K
Q

Adding Master Authorized Networks in GKE

10/4/2019

I am trying to add masterAuthorizedNetworksConfig cidrblock during gke cluster creation. I am using yaml as my configuration file. For the most part everything work except for when it hit the section in the code for masterAuthorizedNetworksConfig. I get the error below.

ERROR: (gcloud.deployment-manager.deployments.create) Error in Operation [operation-1570192512938-59414eef672d4-7aad07f0-31e95364]: errors: - code: CONDITION_NOT_MET location: /deployments/cff-prod-clus/resources/prod-cff->$.properties message: | error: instance type (object) does not match any allowed primitive type (allowed: ["array"]) level: "error" schema: {"loadingURI":"#","pointer":"/schemas/MasterAuthorizedNetworksConfig/properties/cidrBlocks"} instance: {"pointer":"/cluster/masterAuthorizedNetworksConfig/cidrBlocks"} domain: "validation" keyword: "type" found: "object" expected: ["array"]

I have tried changing the code around with different syntax but I get same results.

 ipAllocationPolicy:
        useIpAliases: true
        clusterIpv4CidrBlock: 10.81.224.0/20
        servicesIpv4CidrBlock: 10.81.222.0/23
      masterAuthorizedNetworksConfig:
        enabled: true
        cidrBlocks: 
          displayName: Corporate
          cidrBlock: 10.10.1.0/24
      networkConfig:
        enableIntraNodeVisibility: true
      privateClusterConfig:
        enablePrivateNodes: true
        masterIpv4CidrBlock: 10.81.219.0/28

corrected code

 ipAllocationPolicy:
        useIpAliases: true
        clusterIpv4CidrBlock: 10.81.224.0/20
        servicesIpv4CidrBlock: 10.81.222.0/23
      masterAuthorizedNetworksConfig:
        enabled: true
        cidrBlocks: 
          - displayName: Corporate
          - cidrBlock: 10.10.1.0/24
      networkConfig:
        enableIntraNodeVisibility: true
      privateClusterConfig:
        enablePrivateNodes: true
        masterIpv4CidrBlock: 10.81.219.0/28

Unless this is not available during deployment I was expecting to add that cidrblock to the Master authorized networks.

-- k2swat
cluster-computing
deployment
google-cloud-platform
google-kubernetes-engine
yaml

Similar Questions

Get ASPNETCORE_ENVIRONMENT in core console app in container
Velero deployments failure - Unable to find Azure /credentials/cloud File
Google Cloud build conditional step
Horizontally Autoscaled Kubernetes pods not pulling messages from Google Cloud Pub/Sub subscription
PromQL query to find CPU and memory used for the last week

1 Answer

10/10/2019

The masterAuthorizedNetworksConfig.cidrBlocks field is expecting an array (even if you are only adding a single entry). Each entry must have a -. Note that each entry is not necessarily a different line. In your case, you can do the following:

  masterAuthorizedNetworksConfig:
    enabled: true
    cidrBlocks: 
      - displayName: Corporate
        cidrBlock: 10.10.1.0/24

The displayName and the cidrBlock both belong to the same entry, so no need for dashes on each line. However, if you wanted to add another CIDR, you would add aonther - for the next entry

-- Patrick W
Source: StackOverflow