terraform-google-kubernetes-engine icon indicating copy to clipboard operation
terraform-google-kubernetes-engine copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

Error: local-exec provisioner error - ASM Module

Open jobyglcoud opened this issue 2 years ago • 1 comments

Source Code source = "terraform-google-modules/kubernetes-engine/google//modules/asm" version = "22.0.0"

Error: local-exec provisioner error │ │ with module.asm.module.asm.module.cpr.module.gcloud_kubectl.null_resource.run_command[0], │ on .terraform/modules/asm.asm.cpr/main.tf line 231, in resource "null_resource" "run_command": │ 231: provisioner "local-exec" { │ │ Error running command 'PATH=/google-cloud-sdk/bin:$PATH │ .terraform/modules/asm.asm.cpr/modules/kubectl-wrapper/scripts/kubectl_wrapper.sh │ false false .terraform/modules/asm.asm/modules/asm/scripts/create_cpr.sh │ asm-managed regular true false │ ': exit status 1. Output: + '[' 10 -lt 5 ']' │ + CLUSTER_NAME=gke-cluster-01 │ + LOCATION= │ + PROJECT_ID= │ + INTERNAL=false │ + USE_EXISTING_CONTEXT=false │ + │ ENABLE_IMPERSONATE_SERVICE_ACCOUNT=.terraform/modules/asm.asm/modules/asm/scripts/create_cpr.sh │ + IMPERSONATE_SERVICE_ACCOUNT=asm-managed │ + shift 5 │ + false │ + RANDOM_ID=31806_23127 │ + export TMPDIR=/tmp/kubectl_wrapper_31806_23127 │ + TMPDIR=/tmp/kubectl_wrapper_31806_23127 │ + trap cleanup EXIT │ + mkdir /tmp/kubectl_wrapper_31806_23127 │ + export KUBECONFIG=/tmp/kubectl_wrapper_31806_23127/config │ + KUBECONFIG=/tmp/kubectl_wrapper_31806_23127/config │ ++ grep -o - │ ++ wc -l │ + LOCATION_TYPE=2 │ + CMD='gcloud container clusters get-credentials │ --project ' │ + [[ .terraform/modules/asm.asm/modules/asm/scripts/create_cpr.sh == true │ ]] │ + [[ 2 -eq 2 ]] │ + CMD+=' --zone ' │ + false │ + gcloud container clusters get-credentials gke-cluster-01 │ --project 1 --zone │ Fetching cluster endpoint and auth data. │ ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, │ message=Required "container.clusters.get" permission(s) for │ "projects//zones//clusters/gke-cluster-01".

jobyglcoud avatar Aug 03 '22 15:08 jobyglcoud

Looks like the account/service account you run the script does not have enough IAM permissions to execute the script.

szihai avatar Aug 03 '22 16:08 szihai

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] avatar Oct 02 '22 23:10 github-actions[bot]