search

kubernetes-sigs / cluster-api-provider-gcp

The GCP provider implementation for Cluster API
Apache License 2.0
184 stars 196 forks source link

GKE Autopilot support appears broken #1308

Closed jasonumiker closed 1 month ago

jasonumiker commented 1 month ago

I've been trying to spin up a GKE Autopilot and it appears that the functionality is broken. My guess is that maybe more restrictions have put on GKE Autopilot by default since it launched re: access tokens?

It stays forever in GKEControlPlaneCreating:

NAME                                                            READY  SEVERITY  REASON                   SINCE  MESSAGE 
Cluster/capi-gke                                                False  Info      GKEControlPlaneCreating  10m             
├─ClusterInfrastructure - GCPManagedCluster/capi-gke                                                                      
└─ControlPlane - GCPManagedControlPlane/capi-gke-control-plane  False  Info      GKEControlPlaneCreating  10m

And the logs show the following over and over: "Reconciler error" err="creating kubeconfig secret: error generating access token: rpc error: code = InvalidArgument desc = Invalid form of account ID . Should be [Gaia ID |Email |Unique ID |] of the account" controller="gcpmanagedcontrolplane" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="GCPManagedControlPlane" GCPManagedControlPlane="default/capi-gke-control-plane"

And here are my manifests:

apiVersion: cluster.x-k8s.io/v1beta1
kind: Cluster
metadata:
  name: capi-gke
  namespace: default
spec:
  clusterNetwork:
    pods:
      cidrBlocks:
      - 192.168.0.0/16
  controlPlaneRef:
    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
    kind: GCPManagedControlPlane
    name: capi-gke-control-plane
  infrastructureRef:
    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
    kind: GCPManagedCluster
    name: capi-gke
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: GCPManagedCluster
metadata:
  name: capi-gke
  namespace: default
spec:
  network:
    name: default
  project: project-XXXXXX
  region: australia-southeast1
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: GCPManagedControlPlane
metadata:
  name: capi-gke-control-plane
  namespace: default
spec:
  location: australia-southeast1
  project: project-XXXXXX
  enableAutopilot: true
  releaseChannel: stable
jasonumiker commented 1 month ago

Nevermind - instead of using my credentials in .gcloud I created a Service Account and used that instead. A bit buried in the docs was this - https://github.com/kubernetes-sigs/cluster-api-provider-gcp/blob/main/docs/book/src/topics/prerequisites.md#create-a-service-account