search

terraform-google-modules / terraform-google-kubernetes-engine

Configures opinionated GKE clusters
https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google
Apache License 2.0
1.14k stars 1.17k forks source link

asm module failure #1078

Closed SushmaOg closed 2 years ago

SushmaOg commented 2 years ago

TL;DR

Terraform apply is failing in version number 17.0.0 with given error

│ Error: local-exec provisioner error │ │ with module.asm-primary.module.asm_install.module.gcloud_kubectl.null_resource.run_destroy_command[0], │ on .terraform/modules/asm-primary.asm_install/main.tf line 258, in resource "null_resource" "run_destroy_command": │ 258: provisioner "local-exec" { │ │ Error running command 'PATH=/google-cloud-sdk/bin:$PATH │ .terraform/modules/asm-primary.asm_install/modules/kubectl-wrapper/scripts/kubectl_wrapper.sh nonprod-gke-cluster-01 us-central1 nonprod-ha-infrastructure false false kubectl │ delete ns istio-system │ ': exit status 1. Output: + '[' 9 -lt 5 ']' │ + CLUSTER_NAME=nonprod-gke-cluster-01 │ + LOCATION=us-central1 │ + PROJECT_ID=nonprod-ha-infrastructure │ + INTERNAL=false │ + USE_EXISTING_CONTEXT=false │ + ENABLE_IMPERSONATE_SERVICE_ACCOUNT=kubectl │ + IMPERSONATE_SERVICE_ACCOUNT=delete │ + shift 5 │ + false │ + RANDOM_ID=20535_30780 │ + export TMPDIR=/tmp/kubectl_wrapper_20535_30780 │ + TMPDIR=/tmp/kubectl_wrapper_20535_30780 │ + trap cleanup EXIT │ + mkdir /tmp/kubectl_wrapper_20535_30780 │ + export KUBECONFIG=/tmp/kubectl_wrapper_20535_30780/config │ + KUBECONFIG=/tmp/kubectl_wrapper_20535_30780/config │ ++ wc -l │ ++ grep -o - │ + LOCATION_TYPE=1 │ + CMD='gcloud container clusters get-credentials nonprod-gke-cluster-01 --project nonprod-ha-infrastructure' │ + [[ kubectl == true ]] │ + [[ 1 -eq 2 ]] │ + CMD+=' --region us-central1' │ + false │ + gcloud container clusters get-credentials nonprod-gke-cluster-01 --project nonprod-ha-infrastructure --region us-central1 │ Fetching cluster endpoint and auth data. │ kubeconfig entry generated for nonprod-gke-cluster-01. │ + kubectl delete ns istio-system │ Error from server (NotFound): namespaces "istio-system" not found │ + cleanup │ + rm -rf /tmp/kubectl_wrapper_20535_30780 │ ╵ ╷ │ Error: local-exec provisioner error │ │ with module.asm-secondary.module.asm_install.module.gcloud_kubectl.null_resource.run_destroy_command[0], │ on .terraform/modules/asm-secondary.asm_install/main.tf line 258, in resource "null_resource" "run_destroy_command": │ 258: provisioner "local-exec" { │ │ Error running command 'PATH=/google-cloud-sdk/bin:$PATH │ .terraform/modules/asm-secondary.asm_install/modules/kubectl-wrapper/scripts/kubectl_wrapper.sh nonprod-gke-cluster-02 us-west1 nonprod-ha-infrastructure false false kubectl │ delete ns istio-system │ ': exit status 1. Output: + '[' 9 -lt 5 ']' │ + CLUSTER_NAME=nonprod-gke-cluster-02 │ + LOCATION=us-west1 │ + PROJECT_ID=nonprod-ha-infrastructure │ + INTERNAL=false │ + USE_EXISTING_CONTEXT=false │ + ENABLE_IMPERSONATE_SERVICE_ACCOUNT=kubectl │ + IMPERSONATE_SERVICE_ACCOUNT=delete │ + shift 5 │ + false │ + RANDOM_ID=23311_25697 │ + export TMPDIR=/tmp/kubectl_wrapper_23311_25697 │ + TMPDIR=/tmp/kubectl_wrapper_23311_25697 │ + trap cleanup EXIT │ + mkdir /tmp/kubectl_wrapper_23311_25697 │ + export KUBECONFIG=/tmp/kubectl_wrapper_23311_25697/config │ + KUBECONFIG=/tmp/kubectl_wrapper_23311_25697/config │ ++ grep -o - │ ++ wc -l │ + LOCATION_TYPE=1 │ + CMD='gcloud container clusters get-credentials nonprod-gke-cluster-02 --project nonprod-ha-infrastructure' │ + [[ kubectl == true ]] │ + [[ 1 -eq 2 ]] │ + CMD+=' --region us-west1' │ + false │ + gcloud container clusters get-credentials nonprod-gke-cluster-02 --project nonprod-ha-infrastructure --region us-west1 │ Fetching cluster endpoint and auth data. │ kubeconfig entry generated for nonprod-gke-cluster-02. │ + kubectl delete ns istio-system │ Error from server (NotFound): namespaces "istio-system" not found │ + cleanup │ + rm -rf /tmp/kubectl_wrapper_23311_25697 │

Expected behavior

It should not throw error on namespace creation

Observed behavior

No response

Terraform Configuration

module "asm-primary" {
  source           = "terraform-google-modules/kubernetes-engine/google//modules/asm"
  version          = "17.0.0"
  project_id       = data.google_client_config.current.project
  cluster_name     = module.primary-cluster.name
  location         = module.primary-cluster.location
  cluster_endpoint = module.primary-cluster.endpoint
  asm_version = "1.10"
  enable_namespace_creation = true

}

module "asm-secondary" {
  source           = "terraform-google-modules/kubernetes-engine/google//modules/asm"
  version          = "17.0.0"
  project_id       = data.google_client_config.current.project
  cluster_name     = module.secondary-cluster.name
  location         = module.secondary-cluster.location
  cluster_endpoint = module.secondary-cluster.endpoint

  asm_version = "1.10"
  enable_namespace_creation = true

}

Terraform Version

1.0.11

Additional information

No response

morgante commented 2 years ago

Unfortunately the ASM module is not currently working, we're planning a new version in the near future which will not use the kubectl wrapper.

github-actions[bot] commented 2 years ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

mrs-devops commented 1 year ago

@morgante Are you still working on ASM module updates, it is still not working. I am getting similar issue but with gcloud auth plugin - also seems that kubectl wrapper is still being used.

hamdiBouhani commented 1 year ago

@morgante & @mrs-devops I am getting similar issue with gcloud auth:

│ Error: local-exec provisioner error
│ 
│   with module.k8s_v2_asm[0].module.cpr.module.gcloud_kubectl.null_resource.run_destroy_command[0],
│   on .terraform/modules/k8s_v2_asm.cpr/main.tf line 258, in resource "null_resource" "run_destroy_command":
│  258:   provisioner "local-exec" {
│ 
│ Error running command 'PATH=/google-cloud-sdk/bin:$PATH
│ .terraform/modules/k8s_v2_asm.cpr/modules/kubectl-wrapper/scripts/kubectl_wrapper.sh
│ dealroom-development-v2 europe-west4 core-platform-develop-v2-ad5a false false
│ .terraform/modules/k8s_v2_asm/modules/asm/scripts/destroy_cpr.sh asm-managed-stable
│ ': exit status 1. Output: + '[' 7 -lt 5 ']'
│ + CLUSTER_NAME=d1-development-v2
│ + LOCATION=europe-west4
│ + PROJECT_ID=core-platform-develop-v2-ad5a
│ + INTERNAL=false
│ + USE_EXISTING_CONTEXT=false
│ +
│ ENABLE_IMPERSONATE_SERVICE_ACCOUNT=.terraform/modules/k8s_v2_asm/modules/asm/scripts/destroy_cpr.sh
│ + IMPERSONATE_SERVICE_ACCOUNT=asm-managed-stable
│ + shift 5
│ + false
│ + RANDOM_ID=32641_641
│ + export TMPDIR=/tmp/kubectl_wrapper_32641_641
│ + TMPDIR=/tmp/kubectl_wrapper_32641_641
│ + trap cleanup EXIT
│ + mkdir /tmp/kubectl_wrapper_32641_641
│ + export KUBECONFIG=/tmp/kubectl_wrapper_32641_641/config
│ + KUBECONFIG=/tmp/kubectl_wrapper_32641_641/config
│ ++ grep -o -
│ ++ wc -l
│ + LOCATION_TYPE=1
│ + CMD='gcloud container clusters get-credentials d1-development-v2 --project
│ core-platform-develop-v2-ad5a'
│ + [[ .terraform/modules/k8s_v2_asm/modules/asm/scripts/destroy_cpr.sh == true ]]
│ + [[ 1 -eq 2 ]]
│ + CMD+=' --region europe-west4'
│ + false
│ + gcloud container clusters get-credentials d1-development-v2 --project
│ core-platform-develop-v2-vljvjhvhv --region europe-west4
│ Fetching cluster endpoint and auth data.
│ ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=401, message=Request
│ had invalid authentication credentials. Expected OAuth 2 access token, login cookie or
│ other valid authentication credential. See
│ https://developers.google.com/identity/sign-in/web/devconsole-project.
│ + cleanup
│ + rm -rf /tmp/kubectl_wrapper_32641_641
│ 
╵