I am trying to create a cluster with GKE. I have a project I have been using already.
When I run
gcloud container clusters create cluster1I get the following:
ERROR: (gcloud.container.clusters.create) ResponseError: code=403, message=Google Compute Engine: Required 'compute.networks.get' permission for 'projects//global/networks/default'.
The same thing happens when I use the web UI. Both my service account and my user have owner roles.
I have tried the following to get the cluster create command to work:
gcloud projects add-iam-policy-binding <my-project> \
--member serviceAccount:<my-user>@<my-project>.iam.gserviceaccount.com \
--role roles/compute.admin
gcloud services enable container.googleapis.com
gcloud auth activate-service-account <my-user>@<my-project>.iam.gserviceaccount.com --key-file ${GOOGLE_APPLICATION_CREDENTIALS}gcloud auth loginNone of these work and I can't create a cluster
I think you should set the compute engine service account permission:
gcloud projects add-iam-policy-binding <my-project> \
--member [PROJECT_NUMBER]-compute@developer.gserviceaccount.com \
--role roles/compute.admin
I think I will answer my own question here. From service account docs
When you create a new Cloud project using GCP Console and if Compute Engine API is enabled for your project, a Compute Engine Service account is created for you by default. It is identifiable using the email:
PROJECT_NUMBER-compute@developer.gserviceaccount.com
I had delete the default created service accounts somehow and possible the associated roles. I think this is why I couldn't create a cluster under my project anymore. Rather than try to figure out how to recreate, I decided it was best to just start a new project. Afterwords, the cluster create API and console work just fine.