jx3-gitops-repositories / jx3-terraform-gke Goto Github PK
View Code? Open in Web Editor NEWJenkins X 3.x Infrastructure Git Template for Terraform and Google Cloud Platform for managing cloud resources
License: Apache License 2.0
jx3-terraform-gke's People
Stargazers
Watchers
Forkers
rawlingsj marckk hervelemeur borntorock chrismellard bappy776 haysclark tdcox jamesbbot renanh sendo-bot babadofar ankitm123 unity-technologies syedimran135 rochana-atapattu mollypi stormmore continuousengineeringproject mmn0o7 ashishdubey195 hbohatix vanshmadan sergiogiuffrida hyper-convergedjx3-terraform-gke's Issues
Having issues getting this to work
Ran into issue with jx namespace:
When I ran: kubectl describe pod jx-git-operator-bc8fb64cb-59wd7 -n jx-git-operator
Name: jx-git-operator-bc8fb64cb-59wd7
Namespace: jx-git-operator
Priority: 0
Node: gke-tf-jx-quality-ocelot-default-pool-fe4f8ad8-q7rq/10.128.0.6
Start Time: Thu, 24 Sep 2020 16:43:59 +0100
Labels: app=jx-git-operator
pod-template-hash=bc8fb64cb
Annotations: <none>
Status: Running
IP: 10.0.2.3
Controlled By: ReplicaSet/jx-git-operator-bc8fb64cb
Containers:
jx-git-operator:
Container ID: docker://d34e493eb9e0b199f1bbbfa54ee02e249cb38e24d1fda18349a61a9b011f045d
Image: gcr.io/jenkinsxio/jx-git-operator:0.0.85
Image ID: docker-pullable://gcr.io/jenkinsxio/jx-git-operator@sha256:6de52c3410ebf585be5ef7eb4174b4eb4ca526f134cfcc2296edd6c7ab958e87
Port: <none>
Host Port: <none>
Command:
jx-git-operator
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 1
Started: Thu, 24 Sep 2020 19:15:14 +0100
Finished: Thu, 24 Sep 2020 19:15:15 +0100
Ready: False
Restart Count: 34
Limits:
cpu: 100m
memory: 256Mi
Requests:
cpu: 80m
memory: 128Mi
Environment:
NO_RESOURCE_APPLY: true
POLL_DURATION: 20s
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from jx-git-operator-token-8m7x6 (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
jx-git-operator-token-8m7x6:
Type: Secret (a volume populated by a Secret)
SecretName: jx-git-operator-token-8m7x6
Optional: false
QoS Class: Burstable
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Pulled 39m (x27 over 153m) kubelet, gke-tf-jx-quality-ocelot-default-pool-fe4f8ad8-q7rq Container image "gcr.io/jenkinsxio/jx-git-operator:0.0.85" already present on machine
Warning BackOff 4m17s (x681 over 153m) kubelet, gke-tf-jx-quality-ocelot-default-pool-fe4f8ad8-q7rq Back-off restarting failed container
Domain variables use incorrect nomenclature
'parent' should be 'apex' for the domain references. One is correct and two are wrong.
Update to terraform-google-jx to v1.10.1
could not find lighthouse hmac token lighthouse-hmac-token in namespace jx: secrets "lighthouse-hmac-token" not found
Summary
what i did is follow the guide "https://github.com/jx3-gitops-repositories/jx3-terraform-gke" to create a jx cluster
Steps to reproduce the behavior
follow this guide to create jx cluster
Expected behavior
"jx boot" and "jx gitops webhook update --warn-on-fail" ends successfully
Actual behavior
I got below error
waiting for the Git Operator to be ready in namespace jx-git-operator...
pod jx-git-operator-5c6bcd66fc-qh2md has status Ready
the Git Operator is running in pod jx-git-operator-5c6bcd66fc-qh2md
waiting for boot Job pod with selector app=jx-boot in namespace jx-git-operator...
waiting for Job jx-boot-6a5d6539-43c4-4446-b07f-706c432f20b9 to complete...
pod jx-boot-6a5d6539-43c4-4446-b07f-706c432f20b9-cz7lv has status Ready
tailing boot Job pod jx-boot-6a5d6539-43c4-4446-b07f-706c432f20b9-cz7lv
jx gitops git setup
about to run: git config --global --add user.name xxx-deploy
about to run: git config --global --add user.email [email protected]
about to run: git config --global credential.helper store in dir /home
Generated Git credentials file /workspace/xdg_config/git/credentials
jx gitops apply
found last commit message: chore: regenerated
/pipeline cancel
last commit disabled further processing
# NOTE be very careful about these 2 labels as getting them wrong can remove stuff in you cluster!
kubectl apply --force --prune -l=gitops.jenkins-x.io/pipeline=customresourcedefinitions -R -f config-root/customresourcedefinitions
customresourcedefinition.apiextensions.k8s.io/environments.jenkins.io configured
customresourcedefinition.apiextensions.k8s.io/pipelineactivities.jenkins.io configured
customresourcedefinition.apiextensions.k8s.io/releases.jenkins.io configured
customresourcedefinition.apiextensions.k8s.io/sourcerepositories.jenkins.io configured
customresourcedefinition.apiextensions.k8s.io/previews.preview.jenkins.io unchanged
customresourcedefinition.apiextensions.k8s.io/lighthousejobs.lighthouse.jenkins.io unchanged
customresourcedefinition.apiextensions.k8s.io/externalsecrets.kubernetes-client.io unchanged
customresourcedefinition.apiextensions.k8s.io/vaults.vault.banzaicloud.com unchanged
customresourcedefinition.apiextensions.k8s.io/clustertasks.tekton.dev configured
customresourcedefinition.apiextensions.k8s.io/conditions.tekton.dev unchanged
customresourcedefinition.apiextensions.k8s.io/images.caching.internal.knative.dev unchanged
customresourcedefinition.apiextensions.k8s.io/pipelineresources.tekton.dev unchanged
customresourcedefinition.apiextensions.k8s.io/pipelineruns.tekton.dev configured
customresourcedefinition.apiextensions.k8s.io/pipelines.tekton.dev configured
customresourcedefinition.apiextensions.k8s.io/runs.tekton.dev configured
customresourcedefinition.apiextensions.k8s.io/taskruns.tekton.dev configured
customresourcedefinition.apiextensions.k8s.io/tasks.tekton.dev configured
kubectl apply --force --prune -l=gitops.jenkins-x.io/pipeline=cluster -R -f config-root/cluster
clusterrole.rbac.authorization.k8s.io/jx-build-controller-jx unchanged
clusterrolebinding.rbac.authorization.k8s.io/jx-build-controller-jx unchanged
clusterrole.rbac.authorization.k8s.io/jx-pipelines-visualizer unchanged
clusterrolebinding.rbac.authorization.k8s.io/jx-pipelines-visualizer unchanged
clusterrole.rbac.authorization.k8s.io/jx-preview-gc-jobs unchanged
clusterrolebinding.rbac.authorization.k8s.io/jx-preview-gc-jobs unchanged
clusterrole.rbac.authorization.k8s.io/gcactivities-jx unchanged
clusterrolebinding.rbac.authorization.k8s.io/gcactivities-jx unchanged
clusterrole.rbac.authorization.k8s.io/tekton-bot unchanged
clusterrolebinding.rbac.authorization.k8s.io/tekton-bot-jx unchanged
namespace/jx-production configured
namespace/jx-staging configured
namespace/jx unchanged
namespace/nginx configured
namespace/secret-infra configured
clusterrole.rbac.authorization.k8s.io/ingress-nginx unchanged
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx unchanged
clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission unchanged
clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-external-secrets-auth unchanged
clusterrole.rbac.authorization.k8s.io/kubernetes-external-secrets unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-external-secrets unchanged
clusterrole.rbac.authorization.k8s.io/pusher-wave-pusher-wave unchanged
clusterrolebinding.rbac.authorization.k8s.io/pusher-wave-pusher-wave unchanged
clusterrolebinding.rbac.authorization.k8s.io/vault-auth-delegator unchanged
clusterrole.rbac.authorization.k8s.io/vault-operator unchanged
clusterrolebinding.rbac.authorization.k8s.io/vault-operator unchanged
clusterrole.rbac.authorization.k8s.io/tekton-aggregate-edit unchanged
clusterrole.rbac.authorization.k8s.io/tekton-aggregate-view unchanged
clusterrole.rbac.authorization.k8s.io/tekton-pipelines-controller-cluster-access unchanged
clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller-cluster-access unchanged
clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller-leaderelection unchanged
clusterrole.rbac.authorization.k8s.io/tekton-pipelines-controller-tenant-access unchanged
clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller-tenant-access unchanged
clusterrole.rbac.authorization.k8s.io/tekton-pipelines-leader-election unchanged
namespace/tekton-pipelines unchanged
clusterrole.rbac.authorization.k8s.io/tekton-pipelines-webhook-cluster-access unchanged
clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-webhook-cluster-access unchanged
clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-webhook-leaderelection unchanged
kubectl apply --force --prune -l=gitops.jenkins-x.io/pipeline=namespaces -R -f config-root/namespaces
deployment.apps/jenkins-x-chartmuseum configured
persistentvolumeclaim/jenkins-x-chartmuseum unchanged
externalsecret.kubernetes-client.io/jenkins-x-chartmuseum unchanged
service/jenkins-x-chartmuseum unchanged
release.jenkins.io/jenkins-x-crds-3.0.5 configured
serviceaccount/jenkins-x-controllerbuild unchanged
deployment.apps/jx-build-controller configured
rolebinding.rbac.authorization.k8s.io/jx-build-controller unchanged
role.rbac.authorization.k8s.io/jx-build-controller unchanged
deployment.apps/jx-pipelines-visualizer configured
ingress.networking.k8s.io/jx-pipelines-visualizer unchanged
serviceaccount/jx-pipelines-visualizer unchanged
service/jx-pipelines-visualizer unchanged
release.jenkins.io/jx-preview-0.0.133 configured
cronjob.batch/jx-preview-gc-jobs unchanged
rolebinding.rbac.authorization.k8s.io/jx-preview-gc-jobs unchanged
role.rbac.authorization.k8s.io/jx-preview-gc-jobs unchanged
serviceaccount/jx-preview-gc-jobs unchanged
ingress.networking.k8s.io/chartmuseum unchanged
release.jenkins.io/gcactivities-2.0.1143 configured
rolebinding.rbac.authorization.k8s.io/gcactivities unchanged
role.rbac.authorization.k8s.io/gcactivities unchanged
cronjob.batch/jxboot-helmfile-resources-gcactivities unchanged
serviceaccount/jxboot-helmfile-resources-gcactivities unchanged
release.jenkins.io/gcpods-2.0.1143 configured
rolebinding.rbac.authorization.k8s.io/gcpods unchanged
role.rbac.authorization.k8s.io/gcpods unchanged
cronjob.batch/jxboot-helmfile-resources-gcpods unchanged
serviceaccount/jxboot-helmfile-resources-gcpods unchanged
role.rbac.authorization.k8s.io/committer unchanged
environment.jenkins.io/dev unchanged
sourcerepository.jenkins.io/dev unchanged
ingress.networking.k8s.io/hook unchanged
configmap/ingress-config unchanged
externalsecret.kubernetes-client.io/jenkins-docker-cfg unchanged
externalsecret.kubernetes-client.io/jenkins-maven-settings unchanged
externalsecret.kubernetes-client.io/jenkins-release-gpg unchanged
configmap/jenkins-x-devpod-config unchanged
configmap/jenkins-x-docker-registry unchanged
configmap/jenkins-x-extensions unchanged
externalsecret.kubernetes-client.io/jx-basic-auth-htpasswd unchanged
externalsecret.kubernetes-client.io/jx-basic-auth-user-password unchanged
role.rbac.authorization.k8s.io/jx-pipeline-activity-updater unchanged
role.rbac.authorization.k8s.io/jx-view unchanged
ingress.networking.k8s.io/nexus unchanged
role.rbac.authorization.k8s.io/owner unchanged
environment.jenkins.io/production unchanged
environment.jenkins.io/staging unchanged
rolebinding.rbac.authorization.k8s.io/tekton-bot unchanged
role.rbac.authorization.k8s.io/tekton-bot unchanged
serviceaccount/tekton-bot configured
externalsecret.kubernetes-client.io/tekton-container-registry-auth unchanged
externalsecret.kubernetes-client.io/tekton-git unchanged
role.rbac.authorization.k8s.io/viewer unchanged
service/hook unchanged
deployment.apps/lighthouse-foghorn unchanged
rolebinding.rbac.authorization.k8s.io/lighthouse-foghorn unchanged
role.rbac.authorization.k8s.io/lighthouse-foghorn unchanged
serviceaccount/lighthouse-foghorn unchanged
cronjob.batch/lighthouse-gc-jobs unchanged
rolebinding.rbac.authorization.k8s.io/lighthouse-gc-jobs unchanged
role.rbac.authorization.k8s.io/lighthouse-gc-jobs unchanged
serviceaccount/lighthouse-gc-jobs unchanged
externalsecret.kubernetes-client.io/lighthouse-hmac-token unchanged
deployment.apps/lighthouse-keeper unchanged
rolebinding.rbac.authorization.k8s.io/lighthouse-keeper unchanged
role.rbac.authorization.k8s.io/lighthouse-keeper unchanged
serviceaccount/lighthouse-keeper unchanged
service/lighthouse-keeper unchanged
externalsecret.kubernetes-client.io/lighthouse-oauth-token unchanged
deployment.apps/lighthouse-tekton-controller configured
rolebinding.rbac.authorization.k8s.io/lighthouse-tekton-controller unchanged
role.rbac.authorization.k8s.io/lighthouse-tekton-controller unchanged
serviceaccount/lighthouse-tekton-controller unchanged
service/lighthouse-tekton-controller unchanged
deployment.apps/lighthouse-webhooks unchanged
rolebinding.rbac.authorization.k8s.io/lighthouse-webhooks unchanged
role.rbac.authorization.k8s.io/lighthouse-webhooks unchanged
serviceaccount/lighthouse-webhooks unchanged
configmap/config configured
configmap/jx-install-config unchanged
pipeline.tekton.dev/jx-meta-pipeline unchanged
configmap/plugins configured
configmap/nexus unchanged
deployment.apps/nexus-nexus configured
persistentvolumeclaim/nexus-nexus unchanged
externalsecret.kubernetes-client.io/nexus unchanged
service/nexus unchanged
externalsecret.kubernetes-client.io/tekton-container-registry-auth unchanged
externalsecret.kubernetes-client.io/tekton-container-registry-auth unchanged
service/ingress-nginx-controller-admission unchanged
configmap/ingress-nginx-controller configured
deployment.apps/ingress-nginx-controller configured
poddisruptionbudget.policy/ingress-nginx-controller unchanged
service/ingress-nginx-controller unchanged
rolebinding.rbac.authorization.k8s.io/ingress-nginx unchanged
role.rbac.authorization.k8s.io/ingress-nginx unchanged
serviceaccount/ingress-nginx unchanged
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission configured
job.batch/ingress-nginx-admission-create unchanged
job.batch/ingress-nginx-admission-patch unchanged
rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission unchanged
role.rbac.authorization.k8s.io/ingress-nginx-admission unchanged
serviceaccount/ingress-nginx-admission unchanged
deployment.apps/kubernetes-external-secrets unchanged
serviceaccount/kubernetes-external-secrets unchanged
service/kubernetes-external-secrets unchanged
release.jenkins.io/pusher-wave-0.4.12 configured
deployment.apps/pusher-wave-pusher-wave configured
serviceaccount/pusher-wave-pusher-wave unchanged
persistentvolumeclaim/vault-file unchanged
serviceaccount/vault unchanged
rolebinding.rbac.authorization.k8s.io/vault-secrets unchanged
role.rbac.authorization.k8s.io/vault-secrets unchanged
vault.vault.banzaicloud.com/vault unchanged
deployment.apps/vault-operator configured
serviceaccount/vault-operator unchanged
service/vault-operator unchanged
configmap/config-artifact-bucket unchanged
configmap/config-artifact-pvc unchanged
configmap/config-defaults unchanged
configmap/config-leader-election unchanged
configmap/config-logging unchanged
configmap/config-observability unchanged
configmap/config-registry-cert unchanged
validatingwebhookconfiguration.admissionregistration.k8s.io/config.webhook.pipeline.tekton.dev unchanged
configmap/feature-flags unchanged
serviceaccount/tekton-bot configured
externalsecret.kubernetes-client.io/tekton-container-registry-auth unchanged
externalsecret.kubernetes-client.io/tekton-git unchanged
deployment.apps/tekton-pipelines-controller unchanged
rolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller unchanged
role.rbac.authorization.k8s.io/tekton-pipelines-controller unchanged
serviceaccount/tekton-pipelines-controller unchanged
service/tekton-pipelines-controller unchanged
podsecuritypolicy.policy/tekton-pipelines configured
deployment.apps/tekton-pipelines-webhook unchanged
horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook unchanged
poddisruptionbudget.policy/tekton-pipelines-webhook unchanged
rolebinding.rbac.authorization.k8s.io/tekton-pipelines-webhook unchanged
role.rbac.authorization.k8s.io/tekton-pipelines-webhook unchanged
serviceaccount/tekton-pipelines-webhook unchanged
service/tekton-pipelines-webhook unchanged
validatingwebhookconfiguration.admissionregistration.k8s.io/validation.webhook.pipeline.tekton.dev unchanged
secret/webhook-certs unchanged
mutatingwebhookconfiguration.admissionregistration.k8s.io/webhook.pipeline.tekton.dev unchanged
# lets apply any infrastructure specific labels or annotations to enable IAM roles on ServiceAccounts etc
jx gitops postprocess
there is no post processing Secret jx-post-process in namespace default so not performing any additional post processing steps
changing to the jx namespace to verify
jx ns jx --quiet
Now using namespace 'jx' on server ''.
jx verify ingress --ingress-service ingress-nginx-controller
now verifying docker registry ingress setup
jx gitops webhook update --warn-on-fail
Error: failed to validate options: failed to find hmac token from secret: could not find lighthouse hmac token lighthouse-hmac-token in namespace jx: secrets "lighthouse-hmac-token" not found
Usage:
update [flags]
Examples:
# update all the webhooks for all SourceRepository and Environment resource:
jx-gitops update
# only update the webhooks for a given owner
jx-gitops update --org=mycorp
# use a custom hook webhook endpoint (e.g. if you are on premise using node ports or something)
jx-gitops update --endpoint http://mything.com
Flags:
-b, --batch-mode Runs in batch mode without prompting for user input
--endpoint string Don't use the endpoint from the cluster, use the provided endpoint
--exact-hook-url-match Whether to exactly match the hook based on the URL (default true)
--git-kind string the kind of git server to connect to
--git-server string the git server URL to create the scm client
--git-token string the git token used to operate on the git repository. If not specified it's loaded from the git credentials file
--git-username string the git username used to operate on the git repository. If not specified it's loaded from the git credentials file
-h, --help help for update
--hmac string Don't use the HMAC token from the cluster, use the provided token
--log-level string Sets the logging level. If not specified defaults to $JX_LOG_LEVEL
-o, --owner string The name of the git organisation or user to filter on
--previous-hook-url string Whether to match based on an another URL
-r, --repo string The name of the repository to filter on
--verbose Enables verbose output. The environment variable JX_LOG_LEVEL has precedence over this flag and allows setting the logging level to any value of: panic, fatal, error, warn, info, debug, trace
--warn-on-fail If enabled lets just log a warning that we could not update the webhook
error: failed to validate options: failed to find hmac token from secret: could not find lighthouse hmac token lighthouse-hmac-token in namespace jx: secrets "lighthouse-hmac-token" not found
make: *** [versionStream/src/Makefile.mk:145: verify] Error 1
boot Job pod jx-boot-6a5d6539-43c4-4446-b07f-706c432f20b9-cz7lv has Failed
Jx version
The output of jx version is:
jx version
version: 3.1.15
Diagnostic information
The output of jx diagnose version is:
% jx diagnose version
Error: unknown command "diagnose" for "jx"
Run 'jx --help' for usage.
Kubernetes cluster
gke 1.16.15-gke.4300
and i created it by following the guide "https://github.com/jx3-gitops-repositories/jx3-terraform-gke", using terraform.
Kubectl version
The output of kubectl version --client is:
kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.8", GitCommit:"9f2892aab98fe339f3bd70e3c470144299398ace", GitTreeState:"clean", BuildDate:"2020-08-13T16:12:48Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"darwin/amd64"}
Operating system / Environment
MacOS Big Sur version 11.0 Beta
terraform apply crash at the end: no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
when I trying to run "terraform apply", all seems ok, but at the end it crashes with an error:
Error: failed to install CRD crds/khcheck.yaml: unable to recognize "": no matches for kind "CustomResourceDefinition" in version "apiextensions.k8s.io/v1beta1"
p.s. I use windows VS Code and git bash terminal ...
Problems in deploying the Cluster in GKE
Hello everyone!
I'm following the guidelines that are in the README of the project to deploy the jenkins-x in a GKE cluster, but when executing the apply of terraform I'm facing the error below, when he will perform the creation of the policies
module.jx.module.vault[0].google_project_iam_member.vault_sa_cloudkms_admin_binding[0]: Creation complete after 22s [id=jenkins-x-299000/roles/cloudkms.admin/serviceaccount:tf-jx-singular-katydid-vt@jenkins-x-299000.iam.gserviceaccount.com]
Error: Error applying IAM policy for service account 'projects/jenkins-x-299000/serviceAccounts/tf-jx-singular-katydid-bc@jenkins-x-299000.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/jenkins-x-299000/serviceAccounts/tf-jx-singular-katydid-bc@jenkins-x-299000.iam.gserviceaccount.com': googleapi: Error 400: Identity Pool does not exist (jenkins-x-299000.svc.id.goog). Please check that you specified a valid resource name as returned in the `name` attribute in the configuration API., badRequest
Error: googleapi: Error 400: Invalid field 'cluster.resource_labels.key': " provider ". It must only contain lowercase letters ([a-z]), numeric characters ([0-9]), underscores (_) and dashes (-), and must start with a letter. International characters are allowed., badRequest
Error: Error applying IAM policy for service account 'projects/jenkins-x-299000/serviceAccounts/tf-jx-singular-katydid-jxui@jenkins-x-299000.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/jenkins-x-299000/serviceAccounts/tf-jx-singular-katydid-jxui@jenkins-x-299000.iam.gserviceaccount.com': googleapi: Error 400: Identity Pool does not exist (jenkins-x-299000.svc.id.goog). Please check that you specified a valid resource name as returned in the `name` attribute in the configuration API., badRequest
Error: Error applying IAM policy for service account 'projects/jenkins-x-299000/serviceAccounts/tf-jx-singular-katydid-vt@jenkins-x-299000.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/jenkins-x-299000/serviceAccounts/tf-jx-singular-katydid-vt@jenkins-x-299000.iam.gserviceaccount.com': googleapi: Error 400: Identity Pool does not exist (jenkins-x-299000.svc.id.goog). Please check that you specified a valid resource name as returned in the `name` attribute in the configuration API., badRequest
Error: Error applying IAM policy for service account 'projects/jenkins-x-299000/serviceAccounts/tf-jx-singular-katydid-ko@jenkins-x-299000.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/jenkins-x-299000/serviceAccounts/tf-jx-singular-katydid-ko@jenkins-x-299000.iam.gserviceaccount.com': googleapi: Error 400: Identity Pool does not exist (jenkins-x-299000.svc.id.goog). Please check that you specified a valid resource name as returned in the `name` attribute in the configuration API., badRequest
Error: Error applying IAM policy for service account 'projects/jenkins-x-299000/serviceAccounts/tf-jx-singular-katydid-boot@jenkins-x-299000.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/jenkins-x-299000/serviceAccounts/tf-jx-singular-katydid-boot@jenkins-x-299000.iam.gserviceaccount.com': googleapi: Error 400: Identity Pool does not exist (jenkins-x-299000.svc.id.goog). Please check that you specified a valid resource name as returned in the `name` attribute in the configuration API., badRequest
Error: Error applying IAM policy for service account 'projects/jenkins-x-299000/serviceAccounts/tf-jx-singular-katydid-tekton@jenkins-x-299000.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/jenkins-x-299000/serviceAccounts/tf-jx-singular-katydid-tekton@jenkins-x-299000.iam.gserviceaccount.com': googleapi: Error 400: Identity Pool does not exist (jenkins-x-299000.svc.id.goog). Please check that you specified a valid resource name as returned in the `name` attribute in the configuration API., badRequest
Error: Error applying IAM policy for service account 'projects/jenkins-x-299000/serviceAccounts/tf-jx-singular-katydid-vt@jenkins-x-299000.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/jenkins-x-299000/serviceAccounts/tf-jx-singular-katydid-vt@jenkins-x-299000.iam.gserviceaccount.com': googleapi: Error 400: Identity Pool does not exist (jenkins-x-299000.svc.id.goog). Please check that you specified a valid resource name as returned in the `name` attribute in the configuration API., badRequest
What is making me more intrigued is that he is creating the policies:
I'm using
terraform 0.13.0
And version 3 of the jenkins-x installer
Project ID:jenkins-x-299000
I have already revisited the settings several times and I am not able to identify where I am going wrong, can they help me?
An argument named "gcp_project" is not expected here error thrown after "terraform plan"
Hello everyone,
I stuck at the "terraform plan". I gives me An argument named "gcp_project" is not expected here error. for all the arguments except source.
full log:
$ terraform plan
Error: Unsupported argument
on main.tf line 3, in module "jx":
3: gcp_project = var.gcp_project
An argument named "gcp_project" is not expected here.
Error: Unsupported argument
on main.tf line 4, in module "jx":
4: jx2 = false
An argument named "jx2" is not expected here.
Error: Unsupported argument
on main.tf line 5, in module "jx":
5: gsm = var.gsm
An argument named "gsm" is not expected here.
Error: Unsupported argument
on main.tf line 6, in module "jx":
6: cluster_name = var.cluster_name
An argument named "cluster_name" is not expected here.
Error: Unsupported argument
on main.tf line 7, in module "jx":
7: cluster_location = var.cluster_location
An argument named "cluster_location" is not expected here.
Error: Unsupported argument
on main.tf line 8, in module "jx":
8: resource_labels = var.resource_labels
An argument named "resource_labels" is not expected here.
Error: Unsupported argument
on main.tf line 9, in module "jx":
9: node_machine_type = var.node_machine_type
An argument named "node_machine_type" is not expected here.
Error: Unsupported argument
on main.tf line 10, in module "jx":
10: min_node_count = var.min_node_count
An argument named "min_node_count" is not expected here.
Error: Unsupported argument
on main.tf line 11, in module "jx":
11: max_node_count = var.max_node_count
An argument named "max_node_count" is not expected here.
Error: Unsupported argument
on main.tf line 12, in module "jx":
12: node_disk_size = var.node_disk_size
An argument named "node_disk_size" is not expected here.
Error: Unsupported argument
on main.tf line 13, in module "jx":
13: node_disk_type = var.node_disk_type
An argument named "node_disk_type" is not expected here.
Error: Unsupported argument
on main.tf line 14, in module "jx":
14: tls_email = var.tls_email
An argument named "tls_email" is not expected here.
Error: Unsupported argument
on main.tf line 15, in module "jx":
15: lets_encrypt_production = var.lets_encrypt_production
An argument named "lets_encrypt_production" is not expected here.
Error: Unsupported argument
on main.tf line 16, in module "jx":
16: jx_git_url = var.jx_git_url
An argument named "jx_git_url" is not expected here.
Error: Unsupported argument
on main.tf line 17, in module "jx":
17: jx_bot_username = var.jx_bot_username
An argument named "jx_bot_username" is not expected here.
Error: Unsupported argument
on main.tf line 18, in module "jx":
18: jx_bot_token = var.jx_bot_token
An argument named "jx_bot_token" is not expected here.
Error: Unsupported argument
on main.tf line 19, in module "jx":
19: force_destroy = var.force_destroy
An argument named "force_destroy" is not expected here.
Error: Unsupported argument
on main.tf line 20, in module "jx":
20: apex_domain = var.apex_domain
An argument named "apex_domain" is not expected here.
Error: Unsupported argument
on main.tf line 21, in module "jx":
21: subdomain = var.subdomain
An argument named "subdomain" is not expected here.
Error: Unsupported argument
on main.tf line 22, in module "jx":
22: apex_domain_gcp_project = var.apex_domain_gcp_project
An argument named "apex_domain_gcp_project" is not expected here.
Error: Unsupported argument
on main.tf line 23, in module "jx":
23: apex_domain_integration_enabled = var.apex_domain_integration_enabled
An argument named "apex_domain_integration_enabled" is not expected here.
Add terraform Version Constraint Syntax for tested versions: 13.x
Adding a Version Constraint Syntax would really help new JX users. Especially ones that are ramping up on Kubernetes, Terraform, etc. This project is really missing a lot of docs mentioned on terraform-google-jx.
How to fix IAM permission while running terraform ?
While running 'terraform apply', I received following
│ Error: Error creating service account: googleapi: Error 403: Permission 'iam.serviceAccounts.create' denied on resource (or it may not exist).
│ Details:
│ [
│ {
│ "@type": "type.googleapis.com/google.rpc.ErrorInfo",
│ "domain": "iam.googleapis.com",
│ "metadata": {
│ "permission": "iam.serviceAccounts.create"
│ },
│ "reason": "IAM_PERMISSION_DENIED"
│ }
│ ]
│ , forbidden
│
Following command worked without any issue
gcloud auth application-default login
gcloud services enable container.googleapis.com
$(terraform output follow_install_logs) failed. Error: unknown command "admin" for "jx"
After successful following the instruction and until it comes to the $(terraform output follow_install_logs) command.
>>> $(terraform output follow_install_logs)
WARNING: Unable to load managed plugins because customresourcedefinitions.apiextensions.k8s.io "plugins.jenkins.io" not found
Error: unknown command "admin" for "jx"
Run 'jx --help' for usage.>>> k get ns
NAME STATUS AGE
default Active 39m
jx-git-operator Active 38m
kube-node-lease Active 39m
kube-public Active 39m
kube-system Active 39m
kuberhealthy Active 38mBut I also get this warnings for jx diagnose:
>>> jx diagnose
Running in namespace: default
WARNING: Failed to retrieve team settings: failed to setup the dev environment for namespace 'default': the server could not find the requested resource (post environments.jenkins.io) - falling back to default settings...
WARNING: Failed to find helm installs: running helm list --all --namespace default: failed to run 'helm list --all --namespace default' command in directory '', output: 'Error: could not find tiller'
Version 2.1.150
....proposal: Expose 'version_stream_url' variable and default to LTS version stream?
I think it might be useful for new users to start with the LTS version stream instead of throwing them in the deep-end. Possibly, just exposing the 'version_stream_url' variable and adding a comment or just mention it in the docs would make new users aware of the option.
If folks disagree, please feel free to Close this issue.
GKE Terraform Plan with GSM fails (vault issue)
While running terraform plan into an infra configured to use GSM:
Error: Invalid index
on .terraform/modules/jx/modules/jx-boot/outputs.tf line 2, in output "vault_installed":
2: value = helm_release.vault-instance.0.id != "" ? true : false
|----------------
| helm_release.vault-instance is empty tuple
The given key does not identify an element in this collection value.
terraform plan fails with that error.
Terraform elements creation timing issue
When running terraform apply during the initial creation of the cluster I have this issue from time to time.
If I run terraform apply again it solves the issue.
Looks like a timing issue but still an issue.
Error: Error applying IAM policy for service account 'projects/<projectId>-nonprod-00001/serviceAccounts/<projectId>-jxui@<projectId>-nonprod-00001.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/<projectId>-nonprod-00001/serviceAccounts/<projectId>-jxui@<projectId>-nonprod-00001.iam.gserviceaccount.com': googleapi: Error 400: Identity Pool does not exist (<projectId>-nonprod-00001.svc.id.goog). Please check that you specified a valid resource name as returned in the `name` attribute in the configuration API., badRequest
Error: Error applying IAM policy for service account 'projects/<projectId>-nonprod-00001/serviceAccounts/<projectId>-bc@<projectId>-nonprod-00001.iam.gserviceaccount.com': Error setting IAM policy for service account 'projects/<projectId>-nonprod-00001/serviceAccounts/<projectId>-bc@<projectId>-nonprod-00001.iam.gserviceaccount.com': googleapi: Error 400: Identity Pool does not exist (<projectId>-nonprod-00001.svc.id.goog). Please check that you specified a valid resource name as returned in the `name` attribute in the configuration API., badRequestcan we consider this as a terraform issue and not jx ?
Warning: Version constraints inside provider configuration blocks are deprecated
terraform init
Initializing modules...
Initializing the backend...
Initializing provider plugins...
- Reusing previous version of hashicorp/local from the dependency lock file
- Reusing previous version of hashicorp/null from the dependency lock file
- Reusing previous version of hashicorp/template from the dependency lock file
- Reusing previous version of hashicorp/kubernetes from the dependency lock file
- Reusing previous version of hashicorp/random from the dependency lock file
- Reusing previous version of hashicorp/google from the dependency lock file
- Reusing previous version of hashicorp/helm from the dependency lock file
- Reusing previous version of hashicorp/google-beta from the dependency lock file
Warning: Version constraints inside provider configuration blocks are deprecated
on .terraform/modules/jx.jx/main.tf line 15, in provider "google":
15: version = ">= 3.46.0"
Terraform 0.13 and earlier allowed provider version constraints inside the
provider configuration block, but that is now deprecated and will be removed
in a future version of Terraform. To silence this warning, move the provider
version constraint into the required_providers block.
(and 7 more similar warnings elsewhere)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.