I have a GRPC service running in a private GKE cluster with a limited access to public endpoint. I have my own VPC and subnet. I am deploying my service and endpoint as the docs describe, but I am hitting this error when the esp container starts up. I am using my own service account that should have all the permissions and my cluster has the following oauth scopes:
- https://www.googleapis.com/auth/cloud-platform
- https://www.googleapis.com/auth/devstorage.read_only
- https://www.googleapis.com/auth/logging.write
- https://www.googleapis.com/auth/monitoring
- https://www.googleapis.com/auth/service.management.readonly
- https://www.googleapis.com/auth/servicecontrol
- https://www.googleapis.com/auth/sqlservice.admin
- https://www.googleapis.com/auth/trace.append
I am getting the following error, even though the name matches as in my YAML file.
ERROR:Fetching rollouts failed (status code 404, reason Not Found, url https://servicemanagement.googleapis.com/v1/services/<name>.cloud.goog/rollouts?filter=status=SUCCESS)
EDIT: This is the container spec for the esp container
containers:
- name: esp
image: gcr.io/endpoints-release/endpoints-runtime:1
args: [
"-P", "9000",
"-a", "grpc://127.0.0.1:50051",
"-s", "<service-name>.cloud.goog",
"--rollout_strategy", "managed",
"--service_account_key=/etc/creds/service-account-creds.json"
]
since you are getting the error 404 this scenario is related to IAM permissions as Patrick W mentioned. I suggest you take a look on this document where you can find useful information regarding to API permissions [1].
Also, this could be related to Google Service Management services.rollouts.list requiring authorization token, which can be read from the metadata server or the service account key file. You may refer to this page[2] for more information.
[1] https://cloud.google.com/kubernetes-engine/docs/reference/api-permissions