I’m having trouble creating a cluster on GCP due to insufficient permissions. Ray Cluster is attempting to create a GCP IAM service account, but it needs permission to create service accounts. I currently have an Editor role that allows me to create a Ray node manually. However, only GCP project owners have the ability to adjust permissions by default.
It is possible to utilize an existing service account credentials located in ~/.config/gcloud/application_default_credentials.json and created by the command gcloud auth application-default login?
Additionally, may I inquire about the primary motivation for creating a distinct IAM role, other than fundamental security considerations?
1 Like
@Dmitry_Balabka
cc: @Kai-Hsun_Chen @architkulkarni Anyone from the infra team can answer this question?
1 Like
Hi @Dmitry_Balabka,
Does the configuration in Launching Ray Clusters on GCP — Ray 3.0.0.dev0 work? I would hope that it works for the head node in addition to worker nodes, but I’m not completely sure.
As for the initial motivation for the IAM role, I’m not sure if there are other reasons besides security. @ijrsvt do you happen to know?
1 Like
Hi @architkulkarni and Team!,
https://docs.ray.io/en/master/cluster/vms/user-guides/launching-clusters/gcp.html#running-workers-with-service-accounts
this doc is only help to configure worker node and head node with same service account to use.
How do we configure or create a VM Ray cluster without create a new service account?, or how do we use existing service account in GCP for VM Ray cluster setup?
@ijrsvt do you have any thoughts?
Thanks,
Prakasha B