OKD4 shared VPC installation using IPI [GCP] #1595
MarcoPereira7
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am trying to successfully create an OKD4 cluster inside a shared VPC on GCP.
The cluster gets created by 95%, but the cluster operator "cloud-credential" gets "stuck" on a degraded phase.
cloud-credential 4.12.0-0.okd-2023-04-01-051724 True True True 34m 2 of 8 credentials requests are failing to sync.DEBUG Still waiting for the cluster to initialize: Cluster operator cloud-credential is degradedFor some reason the cloud-credential is also expecting the service account that is passed into the secrets (see https://docs.openshift.com/container-platform/4.12/installing/installing_gcp/manually-creating-iam-gcp.html) to have the following permission:
compute.organizations.administerXpn
Why is this permission needed?
Here are some aditional logs where i found the permission that is missing:
time="2023-05-08T19:25:00Z" level=warning msg="Detected some unallowed permissions: [compute.organizations.administerXpn]" actuator=gcp cr=openshift-cloud-credential-operator/openshift-machine-api-gcp time="2023-05-08T19:25:06Z" level=warning msg="Detected some unallowed permissions: [compute.organizations.administerXpn]" actuator=gcp cr=openshift-cloud-credential-operator/openshift-cloud-network-config-controller-gcp time="2023-05-08T19:33:39Z" level=warning msg="Detected some unallowed permissions: [compute.organizations.administerXpn]" actuator=gcp cr=openshift-cloud-credential-operator/openshift-machine-api-gcp time="2023-05-08T19:41:52Z" level=warning msg="Detected some unallowed permissions: [compute.organizations.administerXpn]" actuator=gcp cr=openshift-cloud-credential-operator/openshift-cloud-network-config-controller-gcpBeta Was this translation helpful? Give feedback.
All reactions