composer/ERR/2024_001
Composer Creation not failed due to ‘no error was surfaced’ Error.
Product: Cloud Composer
Rule class: ERR - Something that is very likely to be wrong
Description
‘no error was surfaced’ error when creating a private IP composer environment. This can happen due to a number of different reasons, possibly missing IAM permissions, misconfigured firewall rules or insufficient/incompatible IP ranges used in GKE clusters.
Remediation
To overcome the error, please check the following in the project
- IAM permissions : As mentioned in the error message description, it can be caused by lack of permissions. Check all the required IAM Permission(not only the composer worker role mentioned in the message) for creating private IP environment.
- Firewall rules: Lack or misconfiguration of firewall rules can cause such failure as well. Make sure all the requiresd firewall rules are in place, and there is no deny rule with higher priority to block the communication within GKE clusters.
- Exhausted IP addresses : In some cases, you may find error messages like ‘IP_SPACE_EXHAUSTED’. This usually means that the IP range assigned is not sufficient to bring up the component. It is important to check which component is failed. General recommendations of the IP ranges Configure private IP networking, and also understand CIDR ranges for a GKE cluster
- Invalid secondary IP ranges used in GKE clusters : This error can also be as a result of using invalid non-RFC 1918 addresses for Pods and Services of the GKE cluster. You should only use RFC 1918 address, or supported non-RFC 1918 ranges for these secondary addresses.
- Private Service Connect : This error can also occur when You choose VPC Peerings instead of Private Service Connect (PSC) as the connection type in Composer environment configuration in Shared VPC setup. Configuring Private Service Connect