I am trying to update my GCP Cloud Composer environment from composer-1.18.0-airflow-2.2.3 -> composer-1.19.4-airflow-2.2.5 .
It fails with the error that I don't have the permissions to describe the tenant Cloud SQL instance (verbose error below). I know that the command is executed on a running pod in the Composer's kubernetes cluster.
I tested the failing command, outlined below, with the environment's service account credentials activated and it works. Why does the command fail when executed inside the pod? Is the kubernetes cluster using different credentials than the Composer's service account?
Verbose error message:
Failed to update image version.
Exporting sql database failed with error [Failed to run command ['gcloud', 'sql', 'instances', 'describe', 'my-tentant-sql-instance-...-sql', '--project', 'myTenantProject-tp', '--format', 'get(serviceAccountEmailAddress)'], details: b'ERROR: (gcloud.sql.instances.describe) There was no instance found at projects/myTenantProject-tp/instances/my-tentant-sql-instance-...-sql or you are not authorized to access it.\n'].
Related
I'm trying to install AWS Replication Agent on ubuntu20 server. As per document, I have created IAM user with below AWS managed policy.
AWSElasticDisasterRecoveryAgentInstallationPolicy
AWSElasticDisasterRecoveryAgentPolicy
When i tried to install agent on ubuntu20 server, I received Unexpected error and Installation failed even i attached Administrator full access policy.
Unexpected Error
Installation failed.
Learn more about installation issues in our documentation at
https://docs.aws.amazon.com/drs/latest/userguide/Troubleshooting-Agent-Issues.html
Can any one please let me know why I'm getting this error?
I have single ec2 instance running on ubuntu server and I am trying to implement CI/CD flow using codedeploy and source is bit-bucket.I jave also installed codedeploy-agent on ec2 instance and it is installed and running successfully but whenever I am deploying code on ec2 deployment is failing with an error shown below:
The overall deployment failed because too many individual instances failed deployment, too few
healthy instances are available for deployment, or some instances in your deployment group are
experiencing problems.
In the CodeDeploy agent log file that I am accessing using less /var/log/aws/codedeploy-agent/codedeploy-agent.log showing below error:
ERROR [codedeploy-agent(31598)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller:
Missing credentials - please check if this instance was started with an IAM instance profile
I am unable to understand how can I overcome this error someone let me know.
CodeDeploy agent requires IAM permissions provided by IAM role/profile of your instance. The exact permissions needed are given in AWS docs:
Step 4: Create an IAM instance profile for your Amazon EC2 instances
While trying to locally run the "java cloud run hello word sample" Cloud Run: Run Locally
I keep getting
Enabling GCP auth addon...
Failed to enable GCP auth addon. Deployment will continue but GCP
credentials will not be added to minikube. Please ensure you have up
to date application default credentials (ADC) by running gcloud auth login --update-adc
Things that I have tried and didn't solve the problem
run gcloud auth login --update-adc
use a different service account
not provide a service account
provide the environment variable GOOGLE_APPLICATION_CREDENTIALS
Current configuration
What am I missing?
It appears to be a bug with minikube
The workaround:
Install minikube https://minikube.sigs.k8s.io/docs/start/
In your terminal, run minikube delete --all
Delete the existing minikube images from Docker
The original workaround and issue details can be found below:
https://github.com/GoogleCloudPlatform/cloud-code-intellij/issues/2949#issuecomment-870120602
Cloud Composer is not getting deleted properly with this error:
DELETE operation on this environment failed 4 days ago with the following error message:
RPC Skipped due to required preoperation not finished yet.
RPC Skipped due to required preoperation not finished yet.
here's the error screenshot:
Please, follow the below steps to delete environments resources manually:
Delete GKE cluster, that corresponds to environment
Delete the Google Storage bucket used by environment
Delete the related deployments with:
gcloud deployment-manager deployments delete <DEPLOYMENT_NAME> --delete-policy=ABANDON
Then try again to delete the Composer environments with:
gcloud composer environments delete <ENVIRONMENT_NAME> --location <LOCATION>
The problem you are facing could be also related with a misconfiguration with the Cloud Composer service account in your project. By default, Cloud Composer environments run as the Compute Engine default service account, but when you are using a custom service account, at a minimum, that service account requires the permissions that the composer.worker role provides to access resources in the Cloud Composer environment. Please refer to this documentation for further details about how to grant a role to a service account.
Please, try to add the policy binding for Cloud Composer API Service Agent role to the service account, so the command would be:
gcloud projects add-iam-policy-binding <PROJECT_ID> --member=<MEMBER> --role=roles/composer.serviceAgent
The member should be of the form user|group|serviceAccount:email or domain:domain (refer to documentation).
Then, please retry the action of remove your Composer environments. I hope you find the above pieces of information useful.
I am actually trying to deploy my application using Kubernetes in the AWS Kops. For this i followed the steps given in the AWS workshop tutorial.
https://github.com/aws-samples/aws-workshop-for-kubernetes/tree/master/01-path-basics/101-start-here
I created a AWS Cloud9 environment by logging in as a IAM user and installed kops and other required software's as well. When i try to create the cluster using the following command
kops create cluster --name cs.cluster.k8s.local --zones $AWS_AVAILABILITY_ZONES
--yes
i get an error like below in the cloud9 IDE
error running tasks: deadline exceeded executing task IAMRole/nodes.cs.cluster.k8s.local. Example error: error creating IAMRole: InvalidClientTokenId: The security token included in the request is invalid
status code: 403, request id: 30fe2a97-0fc4-11e8-8c48-0f8441e73bc3
I am not able to find a way to solve this issue. Any help on this would be appreciable.
I found the issue and fixed it. Actually
I did not export the following 2 environment variables in the terminal where I am running create cluster. These 2 below variables are required while creating a cluster using kops
export AWS_ACCESS_KEY_ID=$(aws configure get aws_access_key_id)
export AWS_SECRET_ACCESS_KEY=$(aws configure get aws_secret_access_key)