I've been iterating through various clusters and I see a problem after the first deployment.
If I try to re-use the existing service account, that fails, so I try deleting the service account and starting from scratch. However, at the apply stage there are permission errors:
google_compute_network.vpc_network: Creating...
google_service_account.mgmt-sa: Creating...
Error: Error creating Network: googleapi: Error 403: Required 'compute.networks.create' permission for 'projects/<project ID>/global/networks/citc-net', forbidden
on google-cloud-platform/networking.tf line 2, in resource "google_compute_network" "vpc_network":
2: resource "google_compute_network" "vpc_network" {
Error: Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/<project ID>., forbidden
on google-cloud-platform/service-account.tf line 2, in resource "google_service_account" "mgmt-sa":
2: resource "google_service_account" "mgmt-sa" {
I've been iterating through various clusters and I see a problem after the first deployment.
If I try to re-use the existing service account, that fails, so I try deleting the service account and starting from scratch. However, at the
apply
stage there are permission errors: