Not able to apply deployment in gke cluster

[K8sexpert]

Hi Team,

Am trying to create cluster through terraform and follow to apply deployment yaml file on terraform.

cluster is created and while apply resource "kubernetes_deployment_v1" "default", but on azure devops pipeline getting below error..

Failed to create deployment: Post "https://34.57.171.181/apis/apps/v1/namespaces/default/deployments": Forbidden

Below code used:

resource "google_container_cluster" "default" { name = "example-autopilot-cluster"

location = "us-central1" enable_autopilot = true enable_l4_ilb_subsetting = true

network = google_compute_network.default.id subnetwork = google_compute_subnetwork.default.id

ip_allocation_policy { stack_type = "IPV4_IPV6" services_secondary_range_name = google_compute_subnetwork.default.secondary_ip_range[0].range_name cluster_secondary_range_name = google_compute_subnetwork.default.secondary_ip_range[1].range_name }

Set deletion_protection to true will ensure that one cannot

accidentally delete this instance by use of Terraform.

deletion_protection = false } data "google_client_config" "default" {}

provider "kubernetes" { host = "https://${google_container_cluster.default.endpoint}" token = data.google_client_config.default.access_token cluster_ca_certificate = base64decode(google_container_cluster.default.master_auth[0].cluster_ca_certificate)

ignore_annotations = [ "^autopilot\.gke\.io\/.", "^cloud\.google\.com\/." ] }

resource "kubernetes_deployment_v1" "default" { metadata { name = "example-hello-app-deployment" }

spec { selector { match_labels = { app = "hello-app" } }

template {
  metadata {
    labels = {
      app = "hello-app"
    }
  }

  spec {
    container {
      image = "us-docker.pkg.dev/google-samples/containers/gke/hello-app:2.0"
      name  = "hello-app-container"

      port {
        container_port = 8080
        name           = "hello-app-svc"
      }

      security_context {
        allow_privilege_escalation = false
        privileged                 = false
        read_only_root_filesystem  = false

        capabilities {
          add  = []
          drop = ["NET_RAW"]
        }
      }

      liveness_probe {
        http_get {
          path = "/"
          port = "hello-app-svc"

          http_header {
            name  = "X-Custom-Header"
            value = "Awesome"
          }
        }

        initial_delay_seconds = 3
        period_seconds        = 3
      }
    }

    security_context {
      run_as_non_root = true

      seccomp_profile {
        type = "RuntimeDefault"
      }
    }

    # Toleration is currently required to prevent perpetual diff:
    # https://github.com/hashicorp/terraform-provider-kubernetes/pull/2380
    toleration {
      effect   = "NoSchedule"
      key      = "kubernetes.io/arch"
      operator = "Equal"
      value    = "amd64"
    }
  }
}

} }