Hello here, I could use some help on creating a gcp cluster with pulumi. I started with the example from here https://github.com/pulumi/examples/blob/master/gcp-ts-gke/cluster.ts but I noticed it was missing some mandatory parameters.

error: Plan apply failed: project: required field is not set

I found out that I can set it in the stack

gcp:project

along with

gcp:zone

and

gcp:region

but that feels wrong and error prone to duplicate it here since I already have all of that set up in my

gcloud config

, is there any way it can automatically detects the local active gcloud config ? But anyway, even if I fill these values up in the stack to test it, I got an error :

error: Plan apply failed: googleapi: Error 403: Required "container.clusters.create" permission(s) for "projects/[...]". See <https://cloud.google.com/kubernetes-engine/docs/troubleshooting#gke_service_account_deleted> for more info., forbidden

while I have all the needed permissions to create cluster and had no issue so far to create anything else with pulumi.

The

project

value should also be picked up ambiently from any of the following ENV vars:

"GOOGLE_PROJECT",
"GOOGLE_CLOUD_PROJECT",
"GCLOUD_PROJECT",
"CLOUDSDK_CORE_PROJECT",

Honestly not sure why Google has decided not to pick this up directly from

gcloud config

as well - but it seems to be an intentional choice by Google engineers working on the Google Terraform Provider. Regarding the error - this is the same as reported here: https://github.com/pulumi/examples/issues/150. I have tried many times to reproduce that myself, but have been unable to. I feel reasonably sure that some combination of the credentials and projects being used must not be correct (and GCP error messages here are unfortunately not too helpful), but would love to get to the bottom of this. I can't figure out any way Pulumi could be related to these errors - but it's certainly possible. If you have any more details you can share on specific user/role/project configuration you are using - could you add it to the issue linked above?

hey @white-balloon-205 thanks for your answer. I’m a bit disappointed by what you are reporting about the choices Google engineers made, but that’s making it clear, it seems I don’t have a choice here. Thanks for the link to the issue, I will follow up anything I can get on this one in it. Indeed that shouldn’t be a pulumi specific, I’ll let you know if I find something