Kubeconfig resource is deleted before aws_auth resource can be deleted

[jspawar]

This guide advises us to use the community module here: https://github.com/terraform-aws-modules/terraform-aws-eks

There is a known issue that we have been running into with this module: terraform-aws-modules/terraform-aws-eks#978 (closed but we are trying to reopen). We only started observing these failures after upgrading from Terraform v0.13.5 to v0.14.0

The result of this issue/bug is that anyone who follows this guide to set up their EKS deployment with Terraform might also run into the same issue where a terraform destroy will potentially never complete successfully without manual intervention as that issue recommends (specifically the suggestion to remove the configmap from the state).

We see one of the following errors when we run into this issue on a terraform destroy:

Error: Unauthorized

or

Error: Get "http://localhost/api/v1/namespaces/kube-system/configmaps/aws-auth": dial tcp 127.0.0.1:80: connect: connection refused

Would appreciate any recommendations on how, if at all possible without changes to the community module, to mitigate this issue.

Thanks,
Jwal + @jamespollard8

[thesagarmatha]

I am going through the same problem, it's giving me a hard time destroying auth-config while deleting the cluster. I am currently using the below-mentioned versions:
Terraform 1.1.6
AWS Provider 4.2.0
Kubernetes Provider 2.8.0

Please suggest if anyone has a workaround other than manually deleting auth-config from the state as it is ruining my ADO pipeline.

[alanszlosek]

This should now be fixed by #64 and #65. Please let us know if you are still having issues.