On GKE, there is a limit on the number of characters that can be use for a service account name (6-30). As the service account we use (vault/kaniko) have their names based of the cluster name the suggestion is to limit the cluster name to 27 chars, and use the following templates for the generated service accounts.
${cluster_name}-ko${cluster_name}-vt
May need a bit of extra validation when using jx create terraform as the cluster name is set to:
${org_name}-${cluster_short_name}
We would need to limit that to 27 chars too.
garethjevans
All 5 comments
/area install
/kind bug
/priority important-soon
garethjevans
on 8 Jun 2019
/assign @macox
garethjevans
on 10 Jun 2019
This should be resolved now
garethjevans
on 13 Jun 2019
this actually still happens if the cluster name is too short (e.g. jx)
'ERROR: (gcloud.iam.service-accounts.create) argument NAME: Bad value [jx-vt]: Service account name must be between 6 and 30 characters (inclusive)
afirth
on 28 Jun 2019
Tried installing on GKE in a cluster named jx, bombed out error: creating the system vault: creating vault: creating GCP service account: creating the Vault GCP Service Account: creating the service account: failed to run 'gcloud iam service-accounts create jx-vt --project y-k8s-240607 --display-name jx-vt' command in directory '', output: 'ERROR: (gcloud.iam.service-accounts.create) argument NAME: Bad value [jx-vt]: Service account name must be between 6 and 30 characters (inclusive), must begin with a lowercase letter, and consist of lowercase alphanumeric characters that can be separated by hyphens. - using version:
NAME VERSION
jx 2.0.588
Kubernetes cluster v1.13.7-gke.8
kubectl v1.15.1
git 2.17.1
Operating System Ubuntu 18.04.2 LTS
masseybradley
on 13 Aug 2019
Related issues
renatoaraujoc
路
3Comments
sourabhg
路
4Comments
SmartassSkeleton
路
4Comments
jstrachan
路
4Comments
igdianov
路
3Comments
Most helpful comment
this actually still happens if the cluster name is too short (e.g. jx)