search

F5Networks / f5-google-gdm-templates

Google Deployment Templates for quickly deploying BIG-IP services in Google Cloud Platform
28 stars 45 forks source link

when deploying cluster template and using service discovery, service account requires access to storage bucket #17

Closed assareh closed 4 years ago

assareh commented 5 years ago

Description

when deploying a cluster template, if I populate the serviceAccount label with my service account so I can use the service discovery feature, the BIG-IP devices don't form a cluster and I see the following error in /var/log/cloud/google/cluster.log:

_.gserviceaccount.com does not have storage.objects.get access to f5-bigip-__/credentials/master."

This is resolved by adding additional storage object roles to my service account however this is not documented.

Template

https://github.com/F5Networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/existing-stack/byol

Severity Level

5

namhly commented 5 years ago

Thanks Andy. We've created a bug ID 1136 for this issue.

alaari-f5 commented 4 years ago

this is fixed.