GKE Autopilot support appears broken

Question

GKE Autopilot support appears broken

Closed this issue 4 months ago · 1 comments

I've been trying to spin up a GKE Autopilot and it appears that the functionality is broken. My guess is that maybe more restrictions have put on GKE Autopilot by default since it launched re: access tokens?

It stays forever in GKEControlPlaneCreating:

NAME                                                            READY  SEVERITY  REASON                   SINCE  MESSAGE 
Cluster/capi-gke                                                False  Info      GKEControlPlaneCreating  10m             
├─ClusterInfrastructure - GCPManagedCluster/capi-gke                                                                      
└─ControlPlane - GCPManagedControlPlane/capi-gke-control-plane  False  Info      GKEControlPlaneCreating  10m

And the logs show the following over and over:
"Reconciler error" err="creating kubeconfig secret: error generating access token: rpc error: code = InvalidArgument desc = Invalid form of account ID . Should be [Gaia ID |Email |Unique ID |] of the account" controller="gcpmanagedcontrolplane" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="GCPManagedControlPlane" GCPManagedControlPlane="default/capi-gke-control-plane"

And here are my manifests:

apiVersion: cluster.x-k8s.io/v1beta1
kind: Cluster
metadata:
  name: capi-gke
  namespace: default
spec:
  clusterNetwork:
    pods:
      cidrBlocks:
      - 192.168.0.0/16
  controlPlaneRef:
    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
    kind: GCPManagedControlPlane
    name: capi-gke-control-plane
  infrastructureRef:
    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
    kind: GCPManagedCluster
    name: capi-gke
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: GCPManagedCluster
metadata:
  name: capi-gke
  namespace: default
spec:
  network:
    name: default
  project: project-XXXXXX
  region: australia-southeast1
---
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: GCPManagedControlPlane
metadata:
  name: capi-gke-control-plane
  namespace: default
spec:
  location: australia-southeast1
  project: project-XXXXXX
  enableAutopilot: true
  releaseChannel: stable

Answer 1 · 2024-09-15T03:42:58.000Z

Nevermind - instead of using my credentials in .gcloud I created a Service Account and used that instead. A bit buried in the docs was this - https://github.com/kubernetes-sigs/cluster-api-provider-gcp/blob/main/docs/book/src/topics/prerequisites.md#create-a-service-account