Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fleet default configuration for config sync feature conflict feature membership resource #21049

Closed
mujtaba-ahmed12 opened this issue Jan 27, 2025 · 1 comment
Closed

Fleet default configuration for config sync feature conflict feature membership resource #21049

mujtaba-ahmed12 opened this issue Jan 27, 2025 · 1 comment
Labels
bug forward/review In review; remove label to forward service/gkehub

Comments

@mujtaba-ahmed12
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
  • Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.
  • If an issue is assigned to a user, that user is claiming responsibility for the issue.
  • Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Provider Version: 6.17.0

Terraform Version & Provider Version(s)

Terraform v1.9.7
on darwin_amd64

  • provider registry.terraform.io/hashicorp/archive v2.7.0
  • provider registry.terraform.io/hashicorp/google v6.16.0
  • provider registry.terraform.io/hashicorp/kubernetes v2.35.1
  • provider registry.terraform.io/hashicorp/null v3.2.3
  • provider registry.terraform.io/hashicorp/random v3.6.3

Affected Resource(s)

resource "google_gke_hub_feature" "acm" {
  name     = "configmanagement"
  project  = var.project_id
  location = "global"
  fleet_default_member_config {
    configmanagement {
      version = 1.19.2
      config_sync {
        source_format = "unstructured"
      }
    }
  }
}
resource "google_gke_hub_feature_membership" "gke_hub_feat_member" {
  depends_on = [
    google_gke_hub_feature.acm,
  ]

  location            = "global"
  feature             = "configmanagement"
  membership_location = XYZ

  //To be edited to work with only the reference
  membership = <Memebership>
  project    = var.project_id

  configmanagement {
    config_sync {
      enabled = each.value.config_sync.git.enabled
      metrics_gcp_service_account_email = each.value.config_sync.metrics_gcp_service_account_email
      git {
        sync_repo   = each.value.config_sync.git.sync_repo
        policy_dir  = each.value.config_sync.git.policy_dir
        sync_branch = each.value.config_sync.git.sync_branch
        sync_rev    = each.value.config_sync.git.sync_rev
        secret_type = each.value.config_sync.git.secret_type
      }
      source_format = each.value.config_sync.source_format
    }

    policy_controller {
      enabled                    = true
      audit_interval_seconds     = 120
      referential_rules_enabled  = true
      log_denies_enabled         = true
      mutation_enabled           = true
      template_library_installed = true
    }
  }
}

Terraform Configuration

No response

Debug Output

"membershipSpecs": {
     "projects/XYZ/locations/europe-west4/memberships/user-orbit-lab-002": {
     "origin": {},
      "configmanagement": {
         "configSync": {
           "sourceFormat": "unstructured"
         },
        "version": "1.19.2"
       }
     }
  }

Expected Behavior

No response

Actual Behavior

Clusters created after enabling fleet default configuration result in error vertex "module.user_clusters.google_gke_hub_feature_membership.gke_hub_feat_member[\"XYZ"]" error: Error creating FeatureMembership: Resource already exists - apply blocked by lifecycle params: &gkehub.FeatureMembership{Mesh:(*gkehub.FeatureMembershipMesh)(0x6eadc80), Configmanagement:(*gkehub.FeatureMembershipConfigmanagement)(0xc001df23c0), Policycontroller:(*gkehub.FeatureMembershipPolicycontroller)(0x6eadca0), Project:(*string)(0xc001d90780), Location:(*string)(0xc001d902c0), Feature:(*string)(0xc001d90280), Membership:(*string)(0xc001d90300), MembershipLocation:(*string)(0xc001d906a0)}. .

After changing logs level to debug, I noticed in GCP API response contains

Since some config is enabled due to fleet default membership when we try to create resource google_gke_hub_feature_membership it always results in conflict error above.

Steps to reproduce

  1. Create google_gke_hub_feature with fleet default configuration enabled.
  2. Create new cluster GKE/GDC.
  3. Add google_gke_hub_feature_membership config management for above cluster.

Important Factoids

No response

References

No response
@github-actions github-actions bot added forward/review In review; remove label to forward service/gkehub labels Jan 27, 2025
@slevenick
Copy link
Collaborator

Looks like a dupe of #10934

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug forward/review In review; remove label to forward service/gkehub
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@slevenick @mujtaba-ahmed12