K
Q

(gcloud.container.clusters.create) ResponseError: code=400, message=The user does not have access to service account "default"

8/10/2017
gcloud auth activate-service-account --key-file aysc.json
gcloud config set project abcxyz
gcloud config set compute/zone europe-west1-b
gcloud container clusters create wordpress --num-nodes=2

I'm running the above commands, on the last command I'm getting an error of:

ERROR: (gcloud.container.clusters.create) ResponseError: code=400, message=The user does not have access to service account "default".

However this account is part of the service account actor group. I've also disabled and enabled the container API, which did not change the behavior. It was suggested by this question: https://serverfault.com/questions/780363/external-the-user-does-not-have-access-to-service-account-default

-- Chris Stryczynski
google-cloud-platform
google-kubernetes-engine

Similar Questions

How do you add scrape targets to a Prometheus server that was installed with Kubernetes-Helm?
Get the image and SHA image ID of images in pod on Kubernetes deployment
Kubernetes - update ConfigMap programmatically
Using kubectl path to update k8s manifest without modifying the file manually

1 Answer

8/10/2017

I saw this situation a few days ago. This error means that the service account you are are running gcloud with using cannot ActAs the service account the VMs will run as (default compute service account in this case).

I would sanity check the following:

  • Does the service account in aync.json have the Service Account Actor role for the project abcxyz? (giving it Service Account Actor for just the default compute service account seems insufficient)
  • Does the default compute service account exist in the project abcxyz? It typically looks like #######-compute@developer.gserviceaccount.com with Editor permissions to your project. If it does not exist, re-enabling container API should re-create it as the other question suggests.
-- Jessica C
Source: StackOverflow