K
Q

How to copy files from a bucket using gsutil from within a container on GCE

2/28/2019

I have a container running within GCE kubernetes engine which is trying to copy some data from a bucket to a mounted persistent disk:

gsutil -m rsync -r -d "gs://${DB_BUCKET}/db" /db

When the container runs, it fails with the following message:

AccessDeniedException: 403 xxx-service@my-project.iam.gserviceaccount.com does not have storage.objects.list access to my-bucket-db-data

If I look at the service account, it does appear to have permissions to view storage buckets. I create a populate this bucket as part of my deployment process if that makes any difference.

What permissions do I need to grant/how to be able to sync the data from the bucket across?

-- Andy
google-cloud-platform
google-compute-engine
kubernetes

Similar Questions

Google Cloud deployment and Kubernetes node IP address change
Does ingress TLS secret need a SSL private key for __INGRESS_SECRET__?
Monitoring Persistent Volumes in K8s v1.13.3
In Kubernetes, what is the difference between ResourceQuota vs LimitRange objects
How can I find a Pod's Controller (Deployment/DaemonSet) using the Kubernetes go-client library?

1 Answer

2/28/2019

You need to add referred permission to xxx-service@my-project.iam.gserviceaccount.com:

Follow this steps:

1) Access Permissions tab into ${DB_BUCKET}

2) Search for your service account in the search input field

3) In the Role(s) column find "Storage Object Viewer" role

-- manasouza
Source: StackOverflow