K
Q

Combining Cloud Debugger with Cloud Identity

3/29/2020

We have a cluster on Kubernetes Engine running with Cloud Identity. cat /tmp/cdbg_java_agent.INFO shows this:

java.io.IOException: Server returned HTTP response code: 403 for URL: https://clouddebugger.googleapis.com/v2/controller/debuggees/register
  at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
  at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
  at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
  at com.google.devtools.cdbg.debuglets.java.GcpHubClient.registerDebuggee(Unknown Source)
W0329 20:51:41.451123    14 jni_logger.cc:46] Failed to register debuggee {"debuggee":{"project":"1234567","uniquifier":"DA39A3EE5E6B4B0DA39A3EE5E6B4B0","description":"myproject_id-module_id-version_id","labels":{"module":"module_id","version":"version_id"},"agentVersion":"google.com/java-gcp/@2","sourceContexts":[]}}: {
  "error": {
    "code": 403,
    "message": "Request had insufficient authentication scopes.",
    "status": "PERMISSION_DENIED"
  }
}

When I launch this request manually with an authentication token obtained for the service account associated to Cloud Identity, the same request succeeds. Is there anything needed to run Cloud Debugger with Cloud Identity? I would prefer to avoid configuring the service account manually if it's not needed.

-- Nacho Coloma
google-cloud-debugger
google-cloud-stackdriver
google-kubernetes-engine
java

Similar Questions

Error while validation yaml File kubernetes
Connect Persistent Volume Kubernetes to SFTP
kubernetes node cannot connect to api-server: dial tcp: lookup kubernetes.default.svc on 127.0.0.53:53: no such host
Scaling specific containers inside pods

0 Answers