Comments (7)
jlamillan
commented on July 19, 2024
2
FYI, I was able to reproduce what you are seeing by removing my user from the group that granted me rights to manage resources in my target compartment:
terraform apply
...
terraform creating local resources such as certs, tokens, etc.
....
Error applying plan:
1 error(s) occurred:
* module.vcn.oci_core_virtual_network.CompleteVCN: 1 error(s) occurred:
* oci_core_virtual_network.CompleteVCN: Status: 404; Code: NotAuthorizedOrNotFound; OPC Request ID: /OMITTED
; Message: Authorization failed or requested resource not found.
So, in terms of the prerequisites that are not called out in this project, you'd need to:
- Create a compartment e.g. kubernetes
- Create a group e.g. kubernetes-installer
- Create a Policy for the group e.g.
Allow group kubernetes-installer to manage all-resources in compartment kubernetes - Create a user
- Upload an API key for the user
- Add User to the kubernetes-installer group
from terraform-kubernetes-installer.
jlamillan
commented on July 19, 2024
Craig,
This is most likely not a defect these scripts or this project. It looks like to me like either a authentication or authorization error with Oracle Cloud Infrastructure (formally BMC / Bare Metal Cloud).
Double check that the user / tenancy / compartment OCIDs. Also check that the user has permission to create artifacts in the tenancy / compartment and that you've uploaded your PEM public key to the user in the Console and you are using the PEM private key for the private_key_path for the provider.
from terraform-kubernetes-installer.
m0un10
commented on July 19, 2024
If it is an auth issue why did plan work and also apply created other
resources for 2 mins before it failed with that error?
Lastly this is a vanilla trial instance of OCI so if there is some
dependency on that side you might want to document as I assume others would
hit this issue as well.
I also used the credentials with OCi curl example and it worked fine.
Can you provide a little more info regarding “checking the user has
permissions to create artifacts in the tenancy”? Shall I just make sure I
can manually create an instance in the same compartment? And if so, what
next? Any other debug tips?
…On Tue, 10 Oct 2017 at 2:58 pm, Jesse Millan ***@***.***> wrote:
Craig,
This is most likely not a defect these scripts or this project. It looks
like to me like either a authentication or authorization error with Oracle
Cloud Infrastructure (formally BMC / Bare Metal Cloud).
Double check that the user / tenancy / compartment OCIDs. Also check that
the user has permission to create artifacts in the tenancy / compartment
and that you've uploaded your PEM public key to the user in the Console and
you are using the PEM private key for the private_key_path for the provider.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#21 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AHNDn9goEEVgJ9GPlpyRvV8WwA-6A2cJks5sqvl4gaJpZM4PzXD6>
.
from terraform-kubernetes-installer.
jlamillan
commented on July 19, 2024
When you say that "apply created other resources", do you mean resources in BMC in your compartment?
The scripts create a number of Terraform resources like certs, tokens, etc. Though, as far as I am aware, the first actual OCI resource that gets created is the CompleteVCN, which is what is failing for you:
* module.vcn.oci_core_virtual_network.CompleteVCN: 1 error(s) occurred:
* oci_core_virtual_network.CompleteVCN: Status: 404; Code: NotAuthorizedOrNotFound; OPC Request ID: /OMITTED; Message: Authorization failed or requested resource not found.
As a debug step to take the scripts out of the equation, you could use the OCI console to see if the scripts created any network or compute resources in the expected compartment. If it did not, you could try manually crating a Virtual Cloud Network resource.
from terraform-kubernetes-installer.
m0un10
commented on July 19, 2024
Perfect, thanks for that! I will try it out shortly.
from terraform-kubernetes-installer.
m0un10
commented on July 19, 2024
At first, I found that I didn't have permissions to add a new policy for a new kubernetes compartment e.g.
However, I later discovered that the root compartment OCID is that same as the tenancy OCID so when I set them the same, the "terraform apply" worked.
from terraform-kubernetes-installer.
jlamillan
commented on July 19, 2024
Glad to hear!
from terraform-kubernetes-installer.
Related Issues (20)
- Allow creation of clusters with existing subnets, routes and security lists. HOT 1
- Enable (and configure) advanced auditing by default
- Question about updating existing cluster vs creating new one in new vcn HOT 8
- CI tests are failing with index out of range error when tests set master_oci_lb_enabled=false
- load balancers go into critical state when the instances are rebooted
- oci_core_images OCID lookup failing HOT 4
- Metadata size limit of 32000 bytes being hit. HOT 5
- Update the CCM version to latest
- pod cluster network does not work when number of worker nodes > 1
- Naming consistency. Map references to BMCS to OCI
- Document current limitations of the OCI Terraform installer
- module.instances-etcd-ad2.data.template_file.etcd-bootstrap: 1 error
- Kubernetes nodes(master and worker) NotReady HOT 2
- k8s worker freeze when launching several pods
- oci_load_balancer_listener reports invalid parameter HOT 3
- Error using master branch and oci provider 3.5 HOT 2
- Cluster does not provision successfully on Oracle-Linux-7.5-2018.10.16-0 HOT 5
- Error in creating vm
- centos HOT 1
- Deprecation warnings and fixes
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-kubernetes-installer.