Comments (3)
josharian
commented on July 20, 2024
1
It is still relevant, in that if I needed these docs, probably someone else does too.
I can't help move it forward, as I noted in my last comment.
from berglas.
sethvargo
commented on July 20, 2024
Hi @josharian
Scopes are not the same as permissions. Berglas requires the cloud-platform scope. For permissions, access needs roles/cloudkms.cryptoKeyDecrypter on the Crypto Key. It also needs the roles/storage.legacyObjectReader and roles/storage.objectViewer permissions. Let me know if that helps.
from berglas.
josharian
commented on July 20, 2024
Yes, thanks!
For others who may encounter this issue, I set the various permissions via the console. I couldn't find a way to add the required scope in the console, but following https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#changeserviceaccountandscopes I ran:
gcloud compute instances set-service-account INSTANCE --service-account SERVICE_ACCOUNT --scopes cloud-platform
And that did it.
I think it'd be good to document the required scopes and permissions, but I'm not sure exactly how or where (or else I'd send a docs PR).
from berglas.
Related Issues (20)
- Berglas reporting wrong version or release process stuck? HOT 3
- is berglas 0.6.2 the latest release HOT 4
- Change berglas exec to use sys.Exec? HOT 6
- [removed] HOT 1
- Downloaded binary is sometimes broken. HOT 6
- berglas: cannot execute binary file: Exec format error HOT 1
- Checksum in sum.golang.org is different from download without proxy/checksum database (GOPRIVATE=*) HOT 7
- Unable to use the mutation webhook method with kubernetes 1.21.5 and admissionregistration.k8s.io/v1 on GKE HOT 11
- Download berglas seems to be broken with exec format error: HOT 1
- Berglas interacts badly with tools that rely on process wrapping like Argo-workflows HOT 3
- About the latest release HOT 2
- 1.0.0 image breaks kubernetes integration HOT 6
- New version not published to https://storage.googleapis.com/berglas HOT 1
- using secret account credentials.json instead of workflow identity HOT 1
- CrashLoopBackOff when setting command in my deployments HOT 2
- version only shows as "source" if i go install HOT 3
- I would like a new release. HOT 1
- Setting KMS key location for golang library
- Mutating webhook does not run if secrets are only set through a configMap HOT 1
- Multiple CVEs in docker image HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from berglas.