapis.com
gcloud services enable servicemanagement.googleapis.com
gcloud services enable servicecontrol.googleapis.com
Attaching documents for creating an api, Gateway API access , Troubleshooting for your reference.
Edit-1:
I have tried to create an API Gateway config for a gateway using below steps and successfully created an api config
Create an api gateway using below command
gcloud api-gateway apis create test-api
Creating an API config using the below command.
gcloud api-gateway api-configs create 01 --api=test-api --openapi-spec=openapi2-functions.yaml --project=project-id
Output is
waiting for API Config [01] to be created for API [test-api]...done.
I have taken openapi2-functions. Yaml file for this doc. Can you check if your yaml files has any mistakes.
The image below has the api config that i have created.
I have followed this guide, can try to create an api gateway using this and let me know if you have an issues.
i created the ecs service with deployment controller type as ECS with capacityProviderStrategy and then wanted to modify it to CODE_DEPLOY. Is this restricted for some reason ?
i do not see an option in the UI with modify service
Tried the command \n aws ecs update-service --cluster=my-cluster --service=my-service --region=us-east-2 --deploymentController=CODE_DEPLOY
i get the error below
To see help text, you can run:
aws help
aws help
aws help
Unknown options: --deployment_controller={type=CODE_DEPLOY}
I tried my luck with a variation of --deployment_controller=CODE_DEPLOY however options itself is unknown to cli
Update:
During create service I noticed that CODE_DEPLOY controller is disabled when i choose capacityProviderStrategy. It looks like a limitation by design. Is it true ?
ref: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service_definition_parameters.html
Also from aws console, it looks like deployment controller is not editable (service recreate needed) https://i.stack.imgur.com/mRMv3.png
I have created an API Gateway and created an API config as well associated with it which lists a set of APIs. Now I want to add/modify a set of APIs. How do I update the same API config of this gateway?
I did it using gcloud CLI.
First create a new config using your updated open api spec file:
gcloud api-gateway api-configs create NEW_CONFIG_ID --api=MY_API --openapi-spec=openapi2-functions.yaml
Then update your api gateway with new config:
gcloud api-gateway gateways update MY-GATEWAY --api=MY-API --api-config=NEW_CONFIG_ID --location=YOUR_LOCATION
Referencing the official documentation, it states that:
NOTE: Only the name and labels may be updated on an API config.
Therefore, you would need to create a new API config if you want to add/modify a set of APIs.
The GCP documentation mentions you cannot update an existing API config, only its display name and labels, and you cannot delete an existing API config that is in use by a gateway; meaning you need to create a new API config altogether if your config file has changed.
A workaround I found for this was to:
Create new API config, point to gateway:
gcloud api-gateway api-configs create NEW_CONFIG_ID --api=MY_API --openapi-spec=openapi2-functions.yaml
gcloud api-gateway gateways update MY-GATEWAY --api=MY-API --api-config=NEW_CONFIG_ID --location=YOUR_LOCATION
Delete original config:
gcloud api-gateway api-configs delete OLD_CONFIG_ID --api=MY_API
Redeploy new API config with name of original config, using your updated config file, point to gateway:
gcloud api-gateway api-configs create OLD_CONFIG_ID --api=MY_API --openapi-spec=openapi2-functions.yaml
gcloud api-gateway gateways update MY-GATEWAY --api=MY-API --api-config=OLD_CONFIG_ID --location=YOUR_LOCATION
Delete new config:
gcloud api-gateway api-configs delete NEW_CONFIG_ID --api=MY_API
An awkward workaround but it allows for an automated redeployment of a similarly named API config file in a gateway.
I am the owner of my newly created organization, I created a project under this organization and linked it to the organization billing account where I have 1000$ in credits. Through the web UI, I am able to spin up clusters, VMs, networks... But when I want to do so through gcloud, I am getting permissions denied. E.g.:
$ gcloud compute networks list
API [compute.googleapis.com] not enabled on project [XXX].
Would you like to enable and retry (this will take a few minutes)?
(y/N)? y
ERROR: (gcloud.compute.networks.create) PERMISSION_DENIED: The caller does not have permission
but I can see in the web UI GCP that the API is clearly enabled (and can be used), it's just the gcloud not letting me work with them. The account under gcloud is exactly the same I am using in the web console - validated by gcloud auth list and:
$ gcloud config configurations describe myproject
is_active: true
name: myproject
properties:
compute:
region: europe-west1
zone: europe-west1-b
core:
account: <my-email>
project: <the-project-I-want>
or
$ gcloud services list
ERROR: (gcloud.services.list) User [<myusername>] does not have permission to access project [myproject] (or it may not exist): The caller does not have permission
It works totally fine with a different account (and different organization/projects), but I didn't set up that one in the past. What should I do? Thanks a lot!
UPDATE:
After gcloud init, at least the gcloud services list started to work. But the rest did not:
$ gcloud services list
NAME TITLE
bigquery-json.googleapis.com BigQuery API
cloudapis.googleapis.com Google Cloud APIs
clouddebugger.googleapis.com Stackdriver Debugger API
cloudtrace.googleapis.com Stackdriver Trace API
compute.googleapis.com Compute Engine API
container.googleapis.com Kubernetes Engine API
containerregistry.googleapis.com Container Registry API
datastore.googleapis.com Cloud Datastore API
logging.googleapis.com Stackdriver Logging API
monitoring.googleapis.com Stackdriver Monitoring API
oslogin.googleapis.com Cloud OS Login API
pubsub.googleapis.com Cloud Pub/Sub API
servicemanagement.googleapis.com Service Management API
serviceusage.googleapis.com Service Usage API
sql-component.googleapis.com Cloud SQL
storage-api.googleapis.com Google Cloud Storage JSON API
storage-component.googleapis.com Google Cloud Storage
$ gcloud compute networks create testing-net --subnet-mode=custom '--description=Network to host testing kubernetes cluster'
API [compute.googleapis.com] not enabled on project [{PROJECT_ID}].
Would you like to enable and retry (this will take a few minutes)?
(y/N)? y
ERROR: (gcloud.compute.networks.create) PERMISSION_DENIED: The caller does not have permission
^ the PROJECT_ID above shows my organization's ID, not the actual project under this org.
So the problem was that I used the wrong project_id when gcloud config set project and gcloud defaulted to organization for some reason.
So I had to find correct project id using gcloud projects list and then use gcloud config set project {PROJECT-ID} (not the project name!)
gcloud init - if you wanted to switch gcloud to work between projects which will configure its settings to point to the right project.
This tutorial of Google Kubernetes Engine seems not to work.
https://cloud.google.com/kubernetes-engine/docs/tutorials/hello-app
$ gcloud beta container clusters create hello-cluster --num-nodes=3
WARNING: You invoked `gcloud beta`, but with current configuration Kubernetes Engine v1 API will be used instead of v1beta1 API.
`gcloud beta` will switch to use Kubernetes Engine v1beta1 API by default by the end of March 2018.
If you want to keep using `gcloud beta` to talk to v1 API temporarily, please set `container/use_v1_api` property to true.
But we will drop the support for this property at the beginning of May 2018, please migrate if necessary.
ERROR: (gcloud.beta.container.clusters.create) ResponseError: code=400, message=v1 API cannot be used to access GKE regional clusters. See http:/goo.gl/Vykvt2 for more information.
It seems this command request GKE regional clusters but I have no idea how to stop it.
It worked well by adding --zone= option.
gcloud container clusters create hello-cluster --num-nodes=3 --zone=asia-northeast1-a
You can find a proper zone name with the following command;
gcloud compute zones list
NAME and REGION are slightly different. Please remind to use NAME to the --zone= option.
You can find it in this Available regions & zones document also.
https://cloud.google.com/compute/docs/regions-zones/#available
Hope it helps.
Ensure you specify the "project ID" not the "project name"
$ gcloud beta container clusters create hello-cluster --project=project-id --zone=europe-west1-a
Try enabling Google Kubernetes Engine API.
More : https://cloud.google.com/kubernetes-engine/docs/how-to/creating-a-cluster
You need to set your zone, region and also enable the Kubernetes API here for your current project before you can use the gcloud container clusters create command.
checkout the role of your service account.