search

clusterinthecloud / terraform

Terraform config for Cluster in the Cloud
https://cluster-in-the-cloud.readthedocs.io
MIT License
20 stars 23 forks source link

Problems creating new clusters after the first one #51

Closed verdurin closed 4 years ago

verdurin commented 4 years ago

I've been iterating through various clusters and I see a problem after the first deployment.

If I try to re-use the existing service account, that fails, so I try deleting the service account and starting from scratch. However, at the apply stage there are permission errors:

google_compute_network.vpc_network: Creating...
google_service_account.mgmt-sa: Creating...
Error: Error creating Network: googleapi: Error 403: Required 'compute.networks.create' permission for 'projects/<project ID>/global/networks/citc-net', forbidden
  on google-cloud-platform/networking.tf line 2, in resource "google_compute_network" "vpc_network":
   2: resource "google_compute_network" "vpc_network" {
Error: Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/<project ID>., forbidden
  on google-cloud-platform/service-account.tf line 2, in resource "google_service_account" "mgmt-sa":
   2: resource "google_service_account" "mgmt-sa" {
verdurin commented 4 years ago

This is after using terraform destroy for the previous clusters.

milliams commented 4 years ago

We have since reworked how the service account permissions are set so this should not be an issue now.