Open chainlink opened 2 years ago
@chainlink The error above reads like you don't have permission to actually call the Kubernetes Engine API with the user/service account you're running as and not an issue with the program itself. Have you confirmed that the user/account has the right permissions?
Sorry, I re-read your code. Isn't it going to be the case that:
const projectKubernetes = new gcp.projects.Service("kubernetes-api", {
disableDependentServices: true,
project: "my-proj", //TODO Derive project name from stack
service: "container.googleapis.com",
});
will apply to my-proj
whereas your gcp.container.getEngineVersions().then(x=> x.latestMasterVersion)
call is taking place w/in the context of potentially a different project? Or are these the same project?
Hi @leezen thanks for the reply. Yes in this case they're the same project.
Ah, one other thought then is that there's no dependency relationship between having the project.Service
resource created before the invoke happens. One thing you could try would be something like the following:
export const cluster = new gcp.container.Cluster("gke-cluster", {
initialNodeCount: 1,
removeDefaultNodePool: true,
minMasterVersion: projectKubernetes.id.apply(id => gcp.container.getEngineVersions().then(x=> x.latestMasterVersion)),
});
This way, you're ensuring that the Service
creation has taken place before getEngineVersions
Also relevant is #685 where it seems like the Service
resource has known timing issues.
Desired behavior Create a GCP project, enable APIs, and create kubernetes cluster in one preview/run.
As an example, this module has the option to enable APIs when creating the project https://github.com/terraform-google-modules/terraform-google-project-factory
I'm not sure how to duplicate this functionality in pulumi. I have:
Which results in: