We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
With some configuration the gke module provide an error related to an unused kms key
the kms key is used by node_config also
[...].module.gke.google_container_cluster.primary: Creating... ╷ │ Error: googleapi: Error 400: Failed precondition: Constraint `constraints/gcp.restrictNonCmekServices` violated for `projects/427955863992` attempting to create a resource without specifying a KMS CryptoKey. │ Details: │ [ │ { │ "@type": "[type.googleapis.com/google.rpc.RequestInfo](http://type.googleapis.com/google.rpc.RequestInfo)", │ "requestId": "0x49b9d3b73e2c5556" │ } │ ] │ , failedPrecondition │ │ with module.environment_cluster.module.cluster.module.gke.google_container_cluster.primary, │ on .terraform/modules/environment_cluster.cluster.gke/cluster.tf line 22, in resource "google_container_cluster" "primary": │ 22: resource "google_container_cluster" "primary" { │
module "gke" { depends_on = [google_compute_subnetwork.kubernetes_subnet, module.cluster_name_object, module.node_pools_name_object] source = "terraform-google-modules/kubernetes-engine/google" boot_disk_kms_key = var.encryption_key != null ? var.encryption_key.id : "" cluster_resource_labels = local.labels create_service_account = false service_account = "${data.google_project.platform.number}-compute@developer.gserviceaccount.com" database_encryption = [ { state = var.encryption_key != null ? "ENCRYPTED" : "DECRYPTED" key_name = var.encryption_key != null ? var.encryption_key.id: null } ] deletion_protection = false ip_range_pods = "pods" ip_range_services = "services" kubernetes_version = var.kubernetes_version name = module.cluster_name_object.strings_object.normalized_string network = var.vpc_network_setup.name project_id = var.project_id region = var.region subnetwork = google_compute_subnetwork.kubernetes_subnet.name node_pools = [ { auto_repair = true autoscaling = false boot_disk_kms_key = var.encryption_key != null ? var.encryption_key.id : "" disk_size_gb = local.root_disk_size machine_type = var.environment.machine_type name = module.node_pools_name_object.strings_object.normalized_string node_count = local.is_standby ? 0 : var.environment.machine_count node_locations = var.available_zones[0] remove_default_node_pool = true spot = false } ] }
1.5.7
we propose the following fix but cannot test end to end
#2006
The text was updated successfully, but these errors were encountered:
No branches or pull requests
TL;DR
With some configuration the gke module provide an error related to an unused kms key
Expected behavior
the kms key is used by node_config also
Observed behavior
Terraform Configuration
Terraform Version
Additional information
we propose the following fix but cannot test end to end
#2006
The text was updated successfully, but these errors were encountered: