Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update replace kubeconfig token logic #1158

Merged
merged 1 commit into from Jun 30, 2023
Merged

Update replace kubeconfig token logic #1158

merged 1 commit into from Jun 30, 2023

Conversation

a-blender
Copy link
Contributor

@a-blender a-blender commented Jun 22, 2023
edited

Issue: #841

Problem

When using TF output or data resources that changes after the apply, all subsequent runs of terraform plan creates a new kubeconfig API token until terraform apply is run again to get the output and data changes. This was seen on both Rancher 2.6.9 and 2.6.10.

Solution

After investigation, the root cause of this issue is likely that Terraform downloads / generates a kubeconfig on every run of a terraform plan or apply. TF replaces the kubeconfig token every time instead of using the token from the cached kubeconfig, which is causing the over generation of API tokens.

My solution is to update the getClusterKubeconfig logic explained here to use the API token from the cached kubeconfig (if it exists) instead of always replacing it.

Testing

Engineering Testing

Manual Testing

@jakefhyde I was unable to reproduce this behavior again on 2.6.10 using the customer's lab setup, but was also not seeing the token over generation when testing on my fork.

Test plan

  • Verify new API tokens are not created on a terraform plan after the first terraform apply on latest rancher v2.6 with local fix
  • Verify same behavior on latest rancher v2.7 (rainbow)

Automated Testing

QA Testing Considerations

Regressions Considerations

@a-blender a-blender added this to the v2.7.5 - Terraform milestone Jun 22, 2023
@a-blender a-blender force-pushed the fix-kubeconfig-token-logic branch 3 times, most recently from f1a8805 to afa878c Compare June 23, 2023 20:34
@a-blender a-blender marked this pull request as ready for review June 27, 2023 17:48
@a-blender a-blender requested review from jakefhyde, a team and bfbachmann June 27, 2023 17:48
bfbachmann
bfbachmann approved these changes Jun 28, 2023
View reviewed changes
rancher2/resource_rancher2_cluster.go Outdated Show resolved Hide resolved
jakefhyde
jakefhyde requested changes Jun 29, 2023
View reviewed changes
rancher2/resource_rancher2_cluster.go Outdated Show resolved Hide resolved
@snasovich snasovich removed this from the v2.7.5 - Terraform milestone Jun 30, 2023
jakefhyde
jakefhyde requested changes Jun 30, 2023
View reviewed changes
rancher2/resource_rancher2_cluster.go Outdated Show resolved Hide resolved
@a-blender a-blender requested a review from jakefhyde June 30, 2023 20:53
@a-blender a-blender merged commit 81f30cd into rancher:master Jun 30, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bfbachmann bfbachmann bfbachmann approved these changes

@jakefhyde jakefhyde jakefhyde approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@a-blender @bfbachmann @jakefhyde @snasovich