Hello,
I’m trying to setup an infrastructure in google cloud.
I created a project, added the accounts, then added a service account using the following command:
gcloud iam service-accounts create terraform-sa \
--description="Using for terraform" \
--display-name="terraform-sa"
Subsequently, I assigned all the necessary permission to the service account just created:
- Kubernetes Engine Cluster Admin
- Kubernetes Engine Admin
- Kubernetes Engine Cluster Viewer
- Compute Admin
- Cloud SQL Admin
- Secret Manager Admin
- Service Account User
- Storage Admin
- Service Account Token Creator
- Secret Manager Secret Accessor
- Service Account Admin
Then, I created a file called terraform.tfvars in .terraform folder and replaced all the values:
project = "name of the project"
credentials_file = ".json"
region = "europe-north1"
zone = "europe-north1-a"
gke_username = "home-"
gke_password = "some password"
redis_password = "some password"
postgres_username = "home"
postgres_password = "some password"
google_sa_email = "ensure this sa has the above permissions"
However, whenever I tried to run terraform apply I get this error:
Error: Waiting for default secret of "default/project-home-global-sa" to appear
│
│ with kubernetes_service_account.home-global,
│ on main.tf line 63, in resource "kubernetes_service_account" "home-global":
│ 63: resource "kubernetes_service_account" "home-global" {
On main.tf file, line 63:
resource "kubernetes_service_account" "home-global" {
metadata {
name = "project-home-global-sa"
annotations = {
"iam.gke.io/gcp-service-account" = var.google_sa_email
}
}
}
Everything in terraform.tfvars seems to be correct. For some reasons, the second service account is created, but it doesn’t have any key assigned.
Have some of you encountered the same issue? How can I fix?
If needed, I’ll send the entire main.tf content.
Thank you!