Missing kube->kms s2s policy
vburckhardt opened this issue · 2 comments
That specific s2s policy does not seem to be created by the module code itself.
On a fresh account:
again.","type":"Authentication"}
2023/11/30 15:45:51 Terraform apply |
2023/11/30 15:45:51 Terraform apply | with module.roks_landing_zone.module.landing_zone.ibm_container_vpc_cluster.cluster["wxai-management-cluster"],
2023/11/30 15:45:51 Terraform apply | on ../../cluster.tf line 34, in resource "ibm_container_vpc_cluster" "cluster":
2023/11/30 15:45:51 Terraform apply | 34: resource "ibm_container_vpc_cluster" "cluster" {
2023/11/30 15:45:51 Terraform apply |
2023/11/30 15:45:51 Terraform apply |
2023/11/30 15:45:51 Terraform apply | Error: Request failed with status code: 401, ServerErrorResponse: {"incidentID":"dc3c5793-4641-44a6-a2d8-699335dbf0f9","code":"E09c0","description":"Not authorized to access the Key Management Service. Create an IBM Cloud IAM authorization policy to give the source Kubernetes Service delegate access to the target Key Management Service, and try again.","type":"Authentication"}
2023/11/30 15:45:51 Terraform apply |
2023/11/30 15:45:51 Terraform apply | with module.roks_landing_zone.module.landing_zone.ibm_container_vpc_cluster.cluster["wxai-workload-cluster"],
2023/11/30 15:45:51 Terraform apply | on ../../cluster.tf line 34, in resource "ibm_container_vpc_cluster" "cluster":
2023/11/30 15:45:51 Terraform apply | 34: resource "ibm_container_vpc_cluster" "cluster" {
2023/11/30 15:45:51 Terraform apply |
2023/11/30 15:45:51 [1m[31mTerraform APPLY
@vburckhardt @Ak-sky This policy is supposed to be auto created when you provision a new cluster. It creates the following global auth policy:
So hence that is why we don't create it in our code.