Gcloud authentication fails

gce

#1

I’m deploying Kubernetes apps to GKE through CircleCI these days, but today it fails with error that follows:

ubuntu@box241:~/myapp$ ./deploy/bin/gcp-auth-staging.sh
[INFO] GCP_CREDENTIALS_STAGING is found. Assuming it is base64-encoded.
ERROR: gcloud crashed (IOError): [Errno 13] Permission denied: '/home/ubuntu/.config/gcloud/configurations/config_default'

If you would like to report this issue, please run the following command:
  gcloud feedback
ERROR: gcloud crashed (IOError): [Errno 13] Permission denied: '/home/ubuntu/.config/gcloud/configurations/config_default'

If you would like to report this issue, please run the following command:
  gcloud feedback
ERROR: gcloud crashed (IOError): [Errno 13] Permission denied: '/home/ubuntu/.config/gcloud/configurations/config_default'

If you would like to report this issue, please run the following command:
  gcloud feedback
ERROR: gcloud crashed (IOError): [Errno 13] Permission denied: '/home/ubuntu/.config/gcloud/configurations/config_default'

If you would like to report this issue, please run the following command:
  gcloud feedback
ERROR: (gclusters.get-credentials) You do not currently have an active account selected.
Please run:

  $ gcloud auth login

to obtain new credentials, or if you have already logged in with a
different account:

  $ gcloud config set account ACCOUNT

to select an already authenticated account to use.

gcloud auth activate-service-account caused this. I tried changing the ownership of /home/ubuntu/.config/gcloud/configurations/config_default from root:root to ubuntu:ubuntu and it works.

I am then able to pass the authentication but discouraged to continue the deploy.

I have been successfully deploying by following the workround proposed here:

It passed two weeks last time I have deployed the app. Something has changed since then?


#2

Hi,

I can’t be sure what your deployment script is running but have you tried following along with the following guide? https://circleci.com/docs/continuous-deployment-with-google-container-engine/


#3

I’ve been following: https://github.com/circleci/docker-hello-google it’s working fine for me


#4

Hi,

My deploy script that fails is as follows:

#!/bin/bash

   SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
    REPO_ROOT=${SCRIPT_DIR}/../..

   PROJECT_ID=someprojectid
         ZONE=somezonename
 CLUSTER_NAME=someclustername
     GCR_HOST=asia.gcr.io
KEY_FILE_PATH=${REPO_ROOT}/deploy/secrets/client-secret.tmp.json

if [[ "$GCP_CREDENTIALS_STAGING" = "" ]]
then
    cat ${REPO_ROOT}/deploy/secrets/secret-staging.json > ${KEY_FILE_PATH}
else
    echo $GCP_CREDENTIALS_STAGING | base64 --decode > ${KEY_FILE_PATH}
fi

gcloud auth activate-service-account --key-file ${KEY_FILE_PATH}
gcloud config set project $PROJECT_ID
gcloud config set compute/zone $ZONE
gcloud config set container/cluster $CLUSTER_NAME
gcloud container clusters get-credentials $CLUSTER_NAME

Thank you for giving me the guide. I could not found it at the time I was setting up my deploy scripts.

In the guide, it executes authentication in dependencies.pre phase.

https://circleci.com/docs/continuous-deployment-with-google-container-engine/

I am running the script in deployment phase since I need to change an account to use regarding which branch is being deployed, by running respective scripts like gcp-auth-staging.sh or gcp-auth-production.sh).

Sudo-ing gcloud in deployment phase seems to work.

I am very happy if there are any better ways.


#5