Open WTPascoe opened 8 months ago
The reference document [1] is based on the latest version of Config Connector.
spec.replication.auto
is not supported in 1.102.0. [2]. Could you install the latest version and see if it works?
[1] https://cloud.google.com/config-connector/docs/reference/overview
Could you install the latest version and see if it works?
I'll need a little time to work out how to do that. We deploy clusters using terraform terraform-google-modules/kubernetes-engine/google//modules/safer-cluster-update-variant 29.0.0 and I don't see anything in those docs about specifying a config_connector version.
I'll update after I work that out, but any tips would be appreciated thanks.
Are you able to share the terraform config snippet related to Config Connector?
It is likely you are installing config connector in a GKE cluster through GKE Add-on. If that's the case, you may need to switch to a different installation method to get a more recent version of Config Connector.
https://cloud.google.com/config-connector/docs/concepts/installation-types
Switching to a manually managed later version resolves this issue, but poses some troubling questions about managing this in GKE.
It looks like config connector version is tightly coupled to gke version according to https://cloud.google.com/config-connector/docs/how-to/install-manually#switch-add-on and there is no way to upgrade without uninstalling first.
When installed as an add-on, the version of Config Connector is directly tied to the GKE version that is installed.
It also says
The version of Config Connector installed through Config Connector add-on can be significantly behind by up to 12 months if you are not always using the latest GKE minor version.
However, in a cluster running 1.28.4-gke.1083000 whichis the current latest version available on the rapid channel, we still only see config connector version 1.102.0. This is quite a lag between documentation and what's being actively deployed. We would prefer to avoid the overhead of having to manage this separately to the rest of our GKE cluster.
Is there a way to find the release schedule for this and what GKE versions wil bring new config connector versions?
Checklist
Bug Description
Attempting to apply a SecretManagerSecret yaml definition with replication.auto.customerManagedEncryption fails with the following error:
The SecretManagerSecret docs imply that this is the correct setting.
Additional Diagnostic Information
This looks similar to https://github.com/GoogleCloudPlatform/k8s-config-connector/issues/1081 but the conversation there implies that this is likely related to the terraform component. I believe that my issue is different because the resource cannot be created in EKS at all.
Creating SecretManagerSecret with replication set to
userManaged
allows us to set CMEK values as expected.I've replicated this on an existing cluster and a new cluster created on Friday 12 January.
Kubernetes Cluster Version
Server Version: v1.28.4-gke.1083000
Config Connector Version
1.102.0
Config Connector Mode
cluster mode
Log Output
No response
Steps to reproduce the issue
YAML snippets