How do I re-create default service account?

1,579 views
Skip to first unread message

Vikash Kumar

unread,
Apr 18, 2018, 10:14:02 AM4/18/18
to gce-discussion
I am trying to create a kubernete cluster. It give me following error: "Google Compute Engine: Required 'compute.zones.get' permission". After little bit of research it was found that I do not have [PROJECT_NUMBER]@cloudservices.gserviceaccount.com service account. The documentation (https://cloud.google.com/compute/docs/access/service-accountsmentions that the account can not be deleted, but it is missing. 

Many people have recommended to re-enable the compute engine API. But, I am getting error disabling those APIs as well. It gives error like this: Following service(s) depend on service(s) to be deactivated: container.googleapis.com,deploymentmanager.googleapis.com,replicapool.googleapis.com,replicapoolupdater.googleapis.com,resourceviews.googleapis.com

What can I do to create the cluster without any problems? 

Digil (Google Cloud Platform Support)

unread,
Apr 18, 2018, 8:52:13 PM4/18/18
to gce-dis...@googlegroups.com
It looks like you have already followed this documentation for creating a container cluster on Kubernetes Engine.

Based on the error report, it looks like it doesn't have anything to do with the 'Compute Engine default service account'(unless you have deleted it). The default service account looks like this:- '[PROJECT_NUMBER]-compute@developer.gserviceaccount.com

The account ([PROJECT_NUMBER]@cloudservices.gserviceaccount.com) mentioned in your message is 'Google APIs service account', and looks like its not enabled in your project. I have seen discussions(discussion-1,discussion-2) in the 'StackOverflow' community, for the similar concern where solutions have been provided. See if that helps you. 

Vikash Kumar

unread,
May 2, 2018, 9:11:46 AM5/2/18
to Digil (Google Cloud Platform Support), gce-discussion
[id]@cloudservices.gserviceaccount.com has project editor permission. 

However, I do not have '[PROJECT_NUMBER]-compute@developer.gserviceaccount.com'  user, I may have deleted it in the past. How can I recreate it? 

Thanks,
Vikash

On 19 April 2018 at 06:22, 'Digil (Google Cloud Platform Support)' via gce-discussion <gce-dis...@googlegroups.com> wrote:
Based on the error report, it looks like it doesn't have anything to do with the 'Compute Engine default service account'(unless you have deleted it). The default service account looks like this:- '[PROJECT_NUMBER]-compute@developer.gserviceaccount.com

The account ([PROJECT_NUMBER]@cloudservices.gserviceaccount.com) mentioned in your message is 'Google APIs service account', and looks like its not enabled in your project. I have seen discussions(discussion-1,discussion-2) in the 'StackOverflow' community, for the similar concern where solutions have been provided. See if that helps you. 

--
© 2018 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043
 
Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-discussion@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussion+unsubscribe@googlegroups.com.
To post to this group, send email to gce-discussion@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/1da701d6-7503-4bcc-a838-608c0a212b90%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Vikash Kumar

unread,
May 3, 2018, 1:03:09 AM5/3/18
to gce-discussion
The problem was absence of Kubernetes Engine Service Agent. This should not have happened as the kubernets service was enabled. I had to compare with another project which was allowing to create cluster. Posting this solution for future reference. 

Following command will add the agent: 
gcloud services enable container.googleapis.com 
Reply all
Reply to author
Forward
0 new messages