Project setup error -- anthos service mesh -- Workload Identity Pool does not exist

[Bobgy]

curl --request POST \
  --header "Authorization: Bearer $(gcloud auth print-access-token)" \
  --data '' \
  https://meshconfig.googleapis.com/v1alpha1/projects/${PROJECT_ID}:initialize

Refer to Anthos Service Mesh documentation for details. You do not need a running GKE cluster. The deployment process creates a cluster for you.

Executing this step generates the following error:

{
  "error": {
    "code": 400,
    "message": "Workload Identity Pool does not exist (project-xxx.svc.id.goog).",
    "status": "INVALID_ARGUMENT"
  }
}

I've verified that the project exists and the meshconfig api is enabled for it.

Will this be solved at some point? Having errors basically in the first setup step should be avoided.

Originally posted by @SaschaHeyer in https://github.com/kubeflow/website/issues/2121#issuecomment-761116195

[BoHuang2018]

I had the same problem on GKE. The workload_identity_role cannot be created directly. Solution is to create a temporary cluster with workload pool, then deleted the temporary cluster immediately. After this, the GCP project's workload pool can be used by Terraform/gcloud .... Please refer to https://github.com/kubeflow/website/issues/2121