Terraform tutorial - "system:anonymous" cannot create resource "deployments" in API group "apps" in the namespace "default"

arun-a-nayagam · December 14, 2020, 12:35am

Hi,
Following this tutorial, Provision a GKE cluster (Google Cloud) | Terraform | HashiCorp Developer, I have deployed a GKE cluster in GCloud.

Now when I try to schedule a deployment following this link,

It fails with,

Error: Failed to create deployment: deployments. apps is forbidden: User “system:anonymous” cannot create resource “deployments” in API group “apps” in the namespace “default”

on kubernetes.tf line 21, in resource “kubernetes_deployment” “nginx”:
21: resource “kubernetes_deployment” “nginx” {

My kubernetes.tf looks like this,

terraform {
  required_providers {
    kubernetes = {
      source = "hashicorp/kubernetes"
    }
  }
}

provider "kubernetes" {
  load_config_file = false

  host     = google_container_cluster.primary.endpoint
  username = var.gke_username
  password = var.gke_password

  client_certificate     = base64decode(google_container_cluster.primary.master_auth.0.client_certificate)
  client_key             = base64decode(google_container_cluster.primary.master_auth.0.client_key)
  cluster_ca_certificate = base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate)
}

resource "kubernetes_deployment" "nginx" {
  metadata {
    name = "scalable-nginx-example"
    labels = {
      App = "ScalableNginxExample"
    }
  }

  spec {
    replicas = 2
    selector {
      match_labels = {
        App = "ScalableNginxExample"
      }
    }
    template {
      metadata {
        labels = {
          App = "ScalableNginxExample"
        }
      }
      spec {
        container {
          image = "nginx:1.7.8"
          name  = "example"

          port {
            container_port = 80
          }

          resources {
            limits {
              cpu    = "0.5"
              memory = "512Mi"
            }
            requests {
              cpu    = "250m"
              memory = "50Mi"
            }
          }
        }
      }
    }
  }
}

Any help is appreciated.

Thanks,
Arun

aareet · December 14, 2020, 5:09pm

Hi Arun,

You appear to be supplying both a username/password and a cert/key. You should only be using one to authenticate to the cluster. You can see our docs on this here: https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs#statically-defined-credentials

 username = var.gke_username
  password = var.gke_password

  client_certificate     = base64decode(google_container_cluster.primary.master_auth.0.client_certificate)
  client_key             = base64decode(google_container_cluster.primary.master_auth.0.client_key)
  cluster_ca_certificate = base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate)