Sanjay M. P.
Sanjay M. P.

Reputation: 1009

Installing GKE and Anthos via Terraform

I'm trying to spin up a GKE cluster followed by installing Anthos, but I run into the below issues.

 module "gke" {
      source                      = "./gke_private_cluster"
      project_id                  = var.project_id
      name                        = var.cluster_name
      regional                    = false
      region                      = var.region
      zones                       = var.zones
      network                     = module.gcp-network.network_name
      subnetwork                  = module.gcp-network.subnets_names[0]
      ip_range_pods               = var.ip_range_pods
      ip_range_services           = var.ip_range_services
    module "gke_node_pool11" {
      count                          = var.count_primary_np
      source                         = "./gke_node_pool"
      project_id                     = var.project_id
      gke_cluster_name               =
      node_pool_name                 = "${var.node_pool_name}-${count.index + 1}"
      region                         = var.region
      regional                       = var.regional
      zones                          = var.zones_01
      gke_cluster_min_master_version = var.gke_cluster_min_master_version
      image_type                     = var.image_type
      machine_type                   = var.machine_type_01[count.index]
      preemptible                    = false
    module "gke_node_pool_preemptible22" {
      count                          = var.count_preemptible_np
      source                         = "./gke_node_pool"
      project_id                     = var.project_id
      gke_cluster_name               =
      node_pool_name                 = "${var.preemptible_node_pool_name}-${count.index + 1}"
      region                         = var.region
      regional                       = var.regional
      zones                          = var.zones_02
      gke_cluster_min_master_version = var.gke_cluster_min_master_version
      image_type                     = var.image_type
      machine_type                   = var.machine_type_02[count.index]
      preemptible                    = true

module "hub-primary" {
  source                  = "terraform-google-modules/kubernetes-engine/google//modules/hub"
  project_id              = var.project_id
  cluster_name            =
  cluster_endpoint        = module.gke.endpoint
  location                = module.gke.location
  gke_hub_membership_name = "primary"
  gke_hub_sa_name         = "primary"
module "asm" {
  source                = ""
  cluster_name          =
  cluster_endpoint      = module.gke.endpoint
  project_id            = var.project_id
  location              = module.gke.location
  enable_all            = true
  enable_cluster_roles  = true
  enable_cluster_labels = false
  enable_gcp_apis       = true
  enable_gcp_iam_roles  = false
  enable_gcp_components = true
  enable_registration   = false
  asm_version           = "1.10"
  managed_control_plane = false
  options               = ["envoy-access-log,egressgateways"]
  skip_validation       = false
  outdir                = "./${}-outdir-${var.asm_version}"

When i run the above terraform code, I run into the below error:

dial tcp connect: connection refused not found
│ Error: failed to install manifests: errors occurred during operation
│ 2021-09-06T08:23:21.219364 install_asm_1.10: [WARNING]: Failed, retrying...(1 of 5)
│ 2021-09-06T08:23:23.252989 install_asm_1.10: Running: './istio-1.10.4-asm.6/bin/istioctl install -f asm/istio/istio-operator.yaml -f
│ /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-envoy-access-log.yaml00 -f /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-envoy-access-log.yaml01 -f
│ /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-egressgateways.yaml00 -f /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-egressgateways.yaml01 --set
│ revision=asm-1104-6 -c asm_kubeconfig --skip-confirmation'
│ 2021-09-06T08:23:23.284655 install_asm_1.10: -------------
│ Error: Get "": dial tcp connect: connection refused
│ 2021-09-06T08:23:23.516704 install_asm_1.10: [WARNING]: Failed, retrying...(2 of 5)
│ 2021-09-06T08:23:27.574012 install_asm_1.10: Running: './istio-1.10.4-asm.6/bin/istioctl install -f asm/istio/istio-operator.yaml -f
│ /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-envoy-access-log.yaml00 -f /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-envoy-access-log.yaml01 -f
│ /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-egressgateways.yaml00 -f /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-egressgateways.yaml01 --set
│ revision=asm-1104-6 -c asm_kubeconfig --skip-confirmation'
│ 2021-09-06T08:23:27.617173 install_asm_1.10: -------------
│ Error: Get "": dial tcp connect: connection refused
│ 2021-09-06T08:23:27.836374 install_asm_1.10: [WARNING]: Failed, retrying...(3 of 5)
│ 2021-09-06T08:23:33.873300 install_asm_1.10: Running: './istio-1.10.4-asm.6/bin/istioctl install -f asm/istio/istio-operator.yaml -f
│ /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-envoy-access-log.yaml00 -f /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-envoy-access-log.yaml01 -f
│ /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-egressgateways.yaml00 -f /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-egressgateways.yaml01 --set
│ revision=asm-1104-6 -c asm_kubeconfig --skip-confirmation'
│ 2021-09-06T08:23:33.902169 install_asm_1.10: -------------
│ Error: Get "": dial tcp connect: connection refused
│ 2021-09-06T08:23:34.117136 install_asm_1.10: [WARNING]: Failed, retrying...(4 of 5)
│ 2021-09-06T08:23:42.149546 install_asm_1.10: Running: './istio-1.10.4-asm.6/bin/istioctl install -f asm/istio/istio-operator.yaml -f
│ /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-envoy-access-log.yaml00 -f /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-envoy-access-log.yaml01 -f
│ /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-egressgateways.yaml00 -f /home/sanjay_m/terraform-gcp-3/santest-outdir-1.10/overlay-egressgateways.yaml01 --set
│ revision=asm-1104-6 -c asm_kubeconfig --skip-confirmation'
│ 2021-09-06T08:23:42.181575 install_asm_1.10: -------------
│ Error: Get "": dial tcp connect: connection refused
│ 2021-09-06T08:23:42.398271 install_asm_1.10: [WARNING]: Failed, retrying...(5 of 5)
│ + cleanup
│ + rm -rf /tmp/kubectl_wrapper_24744_28603
│ Error: Error creating service account: Post "": oauth2/google: incomplete token received from metadata
│   with module.hub-primary.google_service_account.gke_hub_sa[0],
│   on .terraform/modules/hub-primary/modules/hub/ line 33, in resource "google_service_account" "gke_hub_sa":
│   33: resource "google_service_account" "gke_hub_sa" {

Assuming that endpoint isnt ready until the cluster is fully complete, tried to add the depend_on flag for module hub-primary and asm which results in the below error:

depend_on = [module.gke_node_pool11, module.gke_node_pool_preemptible22]

Error: Invalid count argument
│   on .terraform/modules/asm.asm_install/ line 57, in resource "random_id" "cache":
│   57:   count = (! local.skip_download) ? 1 : 0
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use
│ the -target argument to first apply only the resources that the count depends on.

How do i make the asm and hub-primary modules wait upon the cluster creation, as the terraform scripts works fine if i split the cluster creation first and then run modules hub-primary and asm ?

Is there anything I'm missing out ?

Thank you !

Upvotes: 1

Views: 787

Answers (1)


Reputation: 235

Instead of using built in "depends_on" , use the variable asm module has called "module_depends_on = [module.kubernetes_cluster]"

Upvotes: 1

Related Questions