When creating Universe/Cluster on the platform, the Instance Type drop-down list is empty in the Instance configuration. Yugaware application logs reports compute.machineTypes.list missing.
The Yugabyte Platform console requires a service account with the appropriate permissions to provision and manage compute instances.
Grant role/compute.instanceAdmin to the service account used to create cloud provider configuration. This will provide permissions to create, modify, and delete virtual machine instances and disks. You can also use the following command to list the available permissions in the role.
gcloud iam roles describe roles/compute.instanceAdmin |grep machineTypes
gcloud iam roles describe roles/compute.viewer |grep machineTypes
It's always best practice to adhere to the principle of least privilege when providing permissions. IAM let's you grant granular access to specific Google Cloud resources and helps prevent access to other resources. IAM also provides predefined roles that give granular access to specific Google Cloud resources and prevent unwanted access to other resources. These roles are created and maintained by Google.
Note: Basic roles include thousands of permissions across all the Google Cloud services. In production environments, do not grant basic roles unless there is no alternative. Instead, grant the most limited predefined roles or custom roles that meets your needs. The default Compute Engine service account is granted the Editor role on the project when they are created unless you have enabled the organization policy constraint to disable automatic role grants.
Please refer to the following links for more info on providing appropriate permissions via IAM on GCP
Please sign in to leave a comment.