Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong service account when create simple_autopilot_private from examples #1312

Closed
6aKa opened this issue Jun 28, 2022 · 1 comment
Closed

Wrong service account when create simple_autopilot_private from examples #1312

6aKa opened this issue Jun 28, 2022 · 1 comment
Labels
bug Something isn't working

Comments

@6aKa
Copy link

6aKa commented Jun 28, 2022
edited

TL;DR

Clone https://github.com/terraform-google-modules/terraform-google-kubernetes-engine.git
Go to examples/simple_autopilot_private
terraform init
terraform apply

Got error

module.gke.random_string.cluster_service_account_suffix: Creating...
module.gke.random_string.cluster_service_account_suffix: Creation complete after 0s [id=kfao]
module.gke.random_shuffle.available_zones: Creating...
module.gke.random_shuffle.available_zones: Creation complete after 0s [id=-]
module.gke.google_service_account.cluster_service_account[0]: Creating...
module.gcp-network.module.vpc.google_compute_network.network: Creating...
module.gke.google_service_account.cluster_service_account[0]: Creation complete after 2s [id=projects/project/serviceAccounts/tf-gke-simple-autopilo-kfao@project.iam.gserviceaccount.com]
module.gke.google_project_iam_member.cluster_service_account-log_writer[0]: Creating...
module.gcp-network.module.vpc.google_compute_network.network: Still creating... [10s elapsed]
module.gke.google_project_iam_member.cluster_service_account-log_writer[0]: Creation complete after 9s [id=project/roles/logging.logWriter/serviceAccount:tf-gke-simple-autopilo-kfao@project.iam.gserviceaccount.com]
module.gke.google_project_iam_member.cluster_service_account-metric_writer[0]: Creating...
module.gcp-network.module.vpc.google_compute_network.network: Still creating... [20s elapsed]
module.gke.google_project_iam_member.cluster_service_account-metric_writer[0]: Creation complete after 9s [id=project/roles/monitoring.metricWriter/serviceAccount:tf-gke-simple-autopilo-kfao@project.iam.gserviceaccount.com]
module.gke.google_project_iam_member.cluster_service_account-monitoring_viewer[0]: Creating...
module.gcp-network.module.vpc.google_compute_network.network: Creation complete after 22s [id=projects/project/global/networks/simple-autopilot-private-network]
module.gcp-network.module.subnets.google_compute_subnetwork.subnetwork["us-central1/simple-autopilot-private-master-subnet"]: Creating...
module.gcp-network.module.subnets.google_compute_subnetwork.subnetwork["us-central1/simple-autopilot-private-subnet"]: Creating...
module.gke.google_project_iam_member.cluster_service_account-monitoring_viewer[0]: Creation complete after 9s [id=project/roles/monitoring.viewer/serviceAccount:tf-gke-simple-autopilo-kfao@project.iam.gserviceaccount.com]
module.gke.google_project_iam_member.cluster_service_account-resourceMetadata-writer[0]: Creating...
module.gcp-network.module.subnets.google_compute_subnetwork.subnetwork["us-central1/simple-autopilot-private-master-subnet"]: Still creating... [10s elapsed]
module.gcp-network.module.subnets.google_compute_subnetwork.subnetwork["us-central1/simple-autopilot-private-subnet"]: Still creating... [10s elapsed]
module.gcp-network.module.subnets.google_compute_subnetwork.subnetwork["us-central1/simple-autopilot-private-master-subnet"]: Creation complete after 13s [id=projects/project/regions/us-central1/subnetworks/simple-autopilot-private-master-subnet]
module.gke.google_project_iam_member.cluster_service_account-resourceMetadata-writer[0]: Creation complete after 9s [id=project/roles/stackdriver.resourceMetadata.writer/serviceAccount:tf-gke-simple-autopilo-kfao@project.iam.gserviceaccount.com]
module.gcp-network.module.subnets.google_compute_subnetwork.subnetwork["us-central1/simple-autopilot-private-subnet"]: Still creating... [20s elapsed]
module.gcp-network.module.subnets.google_compute_subnetwork.subnetwork["us-central1/simple-autopilot-private-subnet"]: Creation complete after 24s [id=projects/project/regions/us-central1/subnetworks/simple-autopilot-private-subnet]
module.gke.google_container_cluster.primary: Creating...
╷
│ Error: googleapi: Error 400: Service account "87334792748-compute@developer.gserviceaccount.com" does not exist., badRequest
│
│   with module.gke.google_container_cluster.primary,
│   on ../../modules/beta-autopilot-private-cluster/cluster.tf line 22, in resource "google_container_cluster" "primary":
│   22: resource "google_container_cluster" "primary" {
│
╵

Expected behavior

No response

Observed behavior

No response

Terraform Configuration

Configuration from example

Terraform Version

Terraform v1.2.3
on darwin_amd64
+ provider registry.terraform.io/hashicorp/google v4.27.0
+ provider registry.terraform.io/hashicorp/google-beta v4.27.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.11.0
+ provider registry.terraform.io/hashicorp/random v3.3.2

Additional information

No response
@6aKa 6aKa added the bug Something isn't working label Jun 28, 2022
@bharathkkb
Copy link
Member

Thanks for the report @6aKa
Autopilot clusters created via TF need the default compute SA until is fixed hashicorp/terraform-provider-google#9505. It looks like your default SA maybe deleted/disabled. if you are using project factory, you can temporarily set default_service_account = "keep"until this is fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@6aKa @bharathkkb