This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

cannot connect to GKE cluster using dns-endpoint

Posted on 12-13-2024 11:24 AM
lizchen
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I have a private GKE cluster  set up with  dns-endpoint enabled and I am project owner in this GCP project, I used this command to get kubeconfig entry first, but I cannot connect to GKE. Any idea?  

>>>>gcloud container clusters get-credentials cluster-xxx  --region us-central1 --project project1  --dns-endpoint

Fetching cluster endpoint and auth data.
kubeconfig entry generated for cluster-xxx

>>>>kubectl get all -n my-test-namespace

E1213 12:18:21.866477   31297 memcache.go:265] couldn't get current server API group list: Permission 'container.googleapis.com/clusters.connect' denied on resource 'gke-d70e9e966917459997c6xxxxxx-12345678.us-central1.gke.goog' (or it may not exists

Since I am a project owner, I should have "roles/container.developer" equivalent permission, why I still cannot connect to the cluster,  what do I miss here. Thanks for your help!

 

0 1 1,010
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
francislouie
Staff
Reply posted on --/--/---- --:-- AM

Hi lizchen,

Welcome to Google Cloud Community!

Based on this documentation, by default the roles/container.developer are not applied even if you already have the  project owner role. It is required to configure a new IAM permission container.clusters.connect and assign one of the following IAM roles:

  • roles/container.developer
  • roles/container.viewer

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

Top Labels in this Space