Open obriensystems opened 2 years ago
What error are the projects giving you?
kubectl describe project.resourcemanager.cnrm.cloud.google.com/audit-prj-id-old1
Re-reading this issue. Are you running kpt live init
before every deploy?
Yes, understand this is a known issue - documenting for the automated script in https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/dev/solutions/landing-zone/deployment.sh#L113
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/landing-zone landing-zone
# cp the setters.yaml
cp pubsec-declarative-toolkit/solutions/landing-zone/setters.yaml landing-zone/
kpt live init landing-zone --namespace config-control
kpt live apply landing-zone --reconcile-timeout=2m --output=table
michael@cloudshell:~/dev/pdt-oldev/obriensystems (controller-oldev-3495)$ kpt live apply landing-zone --reconcile-timeout=2m --output=table
I1207 18:56:53.675976 12418 request.go:601] Waited for 1.165556178s due to client-side throttling, not priority and fairness, request: GET:https://35.203.38.53/apis/spanner.cnrm.cloud.google.com/v1beta1?timeout=32s
Error: 4 resource types could not be found in the cluster or as CRDs among the applied resources.
Resource types:
[constraints.gatekeeper.sh/v1beta1](http://constraints.gatekeeper.sh/v1beta1), Kind=NamingPolicy
[constraints.gatekeeper.sh/v1beta1](http://constraints.gatekeeper.sh/v1beta1), Kind=DataLocation
[constraints.gatekeeper.sh/v1beta1](http://constraints.gatekeeper.sh/v1beta1), Kind=LimitEgressTraffic
[constraints.gatekeeper.sh/v1beta1](http://constraints.gatekeeper.sh/v1beta1), Kind=CloudMarketPlaceConfig
The suggested addition to the root .krmignore works https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/main/solutions/landing-zone/.krmignore#L1 cicd-examples/ +constraint.yaml
NAMESPACE RESOURCE ACTION STATUS RECONCILED CONDITIONS AGE MESSAGE
ConstraintTemplate/cloudmarketplaceconfi Successful Current <None> 81s Resource is current
ConstraintTemplate/datalocation Successful Current <None> 81s Resource is current
ConstraintTemplate/limitegresstraffic Successful Current <None> 81s Resource is current
ConstraintTemplate/namingpolicy Successful Current <None> 80s Resource is current
common ComputeFirewall/allow-egress-internet-pr Unknown - -
common ComputeFirewall/allow-egress-internet-pu Unknown - -
common ComputeFirewall/allow-ssh-ingress-pr Unknown - -
common ComputeFirewall/allow-ssh-ingressp Unknown - -
common ComputeNetwork/common-ha-perimeter Unknown - -
common ComputeNetwork/common-mgmt-perimeter Unknown - -
common ComputeNetwork/priv-perimeter Unknown - -
Freed up billing quota - working
Status:
Conditions:
Last Transition Time: 2022-12-08T01:46:49Z
Message: The resource is up to date
Reason: UpToDate
Status: True
Type: Ready
Number: 1013829665443
Observed Generation: 2
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning DependencyNotReady 49m project-controller reference Folder config-control/audit-and-security.audit is not ready
Warning UpdateFailed 34m (x13 over 48m) project-controller Update call failed: error applying desired state: summary: failed pre-requisites: missing permission on "billingAccounts/011D7E-BD499C-CF71C5": billing.resourceAssociations.create
Normal Updating 2m11s (x29 over 48m) project-controller Update in progress
michael@cloudshell:~/dev/pdt-oldev/obriensystems (kcc-lz-8597)$ kubectl describe project.resourcemanager.cnrm.cloud.google.com/audit-prj-id-oldv1
michael@cloudshell:~/dev/pdt-oldev/obriensystems (kcc-lz-8597)$ kubectl get gcp | grep UpdateFailed resourcemanagerpolicy.resourcemanager.cnrm.cloud.google.com/restrict-resource-locations 50m False UpdateFailed 50m resourcemanagerpolicy.resourcemanager.cnrm.cloud.google.com/storage-public-access-prevention 50m False UpdateFailed 50m storagebucket.storage.cnrm.cloud.google.com/audit-audit-prj-id-oldv1 50m False UpdateFailed 50m michael@cloudshell:~/dev/pdt-oldev/obriensystems (kcc-lz-8597)$ kubectl get gcp | grep UpdateFailed | wc -l 3
dup to #114
Describe the bug kpt live apply - having periodic issues applying to the cc (after a successful replacement render (see #103 and #111) same issue as https://github.com/GoogleContainerTools/kpt/issues/1724
To Reproduce
Expected behavior A clear and concise description of what you expected to happen.
Screenshots If applicable, add screenshots to help explain your problem.
Additional context Add any other context about the problem here.
Solution
folders coming up
will take over an hour to bring up the system state so far is