Hello Team,
I am creating a baremetal cluster, wherein I created the config as below
bmctl create config -c bm-cluster-demo --enable-apis --create-service-accounts --project-id=anthos-151023
After updating the env specific values in the yaml and while creating the cluster, I am getting an error related to missing role. I tried adding this role to my account, it didn't work and getting the same error
bmctl create cluster -c bm-cluster-demo
======
..........
I1017 13:58:26.377951 2058 validate.go:125] Validating Cluster.Authentication authentication: <nil>
I1017 13:58:26.378102 2058 file_check.go:19] [Runtime Check] Start Check for file --gcrKeyPath=bmctl-workspace/.sa-keys/anthos-151023-anthos-baremetal-gcr.json.
I1017 13:58:26.403708 2058 file_check.go:23] [Runtime Check] End Check for file --gcrKeyPath=bmctl-workspace/.sa-keys/anthos-151023-anthos-baremetal-gcr.json.
I1017 13:58:26.403792 2058 file_check.go:19] [Runtime Check] Start Check for file --gkeConnectAgentServiceAccountKeyPath=bmctl-workspace/.sa-keys/anthos-151023-anthos-baremetal-connect.json.
I1017 13:58:26.403847 2058 file_check.go:23] [Runtime Check] End Check for file --gkeConnectAgentServiceAccountKeyPath=bmctl-workspace/.sa-keys/anthos-151023-anthos-baremetal-connect.json.
I1017 13:58:26.403865 2058 file_check.go:19] [Runtime Check] Start Check for file --gkeConnectRegisterServiceAccountKeyPath=bmctl-workspace/.sa-keys/anthos-151023-anthos-baremetal-register.json.
I1017 13:58:26.403890 2058 file_check.go:23] [Runtime Check] End Check for file --gkeConnectRegisterServiceAccountKeyPath=bmctl-workspace/.sa-keys/anthos-151023-anthos-baremetal-register.json.
I1017 13:58:26.403921 2058 file_check.go:19] [Runtime Check] Start Check for file --cloudOperationsServiceAccountKeyPath=bmctl-workspace/.sa-keys/anthos-151023-anthos-baremetal-cloud-ops.json.
I1017 13:58:26.403946 2058 file_check.go:23] [Runtime Check] End Check for file --cloudOperationsServiceAccountKeyPath=bmctl-workspace/.sa-keys/anthos-151023-anthos-baremetal-cloud-ops.json.
.........
I1017 13:58:27.852739 2058 service_account.go:68] [Runtime Check] Start: Check for service account projects/anthos-151023/serviceAccounts/
[email protected]I1017 13:58:29.365819 2058 service_account.go:68] [Runtime Check] Start: Check for service account projects/anthos-151023/serviceAccounts/
[email protected]...........
E1017 13:58:32.894997 2058 create_cluster.go:134] "msg"="Failed to bootstrap." "error"="create kind cluster failed: error validating cluster config: 2 errors occurred:\n\t* GKERegister check failed: 1 error occurred:\n\t* googleapi: Error 403: Caller does not have required permission to use project anthos-151023. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting
https://console.developers.google.com/iam-admin/iam/project?project=anthos-151023 and then retry. Propagation of the new permission may take a few minutes.\nDetails:\n[\n {\n \"@type\": \"type.googleapis.com/google.rpc.Help\",\n \"links\": [\n {\n \"description\": \"Google developer console IAM admin\",\n \"url\": \"
https://console.developers.google.com/iam-admin/iam/project?project=anthos-151023\"\n }\n ]\n },\n {\n \"@type\": \"type.googleapis.com/google.rpc.ErrorInfo\",\n \"domain\": \"googleapis.com\",\n \"metadata\": {\n \"consumer\": \"projects/anthos-151023\",\n \"service\": \"cloudresourcemanager.googleapis.com\"\n },\n \"reason\": \"USER_PROJECT_DENIED\"\n }\n]\n, forbidden\n\n\n\t* ClusterOperations check failed: googleapi: Error 403: Caller does not have required permission to use project anthos-151023. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting
https://console.developers.google.com/iam-admin/iam/project?project=anthos-151023 and then retry. Propagation of the new permission may take a few minutes.\nDetails:\n[\n {\n \"@type\": \"type.googleapis.com/google.rpc.Help\",\n \"links\": [\n {\n \"description\": \"Google developer console IAM admin\",\n \"url\": \"
https://console.developers.google.com/iam-admin/iam/project?project=anthos-151023\"\n }\n ]\n },\n {\n \"@type\": \"type.googleapis.com/google.rpc.ErrorInfo\",\n \"domain\": \"googleapis.com\",\n \"metadata\": {\n \"consumer\": \"projects/anthos-151023\",\n \"service\": \"cloudresourcemanager.googleapis.com\"\n },\n \"reason\": \"USER_PROJECT_DENIED\"\n }\n]\n, forbidden\n\n"
E1017 13:58:32.922975 2058 console.go:110] exit with error
E1017 13:58:32.923057 2058 console.go:110] Error creating cluster: create kind cluster failed: error validating cluster config: 2 errors occurred:
* GKERegister check failed: 1 error occurred:
Details:
[
{
"@type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"description": "Google developer console IAM admin",
}
]
},
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"domain": "googleapis.com",
"metadata": {
"consumer": "projects/anthos-151023",
"service": "cloudresourcemanager.googleapis.com"
},
"reason": "USER_PROJECT_DENIED"
}
]
, forbidden
* ClusterOperations check failed: googleapi: Error 403: Caller does not have required permission to use project anthos-151023. Grant the caller the roles/serviceusage.serviceUsageConsumer role, or a custom role with the serviceusage.services.use permission, by visiting https://console.developers.google.com/iam-admin/iam/project?project=anthos-151023 and then retry. Propagation of the new permission may take a few minutes. Details:
[
{
"@type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"description": "Google developer console IAM admin",
}
]
},
{
"@type": "type.googleapis.com/google.rpc.ErrorInfo",
"domain": "googleapis.com",
"metadata": {
"consumer": "projects/anthos-151023",
"service": "cloudresourcemanager.googleapis.com"
},
"reason": "USER_PROJECT_DENIED"
}
]
, forbidden