google-cloud-platformterraformgoogle-kubernetes-engineterraform-provider-gcp

Terraform can't load credential when using Alias


this is my project strcuture

modules
|-gke_cluster
  |-main.tf
  |-output.tf
  |-variables.tf
main.tf
production.tf
variable.tf

main.tf(root)

terraform {

cloud {
    organization = "myorder"

    workspaces {
      name = "PT-cli-2"  
    }
  }
}
     

production.tf

provider "google" {
  credentials = var.gcp_credentials
  project     = "xxxxx-develop"
  region      = "asia-southeast1"
  alias = "gke3"
}

# google_container_cluster.gke_cluster.endpoint
data "google_client_config" "default" {}

provider "kubernetes" {
  host                   = "https://${module.gke_cluster.cluster_endpoint}"
  token                  = data.google_client_config.default.access_token
  cluster_ca_certificate = base64decode(module.gke_cluster.cluster_ca_certificate)
    # load_config_file = false
    ignore_annotations = [
    "^autopilot\\.gke\\.io\\/.*",
    "^cloud\\.google\\.com\\/.*"
  ]
}

module "gke_cluster" {
  source = "./modules/gke_cluster"
  region       = var.region
  clusterName  = var.clusterName
  diskSize     = var.diskSize
  minNode      = var.minNode
  maxNode      = var.maxNode
  machineType  = var.machineType
  providers = {
    google = google.gke3
  }
}
# data "google_client_config" "default" {}
module "busybox" {
  source       = "./modules/busybox"
  clusterName  = var.clusterName
  cluster_name = module.gke_cluster.clusterName # Assuming your GKE module outputs this
}

modules/gke_cluster/main.tf

terraform {
  required_providers {
  google = {
    source  = "hashicorp/google"
    version = ">=5.26.0"
  }
}

}

resource "google_container_cluster" "gke1_gke_cluster" {
  name     = var.clusterName
  location = var.region # Replace this with your desired region
  enable_shielded_nodes    = "true"
  remove_default_node_pool = true
  deletion_protection = false
  initial_node_count  = 1

  release_channel {
    channel = "STABLE"
  }

  addons_config {
    http_load_balancing {
      disabled = false
    }
  }

  networking_mode = "VPC_NATIVE"
  ip_allocation_policy {
    cluster_ipv4_cidr_block  = "/16"
    services_ipv4_cidr_block = "/22"
  }

  timeouts {
    create = "20m"
    update = "20m"
  }

  lifecycle {
    ignore_changes = [node_pool]
  }
}

resource "google_container_node_pool" "gke1_primary_nodes" {
  name       = "${var.clusterName}-pool"
  location   = var.region # Replace this with your desired region
  cluster    = google_container_cluster.gke1_gke_cluster.name
  node_count = 1

  management {
    auto_repair  = true
    auto_upgrade = true
  }

  autoscaling {
    min_node_count = var.minNode
    max_node_count = var.maxNode
  }

  timeouts {
    create = "20m"
    update = "20m"
  }

  node_config {
    preemptible  = true
    machine_type = var.machineType

    oauth_scopes = [
      "https://www.googleapis.com/auth/compute",
      "https://www.googleapis.com/auth/cloud-platform",
      "https://www.googleapis.com/auth/devstorage.read_only",
      "https://www.googleapis.com/auth/logging.write",
      "https://www.googleapis.com/auth/monitoring",
    ]
  }
}

my error

╷
│ Error: Attempted to load application default credentials since neither `credentials` nor `access_token` was set in the provider block.  No credentials loaded. To use your gcloud credentials, run 'gcloud auth application-default login'
│ 
│   with provider["registry.terraform.io/hashicorp/google"],
│   on <empty> line 0:
│   (source code not available)
│ 
│ google: could not find default credentials. See
│ https://cloud.google.com/docs/authentication/external/set-up-adc for more
│ information
╵
╷
│ Error: Invalid provider configuration
│ 
│ Provider "registry.terraform.io/hashicorp/google" requires explicit
│ configuration. Add a provider block to the root module and configure the
│ provider's required arguments as described in the provider documentation.

My terraform code isn't work when i'm trying to use alias with module

My terraform code is work when i remove

is there anything i missed here ?

FYI. my credential file store in Terraform workspace variable


Solution

  • Finally I found the solution

    # data "google_client_config" "default" {}
    

    this line above just overrides my provider section