I have created new project and then went to VM Instances, it says enabling compute engine, after some time it throws error Unknown Exception with Code: 13. Do I have to set up permissions or anything else?
Check your billing/payment method. GCE needs a verified payment method
Please try disabling and then enabling the API via the Google SDK and try accessing again:
$ gcloud services disable compute.googleapis.com
$ gcloud services enable compute.googleapis.com
Lastly, if one of these commands fail please run placing the correct operation ID obtained from the previous commands:
$ gcloud services operations describe [operation ID]
I think such error usually appears when the Compute Engine API (CE API) can't be enabled for some reasons. In your case, it was probably due to the time required to the restoring process or to the new billing association to use the GCP services. However, at this time I can confirm that CE API it's enabled in your project, which means that you can proceed to create instances.
Related
I'm working on a project where I need to access VM instances from Cloud build to download dependencies.
Cloud build uses worker pool and it will reside outside the VPC so, its not able to go through firewall.
Can anyone suggest me how to resolve this issue or help me with Custom workerpool creating.
From Documentation:
gcloud alpha builds worker-pools create
This command is currently in ALPHA and may change without notice. If this command fails with API permission errors despite specifying the right project, you may be trying to access an API with an invitation-only early access whitelist.
We need the ability to suspend/resume GCE VMs to optimize the use of Compute Engine resources.
Right now this feature is available in gcloud alpha:
gcloud alpha compute instances suspend INSTANCE_NAMES [INSTANCE_NAMES …] [--async][--discard-local-ssd] [--zone=ZONE] [GCLOUD_WIDE_FLAG …]
But when I executed this command I got this error:
HTTPError 400: Invalid Resource Usage:'Suspend Instance Feature is not available for this project.'
Can anyone suggest to me ways to suspend Google Cloud VM? From the error stated, I get an understanding that we need some permission to include feature in the project. Can anyone suggest to me ways to include Suspend Instance Feature in this project?
You need to apply for early access for this feature and have your project registered with Google. Contact Google Support. Include your email address, the project ID in your request and how you will be using the API.
Do not expect a rapid response. My requests sometimes takes several weeks for approval.
This feature is available in beta mode with GCP now.
gcloud beta compute instances suspend <instance-name>
gcloud beta compute instances resume <instance-name>
I tried this on Gcloud SDK and it has prompted me to install beta utility which worked for me..
More details can be found at
https://cloud.google.com/sdk/gcloud/reference/beta/compute/instances/suspend
I was happily deploying to Kubernetes Engine for a while, but while working on an integrated cloud container builder pipeline, I started getting into trouble.
I don't know what changed. I can not deploy to kubernetes anymore, even in ways I did before without cloud builder.
The pods rollout process gives an error indicating that it is unable to pull from the registry. Which seems weird because the images exist (I can pull them using cli) and I granted all possibly related permissions to my user and the cloud builder service account.
I get the error ImagePullBackOff and see this in the pod events:
Failed to pull image
"gcr.io/my-project/backend:f4711979-eaab-4de1-afd8-d2e37eaeb988":
rpc error: code = Unknown desc = unauthorized: authentication required
What's going on? Who needs authorization, and for what?
In my case, my cluster didn't have the Storage read permission, which is necessary for GKE to pull an image from GCR.
My cluster didn't have proper permissions because I created the cluster through terraform and didn't include the node_config.oauth_scopes block. When creating a cluster through the console, the Storage read permission is added by default.
The credentials in my project somehow got messed up. I solved the problem by re-initializing a few APIs including Kubernetes Engine, Deployment Manager and Container Builder.
First time I tried this I didn't succeed, because to disable something you have to disable first all the APIs that depend on it. If you do this via the GCloud web UI then you'll likely see a list of services that are not all available for disabling in the UI.
I learned that using the gcloud CLI you can list all APIs of your project and disable everything properly.
Things worked after that.
The reason I knew things were messed up, is because I had a copy of the same things as a production environment, and there these problems did not exist. The development environment had a lot of iterations and messing around with credentials, so somewhere things got corrupted.
These are some examples of useful commands:
gcloud projects get-iam-policy $PROJECT_ID
gcloud services disable container.googleapis.com --verbosity=debug
gcloud services enable container.googleapis.com
More info here, including how to restore service account credentials.
While trying for the first time to use Google Kubernetes Cloud solution, and according to the tutorial... I am trying to create new cluster.
But after pressing Create i receive
The request contains invalid arguments: "EXTERNAL: service account
"****#developer.gserviceaccount.com" does not exist.". Error code: "7"
in a red circle near the Kubernetes cluster name.
After some investigations it's looks like the default service account which google generated for my account.
I've looked over the create cluster options, but there isn't any option to change the service account.
Do I need to change Google Compute Engine default service account? how i can do it?
How I can overcome this issue?
Thank you
Default Compute Engine Service Account is essential for functions related to Compute Engine and is being generated automatically. Kubernetes Engine utilizes Compute Engine VM Instances as Nodes used for the cluster. GKE uses the Compute Engine Service Account to authorize the creation of these nodes.
In order to regenerate default service there are two options:
Regenerate by Disabling and Re-enabling the Google Compute Engine API. In the "API's & Services" dashboard. If for some reason performing this option encountering errors when disabling the API, then try option 2.
run command gcloud services enable compute.googleapis.com in Cloud SDK or Cloud Shell which is in the header of the page.
Looks like you either do not have any default service account or have more than one.
Simply go to the "Service Accounts" section "IAM & Admin" and select the app engine default service account, and provide this as an argument while creating cluster from gcloud or gshell as below:
gcloud container clusters create my-cluster --zone=us-west1-b --machine-type=n1-standard-1 --disk-size=100 --service-account=abc#appspot.gserviceaccount.com
To initialize GKE, go to the GCP Console. Wait for the "Kubernetes Engine is getting ready. This may take a minute or more" message to disappear.
Please open the page and wait for a while
I trying to create some firewall rules in google compute, everything goes well, but some time later, they are just disappears.
I tried to add rules on default network, and also custom created - in both cases result same.
Tried both: through web UI, and through gcloud tool
If you believe that someone or something is reverting your Firewall changes, you can take multiple approaches to verify that.
inspect Cloud Console Activity logs
same using CLI: gcloud beta logging read "resource.type=gce_firewall_rule"
check GCE Operations section in Cloud Console
check GCE API requests in Cloud Console Logging, using this advanced filter:
resource.type="gce_firewall_rule"
jsonPayload.event_subtype:"compute.firewalls"