作为 GCP 和 Cloud Function 的新人,我是按照 Google 官方教程部署的 helloWorld Node.js Cloud Function .
Cloud SDK 版本为 366.0.0,组件已更新。
构建时(使用cloud_build_local或云构建),部署以错误结束:
>ERROR: (gcloud.functions.deploy) OperationError: code=3, message=Build failed: {"error":>>{"buildpackId":"","buildpackVersion":"","errorType":"OK","canonicalCode":"OK","errorId":"","errorMessage":""},"stats":[{"buildpackId":"google.utils.archive-source","buildpackVersion":"0.0.1","totalDurationMs":51,"userDurationMs":51},{"buildpackId":"google.nodejs.npm","buildpackVersion":"0.9.0","totalDurationMs":9223,"userDurationMs":9211},{"buildpackId":"google.nodejs.functions-framework","buildpackVersion":"0.9.3","totalDurationMs":2730,"userDurationMs":2679},{"buildpackId":"google.utils.label","buildpackVersion":"0.0.1","totalDurationMs":0,"userDurationMs":0}],"warnings":["*** Improve build performance by generating and committing package-lock.json."]}
在控制台中查看云构建日志时:
>Step #1 - "build": ERROR: failed to export: failed to write image to the following tags: [eu.gcr.io/**myproject**/gcf/**europe-west1**/de6f32d4-69e9-4967-a008-6443bd39f1d9:helloHttp_version-1:\
GET https://eu.gcr.io/v2/token?scope=repository%3A**myproject**%2Fgcf%2F**europe-west1**%2Fde6f32d4-69e9-4967-a008-6443bd39f1d9%3Apush%2Cpull&scope=repository%3Afn-img%2Fbuildpacks%2Fnodejs16%2Frun%3Apull&service=eu.gcr.io:\
DENIED: Permission "_**artifactregistry.repositories.downloadArtifacts**_" denied on resource "projects/**fn-img**/locations/**europe**/repositories/eu.gcr.io" (or it may not exist)]
以下是授予 Cloud Build 服务帐户的角色:
>ROLE\
roles/appengine.appAdmin\
roles/appengine.deployer\
roles/artifactregistry.reader\
roles/cloudbuild.builds.builder\
roles/cloudbuild.workerPoolUser\
roles/cloudfunctions.developer\
roles/cloudkms.cryptoKeyDecrypter\
roles/compute.instanceAdmin.v1\
roles/container.developer\
roles/iam.serviceAccountUser\
roles/run.admin\
roles/secretmanager.secretAccessor\
roles/storage.admin\
配置的 Docker 信用:
> "credHelpers": {
"gcr.io": "gcloud",
"us.gcr.io": "gcloud",
"eu.gcr.io": "gcloud",
"asia.gcr.io": "gcloud",
"staging-k8s.gcr.io": "gcloud",
"marketplace.gcr.io": "gcloud",
"europe-west1-docker.pkg.dev": "gcloud"
}
项目中已激活的API列表:
>gcloud services list --enabled
NAME TITLE
aiplatform.googleapis.com Vertex AI API
apigateway.googleapis.com API Gateway API
appengine.googleapis.com App Engine Admin API
artifactregistry.googleapis.com Artifact Registry API
bigquery.googleapis.com BigQuery API
bigquerystorage.googleapis.com BigQuery Storage API
cloudapis.googleapis.com Google Cloud APIs
cloudbuild.googleapis.com Cloud Build API
clouddebugger.googleapis.com Cloud Debugger API
cloudfunctions.googleapis.com Cloud Functions API
cloudkms.googleapis.com Cloud Key Management Service (KMS) API
cloudresourcemanager.googleapis.com Cloud Resource Manager API
cloudtrace.googleapis.com Cloud Trace API
compute.googleapis.com Compute Engine API
container.googleapis.com Kubernetes Engine API
containerregistry.googleapis.com Container Registry API
datastore.googleapis.com Cloud Datastore API
deploymentmanager.googleapis.com Cloud Deployment Manager V2 API
dns.googleapis.com Cloud DNS API
firebase.googleapis.com Firebase Management API
iam.googleapis.com Identity and Access Management (IAM) API
iamcredentials.googleapis.com IAM Service Account Credentials API
logging.googleapis.com Cloud Logging API
monitoring.googleapis.com Cloud Monitoring API
oslogin.googleapis.com Cloud OS Login API
pubsub.googleapis.com Cloud Pub/Sub API
run.googleapis.com Cloud Run Admin API
runtimeconfig.googleapis.com Cloud Runtime Configuration API
secretmanager.googleapis.com Secret Manager API
servicecontrol.googleapis.com Service Control API
servicemanagement.googleapis.com Service Management API
servicenetworking.googleapis.com Service Networking API
serviceusage.googleapis.com Service Usage API
source.googleapis.com Legacy Cloud Source Repositories API
spanner.googleapis.com Cloud Spanner API
sql-component.googleapis.com Cloud SQL
sqladmin.googleapis.com Cloud SQL Admin API
storage-api.googleapis.com Google Cloud Storage JSON API
storage-component.googleapis.com Cloud Storage
storage.googleapis.com Cloud Storage API
vpcaccess.googleapis.com Serverless VPC Access API`
此外,从容器注册表的转换已完成(即使我从未使用过容器注册表)
重现步骤:Following the tutorial :'( :/
我觉得我已经阅读了所有可用的文档(我可以)。我什至增强了云构建服务帐户对存储、工件和功能管理员的权限...我尝试了我自己的其他功能、其他区域...
有人知道我做错了什么吗?
非常感谢
最佳答案
看起来教程可能不是最新的,因为从 Container Registry 过渡到 Artifacts Repository 是必须要做的。 解决方案可以在文档here.中找到。
使用 Artifact Repository 部署云函数需要:
- 使用alpha 或 beta SDK 组件;
- 通过标志 --docker-repository指定目标工件注册表(仅设置配置工件/存储库是不够的)。
作为结论,不要运行教程中提到的命令:
gcloud functions deploy helloGET --runtime nodejs16 --trigger-http --allow-unauthenticated
我跑了:
gcloud beta functions deploy helloGET --runtime nodejs16 --trigger-http --allow-unauthenticated --region=europe-west1 __--docker-repository__=projects/myproject/locations/europe-west1/repositories/myrpreviouslycreatedrepo
而且效果很好。
关于google-cloud-functions - 部署功能失败: "artifactregistry.repositories.downloadArtifacts" denied but service account has policy granted,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/70309833/