Reputation: 309
Not able to deploy Kubeflow pipelines to GKE cluster
I have created a GKE cluster according to the requirements (https://cloud.google.com/ai-platform/pipelines/docs/configure-gke-cluster) of the Kubeflow Pipelines as following:
- 3 nodes with at least 4GB ram and two CPUs
- Custom service account with roles: logging.logWriter, monitoring.metricWriter, monitoring.viewer, storage.objectViewer
When trying to select the cluster on the Kubeflow Pipelines (from Marketplace) configuration, it says "Insufficient OAuth scopes".
I thought maybe I overlooked an important steps, so I tried creating a new cluster from the Kubeflow Pipelines configuration page. When trying to select this cluster, it still says "Insufficient OAuth Scopes".
Are there more roles that need to be added to the service account?
Upvotes: 1
Views: 408
Answers (1)
Reputation: 309
It turns out you need to configure oauth-scope https://www.googleapis.com/auth/cloud-platform for the node pool in addition to the service account for granular access. The oauth-scope sort of enables access to "everything", but access is restricted based on the IAM roles for the service account.
The documentation could have been clearer on this.
Upvotes: 1
Related Questions
- GKE cluster fails to create instances
- cloud build deploy into gke cluster
- kubeflow deploy gcp endpoints controller fails
- Unable to deploy image into GKE cluster
- Cannot deploy Kubeflow on GCP: tells me to enable APIs that are already enabled
- Kubeflow pipeline fail to create container
- Google GKE Configuration Issue
- GCP AI Platform - Pipelines - Clusters - Does not have minimum availability
- Deploy kubeflow on GCP CloudShell using cli: /home/user/.kube/config: no such file or directory
- Unable to Deploy Kubernetes Federation on Google Kubernetes Engine