Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes provider does not detect if cluster is recreated at runtime #545

Closed
TonyLunt opened this issue Jul 10, 2019 · 1 comment
Closed

Kubernetes provider does not detect if cluster is recreated at runtime #545

TonyLunt opened this issue Jul 10, 2019 · 1 comment
Labels
progressive apply upstream-terraform

Comments

@TonyLunt
Copy link

TonyLunt commented Jul 10, 2019
edited

It appears that the Kubernetes provider does not update if the connection info changes at runtime.

As an example, if an AKS cluster is built with the azurerm provider, and a change is made that requires the cluster to be rebuilt, any downstream Kubernetes resources are not recreated.

Terraform Version

0.11.14

Affected Resource(s)

  • all Kubernetes provider resources

Terraform Configuration Files

resource "azurerm_kubernetes_cluster" "test" {
  name                = "foo-aks"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"
  dns_prefix          = "fooaks"

  agent_pool_profile {
    name            = "default"
    count           = 1
    vm_size         = "Standard_DS4_v2"
    os_type         = "Linux"
    os_disk_size_gb = 30
  }

  service_principal {
    client_id     = "${azuread_application.test.application_id}"
    client_secret = "${azuread_service_principal_password.test.value}"
  }
}

provider "kubernetes" {
  host                   = "${azurerm_kubernetes_cluster.test.kube_config.0.host}"
  client_certificate     = "${base64decode(azurerm_kubernetes_cluster.test.kube_config.0.client_certificate)}"
  client_key             = "${base64decode(azurerm_kubernetes_cluster.test.kube_config.0.client_key)}"
  cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.test.kube_config.0.cluster_ca_certificate)}"
}

resource "kubernetes_namespace" "test" {
  metadata {
    name = "test"
  }
}

##PLUMBING STUFF
resource "azurerm_resource_group" "test" {
  name     = "foo-rg"
  location = "East US"
}

resource "azuread_application" "test" {
  name                       = "foo-app"
}

resource "azuread_service_principal" "test" {
  application_id = "${azuread_application.test.application_id}"
}

resource "azuread_service_principal_password" "test" {
  service_principal_id = "${azuread_service_principal.test.id}"
  value                = "${random_string.test.result}"
  end_date             = "2029-01-03T01:02:00Z"
}

resource "random_string" "test" {
  length  = 32
  special = false
}

Debug Output

https://gist.github.com/TonyLunt/f8b8e3288048a7681e3f1081ade785df

Expected Behavior

If the azurerm_kubernetes_cluster.test resource is tainted, or a change is made that requires the cluster to be rebuilt, the downstream Kubernetes resources should also be slated for recreation when a plan is generated.

Actual Behavior

The Kubernetes resources do not get recreated.

Steps to Reproduce

  1. terraform taint azurerm_kubernetes_cluster.test
  2. terraform plan
@paultyng
Copy link
Contributor

paultyng commented Aug 5, 2019

This seems like the upstream progressive apply issue: hashicorp/terraform#4149

You cannot currently (reliably) chain together a provider's config with the output of a resource.

@paultyng paultyng closed this as completed Aug 5, 2019
@ghost ghost locked and limited conversation to collaborators Apr 21, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
progressive apply upstream-terraform
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@paultyng @TonyLunt @iBrandyJackson