search

terraform-google-modules / terraform-google-kubernetes-engine

Configures opinionated GKE clusters
https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google
Apache License 2.0
1.15k stars 1.17k forks source link

Unable to apply anthos service mesh module facing ERROR: (gcloud.container.clusters.get-credentials) You do not currently │ have an active account selected. #1898

Closed Rajchirag1993 closed 5 months ago

Rajchirag1993 commented 8 months ago

TL;DR

Error: local-exec provisioner error │ │ with module.kubernetes-engine_asm.module.cpr[0].module.gcloud_kubectl.null_resource.run_command[0], │ on .terraform/modules/kubernetes-engine_asm.cpr/main.tf line 232, in resource "null_resource" "run_command": │ 232: provisioner "local-exec" { │ │ Error running command │ 'PATH=/home/tfc-agent/.tfc-agent/component/terraform/runs/run-pj57QW9bsBiB4Rbi/config/.terraform/modules/kubernetes-engine_asm.cpr/cache/d3b27061/google-cloud-sdk/bin:$PATH │ .terraform/modules/kubernetes-engine_asm.cpr/modules/kubectl-wrapper/scripts/kubectl_wrapper.sh (gcloud.container.clusters.get-credentials) You do not currently │ have an active account selected.

Expected behavior

Unable to deploy the anthos service mesh module. Please see the error.

Observed behavior

module.kubernetes-engine_asm.module.cpr[0].module.gcloud_kubectl.null_resource.run_command[0] (local-exec): + CMD+=' --region us-central1' module.kubernetes-engine_asm.module.cpr[0].module.gcloud_kubectl.null_resource.run_command[0] (local-exec): + false module.kubernetes-engine_asm.module.cpr[0].module.gcloud_kubectl.null_resource.run_command[0] (local-exec): + gcloud container clusters get-credentials caas-sbx-cluster --project corp-slvr-shared3l --region us-central1 module.kubernetes-engine_asm.module.cpr[0].module.gcloud_kubectl.null_resource.decompress_destroy[0]: Creation complete after 0s [id=7515093046312254231] module.kubernetes-engine_asm.module.cpr[0].module.gcloud_kubectl.null_resource.run_command[0] (local-exec): ERROR: (gcloud.container.clusters.get-credentials) You do not currently have an active account selected. module.kubernetes-engine_asm.module.cpr[0].module.gcloud_kubectl.null_resource.run_command[0] (local-exec): Please run:

module.kubernetes-engine_asm.module.cpr[0].module.gcloud_kubectl.null_resource.run_command[0] (local-exec): $ gcloud auth login

module.kubernetes-engine_asm.module.cpr[0].module.gcloud_kubectl.null_resource.run_command[0] (local-exec): to obtain new credentials.

module.kubernetes-engine_asm.module.cpr[0].module.gcloud_kubectl.null_resource.run_command[0] (local-exec): If you have already logged in with a different account, run:

module.kubernetes-engine_asm.module.cpr[0].module.gcloud_kubectl.null_resource.run_command[0] (local-exec): $ gcloud config set account ACCOUNT

module.kubernetes-engine_asm.module.cpr[0].module.gcloud_kubectl.null_resource.run_command[0] (local-exec): to select an already authenticated account to use. module.kubernetes-engine_asm.module.cpr[0].module.gcloud_kubectl.null_resource.run_command[0] (local-exec): + cleanup module.kubernetes-engine_asm.module.cpr[0].module.gcloud_kubectl.null_resource.run_command[0] (local-exec): + rm -rf /tmp/kubectl_wrapper_14389_12006 ╷ │ Error: local-exec provisioner error │ │ with module.kubernetes-engine_asm.module.cpr[0].module.gcloud_kubectl.null_resource.run_command[0], │ on .terraform/modules/kubernetes-engine_asm.cpr/main.tf line 232, in resource "null_resource" "run_command": │ 232: provisioner "local-exec" { │ │ Error running command │ 'PATH=/home/tfc-agent/.tfc-agent/component/terraform/runs/run-pj57QW9bsBiB4Rbi/config/.terraform/modules/kubernetes-engine_asm.cpr/cache/d3b27061/google-cloud-sdk/bin:$PATH │ .terraform/modules/kubernetes-engine_asm.cpr/modules/kubectl-wrapper/scripts/kubectl_wrapper.sh │ caas-sbx-cluster us-central1 corp-slvr-shared3l false false │ .terraform/modules/kubernetes-engine_asm/modules/asm/scripts/create_cpr.sh │ asm-managed-stable stable true false │ ': exit status 1. Output: + '[' 10 -lt 5 ']' │ + CLUSTER_NAME=caas-sbx-cluster │ + LOCATION=us-central1 │ + PROJECT_ID=corp-slvr-shared3l │ + INTERNAL=false │ + USE_EXISTING_CONTEXT=false │ + │ ENABLE_IMPERSONATE_SERVICE_ACCOUNT=.terraform/modules/kubernetes-engine_asm/modules/asm/scripts/create_cpr.sh │ + IMPERSONATE_SERVICE_ACCOUNT=asm-managed-stable │ + shift 5 │ + false │ + RANDOM_ID=14389_12006 │ + export TMPDIR=/tmp/kubectl_wrapper_14389_12006 │ + TMPDIR=/tmp/kubectl_wrapper_14389_12006 │ + trap cleanup EXIT │ + mkdir /tmp/kubectl_wrapper_14389_12006 │ + export KUBECONFIG=/tmp/kubectl_wrapper_14389_12006/config │ + KUBECONFIG=/tmp/kubectl_wrapper_14389_12006/config │ ++ grep -o - │ ++ wc -l │ + LOCATION_TYPE=1 │ + CMD='gcloud container clusters get-credentials caas-sbx-cluster --project │ corp-slvr-shared3l' │ + [[ │ .terraform/modules/kubernetes-engine_asm/modules/asm/scripts/create_cpr.sh │ == true ]] │ + [[ 1 -eq 2 ]] │ + CMD+=' --region us-central1' │ + false │ + gcloud container clusters get-credentials caas-sbx-cluster --project │ corp-slvr-shared3l --region us-central1 │ ERROR: (gcloud.container.clusters.get-credentials) You do not currently │ have an active account selected. │ Please run: │ │ $ gcloud auth login │ │ to obtain new credentials. │ │ If you have already logged in with a different account, run: │ │ $ gcloud config set account ACCOUNT │ │ to select an already authenticated account to use. │ + cleanup │ + rm -rf /tmp/kubectl_wrapper_14389_12006 │ ╵ Operation failed: failed running terraform apply (exit 1)

Terraform Configuration

module "kubernetes-engine_asm" {
  source  = "terraform-google-modules/kubernetes-engine/google//modules/asm"
  version = "30.0.0"
  project_id        = var.project_id
  cluster_name      = var.cluster_name_gke
  cluster_location  = var.location
  enable_cni        = true
  enable_fleet_registration = true
  fleet_id          = "corp-slvr-shared3l"
  channel           = "stable"
  multicluster_mode = "connected"
}

Terraform Version

1.3.9

Additional information

No response

bharathkkb commented 7 months ago

Hi @Rajchirag1993, you can use one of these options to automatically authenticate gcloud within TFC https://cloud.google.com/docs/authentication/application-default-credentials#GAC

Rajchirag1993 commented 7 months ago

Hello @bharathkkb,

Thank you so much for your reply.

We are using enterprise terraform to deploy asm on private gke cluster, We are in huge need of deploying ASM. Can we quickly connect over a call to understand the asm module and to resolve this issue ?

I believe this asm module taking care of authentication part, Its not the case ?

Our organization doesn't allow to generate service account keys and stuff.

github-actions[bot] commented 5 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days