This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Missing required permissions opsconfigmonitoring.resourceMetadata.write for service account

Posted on 09-22-2021 08:39 AM
muanang
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hello,

 

I'm trying to install Anthos on bare metal and also a beginner in GCP. 

Following the steps here , when I check my config, I can see errors like below;

 

 

 

E0922 23:32:33.165088  155692 logs.go:69]  "msg"="Failed to bootstrap." "error"="create kind cluster failed: error validating cluster config: 1 error occurred:\n\t* ClusterOperations check failed: Missing required permissions opsconfigmonitoring.resourceMetadata.write for service account projects/first-fuze-325814/serviceAccounts/logging-monitoring-svc-account@first-fuze-325814.iam.gserviceaccount.com\n\n"  
E0922 23:32:33.165100  155692 console.go:84] create kind cluster failed: error validating cluster config: 1 error occurred:
        * ClusterOperations check failed: Missing required permissions opsconfigmonitoring.resourceMetadata.write for service account projects/first-fuze-325814/serviceAccounts/logging-monitoring-svc-account@first-fuze-325814.iam.gserviceaccount.com

 

 

 

Would like to ask for your help or if you can point me to some links to fix my issue.

Any help is highly appreciated.

 

Thank you.

MD

Solved Solved
0 2 981
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
muanang
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

I got it fix by running the command below;

 

gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:logging-monitoring-svc-account@$PROJECT_ID.iam.gserviceaccount.com" \
    --role="roles/monitoring.editor"

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
muanang
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

By the way, also would like to add.. I ran these binding below..

 

gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member="serviceAccount:baremetal-gcr@$PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/opsconfigmonitoring.resourceMetadata.writer"


gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member="serviceAccount:baremetal-gcr@$PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/monitoring.editor"
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
muanang
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

I got it fix by running the command below;

 

gcloud projects add-iam-policy-binding $PROJECT_ID \
    --member="serviceAccount:logging-monitoring-svc-account@$PROJECT_ID.iam.gserviceaccount.com" \
    --role="roles/monitoring.editor"
Jump to Solution
Top Labels in this Space