search

hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Mozilla Public License 2.0
2.28k stars 1.72k forks source link

Error: googleapi: Error 400: Malformed value for network field: "projects/{PROJECT_ID}/global/networks/https://www.googleapis.com/compute/v1/projects/{PROJECT_ID}/global/networks/staging-private-network" #18708

Open Vikas252 opened 1 month ago

Vikas252 commented 1 month ago

Community Note

Terraform Version & Provider Version(s)

Terraform v1.9.1 on windows_386

Affected Resource(s)

google_container_cluster

Terraform Configuration

main.tf

locals {
  cluster_type           = "alarm-system-autopilot-private"
  network_name           = "staging-private-network"
  subnet_name            = "alarm-system-private-subnet"
  master_auth_subnetwork = "alarm-system-private-master-subnet"
  pods_range_name        = "ip-range-pods-alarm-system-private"
  svc_range_name         = "ip-range-svc-alarm-system-private"
  subnet_names           = [for subnet_self_link in module.gcp-network.subnets_self_links : split("/", subnet_self_link)[length(split("/", subnet_self_link)) - 1]]
}

data "google_compute_network" "vpc" {
  depends_on = [ module.gcp-network ]
  name    = local.network_name
  project = var.host_project_id
}

data "google_compute_subnetwork" "subnet-for-k8s" {
  depends_on = [ module.gcp-network ]
  name    = local.subnet_name
  project = var.host_project_id
  region = var.region
}

data "google_client_config" "default" {}

provider "kubernetes" {
  host                   = "https://${module.gke.endpoint}"
  token                  = data.google_client_config.default.access_token
  cluster_ca_certificate = base64decode(module.gke.ca_certificate)
}

module "gke" {
  source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster"
  version = "~> 31.0"

  project_id                      = var.service_project_id
  name                            = "${local.cluster_type}-cluster"
  regional                        = true
  region                          = var.region
  network                         = data.google_compute_network.vpc.self_link
  subnetwork                      = data.google_compute_subnetwork.subnet-for-k8s.self_link
  ip_range_pods                   = local.pods_range_name
  ip_range_services               = local.svc_range_name
  release_channel                 = "REGULAR"
  enable_vertical_pod_autoscaling = true
  enable_private_endpoint         = true
  enable_private_nodes            = true
  network_tags                    = [local.cluster_type]
  deletion_protection             = false

  master_authorized_networks = [
    {
      cidr_block   = "10.60.0.0/17"  # Adjust as per your VPC CIDR range
      display_name = "VPC"
    },
  ]
}

network.tf

module "gcp-network" {
  source  = "terraform-google-modules/network/google"
  version = ">= 9.0"

  project_id   = var.host_project_id
  network_name = local.network_name

  subnets = [
    {
      subnet_name   = local.subnet_name
      subnet_ip     = "10.0.0.0/17"
      subnet_region = var.region
    },
    {
      subnet_name   = local.master_auth_subnetwork
      subnet_ip     = "10.60.0.0/17"
      subnet_region = var.region
    },
  ]

  secondary_ranges = {
    (local.subnet_name) = [
      {
        range_name    = local.pods_range_name
        ip_cidr_range = "192.168.0.0/18"
      },
      {
        range_name    = local.svc_range_name
        ip_cidr_range = "192.168.64.0/18"
      },
    ]
  }
}

outputs.tf

output "kubernetes_endpoint" {
  description = "The cluster endpoint"
  sensitive   = true
  value       = module.gke.endpoint
}

output "cluster_name" {
  description = "Cluster name"
  value       = module.gke.name
}

output "location" {
  value = module.gke.location
}

output "master_kubernetes_version" {
  description = "Kubernetes version of the master"
  value       = module.gke.master_version
}

output "ca_certificate" {
  sensitive   = true
  description = "The cluster ca certificate (base64 encoded)"
  value       = module.gke.ca_certificate
}

output "service_account" {
  description = "The service account to default running nodes as if not overridden in `node_pools`."
  value       = module.gke.service_account
}

output "network_name" {
  description = "The name of the VPC being created"
  value       = module.gcp-network.network_name
}

output "subnet_names" {
  description = "The names of the subnet being created"
  value       = module.gcp-network.subnets_names
}

output "region" {
  description = "The region in which the cluster resides"
  value       = module.gke.region
}

output "zones" {
  description = "List of zones in which the cluster resides"
  value       = module.gke.zones
}

output "project_id" {
  description = "The project ID the cluster is in"
  value       = var.service_project_id
}

output "network_self_link" {
  value = module.gcp-network.network_self_link
}

output "subnets_self_links" {
  value = module.gcp-network.subnets_self_links
}

Debug Output

https://gist.github.com/Vikas252/20a5f4a529d22dfbed5f0963d98e232f

Expected Behavior

Should create resources without any errors

Actual Behavior

All networking resources are created which are suppose to be created but getting error when tf is provisioning GKE Error: googleapi: Error 400: Malformed value for network field: "projects/{PROJECT_ID}/global/networks/https://www.googleapis.com/compute/v1/projects/{PROJECT_ID}/global/networks/staging-private-network"

Steps to reproduce

  1. terraform apply

Important Factoids

No response

References

All the codes which ive used are from https://github.com/terraform-google-modules ive used Kubernetes engine example for to create a autopilot cluster and am using a shared VPC

ggtisc commented 1 month ago

Hi @Vikas25!

This looks more like troubleshooting than a bug. I noticed that you are using a different nomenclature for the network argument. You need to use the google_compute_network.vpc.name for the google_container_cluster.network instead of data.google_compute_network.vpc.self_link

As you can see in the API documentation The correct nomenclature for the network argument is projects/my-project/global/networks/my-network, so you could test the functionality with the next structure which is similar to the terraform registry example:

resource "google_container_cluster" "container_cluster_18708" {
  name = "container-cluster-18708"
  location = "us-central1"
  deletion_protection = false
  initial_node_count = 1
  network = "projects/my-project/global/networks/my-network"
}

It is a good practice to use locals, variables, modules and so on, but I suggest you to 1st read the API documentation to see how it works and simplify your code for testing purposes, then you can go and adapt this to your current code configuration.