Forced recreating node_pool at any plan

[g0blin79]

Once a simple zonal cluster with a node_pool is correctly created, if I run again a terraform apply without any changes, terraform want to destroy and recreate cluster and node_pool.

This is my configuration:

module "kubernetes-cluster" {
  source  = "terraform-google-modules/kubernetes-engine/google"
  version = "0.4.0"
  project_id         = "${var.project_id}"
  name               = "internal-cluster"
  regional           = false
  region             = "${var.region}"
  zones              = ["${var.zone}"]
  network            = "${var.network_name}"
  subnetwork         = "${var.network_name}-subnet-01"
  ip_range_pods      = "${var.network_name}-pod-secondary-range"
  ip_range_services  = "${var.network_name}-services-secondary-range"
  kubernetes_version = "${var.kubernetes_version}"
  node_version       = "${var.kubernetes_version}"
  remove_default_node_pool = true

  providers = {
    google = "google-beta"
  }

  node_pools = [
    {
      name            = "forge-pool"
      machine_type    = "n1-standard-2"
      min_count       = 1
      max_count       = 3
      disk_size_gb    = 100
      disk_type       = "pd-standard"
      image_type      = "COS"
      auto_repair     = true
      auto_upgrade    = false
      service_account = "gke-monitoring@${var.project_id}.iam.gserviceaccount.com"
    },
  ]

  node_pools_labels = {
    all = {}

    forge-pool = {
      scope = "forge"
    }
  }

  node_pools_taints = {
    all = []

    forge-pool = []
  }

  node_pools_tags = {
    all = []

    forge-pool = []
  }
}

As you probably note (presence of remove_default_node_pool in cluster config) I applied patch at #15 and, after that the problem is a little bit mitigated and terraform want to destroy and recreate only the node_pool. This is the output of a terraform plan

Terraform will perform the following actions:

-/+ module.kubernetes-cluster.google_container_node_pool.zonal_pools (new resource required)
      id:                                              "europe-west3-b/internal-cluster/forge-pool" => <computed> (forces new resource)
      autoscaling.#:                                   "1" => "1"
      autoscaling.0.max_node_count:                    "3" => "3"
      autoscaling.0.min_node_count:                    "1" => "1"
      cluster:                                         "internal-cluster" => "internal-cluster"
      initial_node_count:                              "1" => "1"
      instance_group_urls.#:                           "1" => <computed>
      management.#:                                    "1" => "1"
      management.0.auto_repair:                        "true" => "true"
      management.0.auto_upgrade:                       "false" => "false"
      max_pods_per_node:                               "110" => <computed>
      name:                                            "forge-pool" => "forge-pool"
      name_prefix:                                     "" => <computed>
      node_config.#:                                   "1" => "1"
      node_config.0.disk_size_gb:                      "100" => "100"
      node_config.0.disk_type:                         "pd-standard" => "pd-standard"
      node_config.0.guest_accelerator.#:               "0" => <computed>
      node_config.0.image_type:                        "COS" => "COS"
      node_config.0.labels.%:                          "3" => "3"
      node_config.0.labels.cluster_name:               "internal-cluster" => "internal-cluster"
      node_config.0.labels.node_pool:                  "forge-pool" => "forge-pool"
      node_config.0.labels.scope:                      "forge" => "forge"
      node_config.0.local_ssd_count:                   "0" => <computed>
      node_config.0.machine_type:                      "n1-standard-2" => "n1-standard-2"
      node_config.0.metadata.%:                        "1" => "0" (forces new resource)
      node_config.0.metadata.disable-legacy-endpoints: "true" => "" (forces new resource)
      node_config.0.oauth_scopes.#:                    "1" => "1"
      node_config.0.oauth_scopes.1733087937:           "https://www.googleapis.com/auth/cloud-platform" => "https://www.googleapis.com/auth/cloud-platform"
      node_config.0.preemptible:                       "false" => "false"
      node_config.0.service_account:                   "gke-monitoring@xxx-infrastructure.iam.gserviceaccount.com" => "gke-monitoring@xxx-infrastructure.iam.gserviceaccount.com"
      node_config.0.tags.#:                            "2" => "2"
      node_config.0.tags.0:                            "gke-internal-cluster" => "gke-internal-cluster"
      node_config.0.tags.1:                            "gke-internal-cluster-forge-pool" => "gke-internal-cluster-forge-pool"
      node_count:                                      "1" => <computed>
      project:                                         "xxx-infrastructure" => "xxx-infrastructure"
      version:                                         "1.12.5-gke.5" => "1.12.5-gke.5"
      zone:                                            "europe-west3-b" => "europe-west3-b"


Plan: 1 to add, 0 to change, 1 to destroy.

Is this could be related to this hashicorp/terraform-provider-google#2115?

Any help will be appreciated.

[morgante]

This looks like it's caused by #114. Could you try the latest master version and confirm if you're still seeing the issue?

[g0blin79]

Tryed to use master version but I have another error (see: #27 (comment)).
Waiting

[zioproto]

I do have the same problem. I think 8be6a89 introduced a regression.

This is the relevant part of my Terraform plan:

-/+ module.gke.google_container_node_pool.pools (new resource required)
      id:                                                     "europe-west4/sproto/default-node-pool" => <computed> (forces new resource)
      autoscaling.#:                                          "1" => "1"
      autoscaling.0.max_node_count:                           "100" => "100"
      autoscaling.0.min_node_count:                           "1" => "1"
      cluster:                                                "sproto" => "sproto"
      initial_node_count:                                     "1" => "1"
      instance_group_urls.#:                                  "3" => <computed>
      location:                                               "europe-west4" => <computed>
      management.#:                                           "1" => "1"
      management.0.auto_repair:                               "true" => "true"
      management.0.auto_upgrade:                              "true" => "true"
      max_pods_per_node:                                      "110" => <computed>
      name:                                                   "default-node-pool" => "default-node-pool"
      name_prefix:                                            "" => <computed>
      node_config.#:                                          "1" => "1"
      node_config.0.disk_size_gb:                             "100" => "100"
      node_config.0.disk_type:                                "pd-standard" => "pd-standard"
      node_config.0.guest_accelerator.#:                      "0" => "1" (forces new resource)
      node_config.0.guest_accelerator.0.count:                "" => "0" (forces new resource)

[zioproto]

I confirm that using tag v2.1.0 where that commit is not present, I cant reproduce the issue.

[zioproto]

@alexkonkin please check the above comments. Looks like #157 introduced a regression.
thank you

[morgante]

I'm guessing this is an upstream provider issue, I have opened a provider bug: hashicorp/terraform-provider-google#3786

[g0blin79]

Resolved for me with these providers:

provider "google" {
  credentials = "${file("/path/to/credentials.json")}"
  project = "${var.project_id}"
  region = "${var.region}"
  zone = "${var.zone}"
  version = "~> 2.7"
}

provider "google-beta" {
  credentials = "${file("/path/to/credentials.json")}"
  project = "${var.project_id}"
  region = "${var.region}"
  zone = "${var.zone}"
  version = "~> 2.7"
}

in 2.1.0 version of this module.

[morgante]

@g0blin79 Can you confirm that master is currently working for you as well?

[g0blin79]

Yes it does. I created a zonal cluster two weeks ago with that providers versions and with the 2.1.0 version of this module and it is working.

[morgante]

Excellent, thank you.