-1

I'm able to create Private IP VPC native GKE cluster without any issue. But when I create cloud composer private IP environment using same network,secondary ranges for POD and Services which I used for GKE cluster if fails with below error message. Service account which I used to create composer has roles/composer.worker role. What ingress or egress ports should be opened from kuberentes nodes. I'm not sure what is causing the cloud composer environment creation failure??

CREATE operation on this environment failed 3 hours ago with the following error message: Environment couldn't be created, but no error was surfaced. This can be caused by a lack of proper permissions. Check if this environment's service account has the 'roles/composer. Worker' role and there is no firewall inhibiting internal communications set.

dhanabalan Rangasamy
  • 319
  • 4
  • 18

1 Answers1

0

You could try the following:

  • Explore Cloud Logging for Composer logs, find the log entry about the environment creation, verify which Service Account is launching the creation, if is not the one you mentioned that has the roles/composer.worker role try to add the correct permissions to it or ensure that your SA is launching the creation.

  • If is the correct SA who's launching the creation, then could also be an issue with your Firewall Rules as the error states, explore the FR that apply to your network if there no rule that doesn't allow the ingress.

  • Try also checking the other SA's mentioned here have the correct permissions.

Messier_31
  • 183
  • 6