Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cluster update fails, enable_binary_authorization conflicts with enable_autopilot

See original GitHub issue

I ran into this issue when I enabled the autopilot option on my cluster. I thought it might have to do with the way I configured my cluster but it occurs even when no other argument is set.

Steps to reproduce

Run pulumi new in empty directory, choose gcp-go template
Replace the contents of main.go and go.mod with code below
Run pulumi up

main.go

package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v4/go/gcp/container"
	"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := buildCluster(ctx)
		if err != nil {
			return err
		}
		return nil
	})
}

func buildCluster(ctx *pulumi.Context) (*container.Cluster, error) {
	return container.NewCluster(ctx, "cluster", &container.ClusterArgs{
		EnableAutopilot: pulumi.Bool(true),
	})
}

go.mod

module foo

go 1.16

require (
	github.com/pulumi/pulumi-gcp/sdk/v4 v4.21.0
	github.com/pulumi/pulumi/sdk/v2 v2.25.0
)

pulumi up output

Previewing update (production)

View Live: https://app.pulumi.com/organization/foo/production/previews/bar

     Type                      Name            Plan       Info
 +   pulumi:pulumi:Stack       foo-production  create     
     └─ gcp:container:Cluster  cluster                    1 error
 
Diagnostics:
  gcp:container:Cluster (cluster):
    error: gcp:container/cluster:Cluster resource 'cluster' has a problem: ConflictsWith: "enable_binary_authorization": conflicts with enable_autopilot. Examine values at 'Cluster.EnableBinaryAuthorization'.

Issue Analytics

State:
Created 2 years ago
Reactions:1
Comments:6 (1 by maintainers)

Top GitHub Comments

4reactions

stack72commented, Apr 29, 2021

Hi all

I am working on a fix for this right now and it will be available in the next version of the pulumi-gcp provider in a day or 2

Paul

0reactions

xskifcommented, Apr 29, 2021

So, ok, a workaround can be something like that:

Create autopilot cluster in the regular way (GUI, gcloud)
Import cluster to the pulumi - pulumi import gcp:container/cluster:Cluster mycluster us-east1-a/my-cluster

Top Results From Across the Web

terraform-provider-google/resource_container_cluster.go at ...

Description: `Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary Authorization.`,.

google_container_cluster | Resources | hashicorp/google

enable_binary_authorization - (DEPRECATED) Enable Binary Authorization for this cluster. If enabled, all container images will be validated by Google Binary ...

Types overview | Workflows - Google Cloud

enabled. boolean. Enable Autopilot ... Enable Binary Authorization for this cluster. ... ERROR, The ERROR state indicates the cluster may be unusable.

Windows Autopilot policy conflicts - Microsoft Learn

This failure can occur when certain DeviceLock policies are applied to a device. Such policies can include: Minimum password length and password ...

A Cluster is a managed resource that represents a ... - Doc

apiVersion: container.gcp.crossplane.io/v1beta2 kind: Cluster. A Cluster is a managed resource that represents a Google Kubernetes Engine cluster.