provider kubernetes: Failed to configure

Question

provider kubernetes: Failed to configure

suibinz opened this issue 6 years ago · 10 comments

suibinz commented 6 years ago

terraform plan:

Error: Error refreshing state: 1 error(s) occurred:

provider.kubernetes: Failed to configure: specifying a root certificates file with the insecure flag is not allowed

Answer 1 · 2018-08-17T01:42:31.000Z

Which example are you seeing this error with?

Answer 2 · 2018-08-17T06:47:57.000Z

It's in service-lb. In Kubernetes provider retrieving certs, it seems K8s doesn't like the way specifying certs.
see:
https://github.com/kubernetes/client-go/blob/master/transport/transport.go

I am not sure what argument in tf is parsing the c.TLS.Insecure flag. It seems to be different than the "insecure" attribute in the tf kubernetes provider argument - I tried it as false or true, but no effect.

Answer 3 · 2018-08-17T17:08:00.000Z

I just pushed an updated version of that example that is working for me. I removed the master auth credentials in favor of the auth token from the provider. That may have been what was triggering the insecure flag.

Can you try again with the latest code on master?

Thanks

Answer 4 · 2018-08-17T23:58:28.000Z

hmm.. still doing the same in my env:
MacBook-Pro:example-gke-k8s-service-lb suibin$ ../../../terraform version
Terraform v0.11.7

provider.google v1.16.2
provider.kubernetes v1.2.0

terraform error:

google_container_cluster.default: Still creating... (2m0s elapsed)
google_container_cluster.default: Creation complete after 2m3s (ID: tf-gke-k8s)

Error: Error applying plan:

2 error(s) occurred:

google_compute_address.default: 1 error(s) occurred:

google_compute_address.default: project: required field is not set

provider.kubernetes: Failed to configure: specifying a root certificates file with the insecure flag is not allowed

Terraform does not automatically rollback in the face of errors.

Answer 5 · 2018-08-18T00:13:06.000Z

And thanks for making the destroy provisioner change - it was not working previously - "terraform destroy" would complaint the same Insecure flag issue and not destroyed the resources. I had to go into gcp to manually delete the resources created up to the point of error.

Answer 6 · 2018-08-22T03:50:42.000Z

Are you still having issues? How are you passing the credentials to the google provider?

Answer 7 · 2018-08-22T17:44:41.000Z

using a service account key.

Answer 8 · 2018-08-22T19:22:01.000Z

Strange, I’m having trouble reproducing what you are seeing. Do you still get the error if you run the tutorial from Cloud Shell?

Answer 9 · 2018-08-23T22:36:38.000Z

Yeah, seems to be some conflict with my existing .kube/config. When run at the GCP shell, there is no problem. I think I will close the issue for now.

Answer 10 · 2018-10-12T10:33:40.000Z

My resolution for this was to use load_config_file = false in the Kubernetes provider config (https://www.terraform.io/docs/providers/kubernetes/index.html#load_config_file)