JupyterHub service account is missing GCS related roles
Closed this issue · 1 comments
andrewsykim commented
When I tried to run JupyterHub backed by a GCSFuse, I ran into this error from JupyterHub:
2024-03-22T18:48:02Z [Warning] MountVolume.SetUp failed for volume "gcs-fuse-csi-ephemeral" : rpc error: code = PermissionDenied desc = failed to get GCS bucket "gcsfuse-admin": googleapi: Error 403: jupyter-sa@<project-id>.iam.gserviceaccount.com does not have storage.objects.list access to the Google Cloud Storage bucket. Permission 'storage.objects.list' denied on resource (or it may not exist)., forbidden
It looks like the predefined roles are missing GCS related roles:
ai-on-gke/modules/jupyter/variables.tf
Lines 54 to 59 in 5a80eb2
andrewsykim commented
@chiayi can you take a look? cc @imreddy13