Open zijianjoy opened 2 years ago
Error:
create kind cluster failed: error validating cluster config: 3 errors occurred:
* GKERegister check failed: 2 errors occurred:
* Get "https://gkehub.googleapis.com/v1beta1/projects/jamxl-kfp-dev/locations/global/memberships/anthos-gce-cluster": oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}
* invalid/expired service account key for "baremetal-gcr@jamxl-kfp-dev.iam.gserviceaccount.com": please check service account at Google Cloud Console -> IAM & Admin -> Service Accounts
* ClusterOperations check failed: invalid/expired service account key for "baremetal-gcr@jamxl-kfp-dev.iam.gserviceaccount.com": please check service account at Google Cloud Console -> IAM & Admin -> Service Accounts
* GCR pull permission for bucket: artifacts.anthos-baremetal-release.appspot.com failed: invalid/expired service account key for "baremetal-gcr@jamxl-kfp-dev.iam.gserviceaccount.com": please check service account at Google Cloud Console -> IAM & Admin -> Service Accounts
[2021-10-11 04:26:58+0000] Deleting bootstrap cluster... OK
[2021-10-11 04:26:58+0000] Error creating cluster: create kind cluster failed: error validating cluster config: 3 errors occurred:
* GKERegister check failed: 2 errors occurred:
* Get "https://gkehub.googleapis.com/v1beta1/projects/jamxl-kfp-dev/locations/global/memberships/anthos-gce-cluster": oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}
* invalid/expired service account key for "baremetal-gcr@jamxl-kfp-dev.iam.gserviceaccount.com": please check service account at Google Cloud Console -> IAM & Admin -> Service Accounts
* ClusterOperations check failed: invalid/expired service account key for "baremetal-gcr@jamxl-kfp-dev.iam.gserviceaccount.com": please check service account at Google Cloud Console -> IAM & Admin -> Service Accounts
* GCR pull permission for bucket: artifacts.anthos-baremetal-release.appspot.com failed: invalid/expired service account key for "baremetal-gcr@jamxl-kfp-dev.iam.gserviceaccount.com": please check service account at Google Cloud Console -> IAM & Admin -> Service Accounts
Error: create kind cluster failed: error validating cluster config: 3 errors occurred:
* GKERegister check failed: 2 errors occurred:
* Get "https://gkehub.googleapis.com/v1beta1/projects/jamxl-kfp-dev/locations/global/memberships/anthos-gce-cluster": oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid JWT Signature."}
* invalid/expired service account key for "baremetal-gcr@jamxl-kfp-dev.iam.gserviceaccount.com": please check service account at Google Cloud Console -> IAM & Admin -> Service Accounts
* ClusterOperations check failed: invalid/expired service account key for "baremetal-gcr@jamxl-kfp-dev.iam.gserviceaccount.com": please check service account at Google Cloud Console -> IAM & Admin -> Service Accounts
* GCR pull permission for bucket: artifacts.anthos-baremetal-release.appspot.com failed: invalid/expired service account key for "baremetal-gcr@jamxl-kfp-dev.iam.gserviceaccount.com": please check service account at Google Cloud Console -> IAM & Admin -> Service Accounts
Usage:
bmctl create cluster [flags]
Flags:
--bootstrap-cluster-pod-cidr string Bootstrap cluster pod CIDR (default "192.168.122.0/24")
--bootstrap-cluster-service-cidr string Bootstrap cluster service CIDR (default "10.96.0.0/27")
-c, --cluster cluster name Cluster name, cluster config is expected to be placed under <workspace dir>/<cluster name>/<cluster name>.yaml (default )
--force If true, ignore errors from preflight checks and validation except for GCP check errors.
-h, --help help for cluster
--ignore-validation-errors A validation error override, allowing to proceed despite the validation errors.
--kubeconfig string The path to the kubeconfig file for the admin cluster
--reuse-bootstrap-cluster If true, use existing bootstrap cluster.
Global Flags:
--stderrthreshold severity logs at or above this threshold go to stderr (default 3, possible values 0 to 3, corresponding to severity levels INFO, WARNING, ERROR, and FATAL)
-v, --v Level number for the log level verbosity (default 1, possible values 0 to 5 (though there is no strict max), increase value to see more verbose logs)
--workspace-dir workspace directory bmctl workspace directory path (default "bmctl-workspace" under the current directory)
F1011 04:26:58.204666 14144 root.go:28]
export PROJECT_ID=$(gcloud config get-value project)
gcloud iam service-accounts keys create bm-gcr.json \
--iam-account=baremetal-gcr@${PROJECT_ID}.iam.gserviceaccount.com
mv ./bm-gcr.json /root/bm-gcr.json
sudo bmctl create cluster -c anthos-gce-cluster
Creating bare metal cluster will cause AI Platform Hosted Pipelines to fail, because it doesn't have keystore key external_cluster_credential_wrapping_key
access. Be careful before creating bare metal cluster.