Update cluster.tf

[lgandras]

local.region is derived from the zone when var.region is not available (zonal cluster). I can confirm that after this patch, removing the region parameter from the demo in the README.md works as intended.

[lgandras]

Solves #558

[morgante]

@lgandras Please update in autogen: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/autogen

See https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/master/CONTRIBUTING.md

[lgandras]

@morgante: I get the following while issuing make docker_test_prepare:

google_project_iam_member.int_test_1[3]: Creation complete after 16s [id=ci-gke-1b75/roles/compute.securityAdmin/serviceaccount:[email protected]]

Warning: google_project_services is deprecated - many users reported issues with dependent services that were not resolvable.  Please use google_project_service or the https://github.com/terraform-google-modules/terraform-google-project-factory/tree/master/modules/project_services module.  It's recommended that you use a provider version of 2.13.0 or higher when you migrate so that requests are batched to the API, reducing the request rate. This resource will be removed in version 3.0.0.

  on .terraform/modules/gke-project-1/terraform-google-project-factory-3.3.1/modules/core_project_factory/main.tf line 165, in resource "google_project_services" "project_services_authority":
 165: resource "google_project_services" "project_services_authority" {

(and one more similar warning elsewhere)


Error: Provider produced inconsistent result after apply

When applying changes to
module.gke-project-1.module.project-factory.google_service_account.default_service_account,
provider "registry.terraform.io/-/google" produced an unexpected new value for
was present, but now absent.

This is a bug in the provider, which should be reported in the provider's own
issue tracker.


Error: error creating project ci-gke-0921 (ci-gke): googleapi: Error 409: Requested entity already exists, alreadyExists. If you received a 403 error, make sure you have the `roles/resourcemanager.projectCreator` permission

  on .terraform/modules/gke-project-2/terraform-google-project-factory-3.3.1/modules/core_project_factory/main.tf line 126, in resource "google_project" "main":
 126: resource "google_project" "main" {


make: *** [Makefile:37: docker_test_prepare] Error 1

Any ideas on where to dig first?

[bharathkkb]

@lgandras we need to update the test setup to fix this, this was fixed in the provider with 3.23.0.
The current workaround is as follows, manually go to the project referred asgke-project-1 and delete project-service-account SA and re run make docker_test_prepare.

[lgandras]

@bharathkkb thanks, it solves the first issue, but I still do get the rest:

google_project_iam_binding.kubernetes_engine_kms_access: Modifications complete after 15s [id=ci-gke-1b75/roles/cloudkms.cryptoKeyEncrypterDecrypter]

Warning: google_project_services is deprecated - many users reported issues with dependent services that were not resolvable.  Please use google_project_service or the https://github.com/terraform-google-modules/terraform-google-project-factory/tree/master/modules/project_services module.  It's recommended that you use a provider version of 2.13.0 or higher when you migrate so that requests are batched to the API, reducing the request rate. This resource will be removed in version 3.0.0.

  on .terraform/modules/gke-project-1/terraform-google-project-factory-3.3.1/modules/core_project_factory/main.tf line 165, in resource "google_project_services" "project_services_authority":
 165: resource "google_project_services" "project_services_authority" {

(and one more similar warning elsewhere)


Error: error creating project ci-gke-0921 (ci-gke): googleapi: Error 409: Requested entity already exists, alreadyExists. If you received a 403 error, make sure you have the `roles/resourcemanager.projectCreator` permission

  on .terraform/modules/gke-project-2/terraform-google-project-factory-3.3.1/modules/core_project_factory/main.tf line 126, in resource "google_project" "main":
 126: resource "google_project" "main" {


make: *** [Makefile:37: docker_test_prepare] Error 1

My test/setup/terraform.tfstate shows the following:

   6   "outputs": {
   7     "compute_engine_service_accounts": {
   8       "value": [
   9         "[email protected]",
  10         null
  11       ],
  12       "type": [
  13         "tuple",
  14         [
  15           "string",
  16           "string"
  17         ]
  18       ]
  19     },
  20     "int_sa": {
  21       "value": "[email protected]",
  22       "type": "string"
  23     },
  24     "project_ids": {
  25       "value": [
  26         "ci-gke-1b75",
  27         "ci-gke-0921"
  28       ],

The actual project existing in my organization is ci-gke-1b75. To me it looks as if it was referring to a deleted project. ci-gke-0921 does not appear in neither of the terraform apply outputs (I've tried twice in total). So I tried just doing make docker_test_cleanup, but I get:

module.gke-project-1.module.project-factory.google_project_service.project_services[3]: Destruction complete after 14s

Warning: google_project_services is deprecated - many users reported issues with dependent services that were not resolvable.  Please use google_project_service or the https://github.com/terraform-google-modules/terraform-google-project-factory/tree/master/modules/project_services module.  It's recommended that you use a provider version of 2.13.0 or higher when you migrate so that requests are batched to the API, reducing the request rate. This resource will be removed in version 3.0.0.

  on .terraform/modules/gke-project-1/terraform-google-project-factory-3.3.1/modules/core_project_factory/main.tf line 165, in resource "google_project_services" "project_services_authority":
 165: resource "google_project_services" "project_services_authority" {

(and one more similar warning elsewhere)


Error: Error reading Project Service ci-gke-1b75/oslogin.googleapis.com: Error disabling service "oslogin.googleapis.com" for project "ci-gke-1b75": googleapi: Error 400: Precondition check failed., failedPrecondition



Error: Error reading Project Service ci-gke-1b75/iamcredentials.googleapis.com: Error disabling service "iamcredentials.googleapis.com" for project "ci-gke-1b75": googleapi: Error 400: Precondition check failed., failedPrecondition


make: *** [Makefile:49: docker_test_cleanup] Error 1

Maybe I should try first updating our provider version before this patch. Thoughts?

[bharathkkb]

I wonder if it is just that ci-gke-0921 existed at some point in the past 30 days so its a random name conflict. I have seen this happen with our CI a couple of times and I will be increasing random chars here.

It is expected that make docker_test_prepare create two GCP projects. I would recommend to nuke the terraform.tfstate in thetest\setup folder, clean up ci-gke-1b75 manually and try a new make docker_test_prepare.

[comment-bot-dev]

Thanks for the PR! 🚀
Unfortunately it looks like some of our CI checks failed. See the Contributing Guide for details.

• ⚠️check_terraform
  Failed Terraform check. More details below.

Running terraform fmt
Running terraform validate
terraform_validate . 
Success!
The configuration is valid.
terraform_validate ./examples/deploy_service 
Success!
The configuration is valid.
terraform_validate ./examples/disable_client_cert 
Success!
The configuration is valid.
terraform_validate ./examples/node_pool 
Success!
The configuration is valid.
terraform_validate ./examples/node_pool_update_variant 
Success!
The configuration is valid.
terraform_validate ./examples/node_pool_update_variant_beta 
Success!
The configuration is valid.
terraform_validate ./examples/private_zonal_with_networking 
Success!
The configuration is valid.
terraform_validate ./examples/regional_private_node_pool_oauth_scopes 
Success!
The configuration is valid.
terraform_validate ./examples/safer_cluster 
Success!
The configuration is valid.
terraform_validate ./examples/safer_cluster_iap_bastion 
Success!
The configuration is valid.
terraform_validate ./examples/shared_vpc 
Success!
The configuration is valid.
terraform_validate ./examples/simple_regional 
Success!
The configuration is valid.
terraform_validate ./examples/simple_regional_beta 
Success!
The configuration is valid.
terraform_validate ./examples/simple_regional_private 
Success!
The configuration is valid.
terraform_validate ./examples/simple_regional_private_beta 
Success!
The configuration is valid.
terraform_validate ./examples/simple_regional_with_kubeconfig 
Success!
The configuration is valid.
terraform_validate ./examples/simple_regional_with_networking 
Success!
The configuration is valid.
terraform_validate ./examples/simple_zonal_private 
Success!
The configuration is valid.
terraform_validate ./examples/simple_zonal_with_acm 
Success!
The configuration is valid.
terraform_validate ./examples/simple_zonal_with_asm 
Success!
The configuration is valid.
terraform_validate ./examples/stub_domains 
Success!
The configuration is valid.
terraform_validate ./examples/stub_domains_private 
Success!
The configuration is valid.
terraform_validate ./examples/stub_domains_upstream_nameservers 
Success!
The configuration is valid.
terraform_validate ./examples/upstream_nameservers 
Success!
The configuration is valid.
terraform_validate ./examples/workload_identity 
Success!
The configuration is valid.
terraform_validate ./examples/workload_metadata_config 
Success!
The configuration is valid.
terraform_validate ./modules/acm 
Success!
The configuration is valid.
terraform_validate ./modules/asm 
Success!
The configuration is valid.
terraform_validate ./modules/auth 
Success!
The configuration is valid.
terraform_validate ./modules/beta-private-cluster 
Success!
The configuration is valid.
terraform_validate ./modules/beta-private-cluster-update-variant 
Success!
The configuration is valid.
terraform_validate ./modules/beta-public-cluster 
Success!
The configuration is valid.
terraform_validate ./modules/beta-public-cluster-update-variant 
Success!
The configuration is valid.
terraform_validate ./modules/binary-authorization 
Success!
The configuration is valid.
terraform_validate ./modules/config-sync 
Success!
The configuration is valid.
terraform_validate ./modules/k8s-operator-crd-support 
Success!
The configuration is valid.
terraform_validate ./modules/private-cluster 
Success!
The configuration is valid.
terraform_validate ./modules/private-cluster-update-variant 
Success!
The configuration is valid.
terraform_validate ./modules/safer-cluster 
Success!
The configuration is valid.
terraform_validate ./modules/safer-cluster-update-variant 
Success!
The configuration is valid.
terraform_validate ./modules/services 
Success!
The configuration is valid.
terraform_validate ./modules/workload-identity 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/beta_cluster 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/deploy_service 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/disable_client_cert 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/node_pool 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/node_pool_update_variant 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/private_zonal_with_networking 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/safer_cluster 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/safer_cluster_iap_bastion 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/sandbox_enabled 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/simple_regional 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/simple_regional_private 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/simple_regional_with_kubeconfig 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/simple_regional_with_networking 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/simple_zonal 
Error: 
Missing required argument
 on example.tf line 17, in module "example":
 17: module "example" 
{
The argument "region" is required, but no definition was found.
terraform_validate ./test/fixtures/simple_zonal_private 
Error: 
Missing required argument
 on example.tf line 17, in module "example":
 17: module "example" 
{
The argument "region" is required, but no definition was found.
terraform_validate ./test/fixtures/simple_zonal_with_asm 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/stub_domains 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/stub_domains_private 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/stub_domains_upstream_nameservers 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/upstream_nameservers 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/workload_identity 
Success!
The configuration is valid.
terraform_validate ./test/fixtures/workload_metadata_config 
Success!
The configuration is valid.
terraform_validate ./test/setup 
Success!
The configuration is valid.

[github-actions]

This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days