search

Azure / terraform-azurerm-aks

Terraform Module for deploying an AKS cluster
MIT License
343 stars 454 forks source link

Make azapi_update_resource calls optional #560

Closed michaeljguarino closed 2 weeks ago

michaeljguarino commented 2 months ago

Is there an existing issue for this?

Description

The Azure/azapi provider lags the mainline azurerm provider substantially, in particular in supporting workload identity auth. It's not clear that the azapi_update_resource calls are in fact necessary, if they aren't it'd be nice not to have a required dependency on a less well-maintained provider.

New or Affected Resource(s)/Data Source(s)

azapi_update_resource.aks_cluster_post_create

Potential Terraform Configuration

No response

References

No response

zioproto commented 2 months ago

Hello @michaeljguarino ,

the kubernetes_version is ignored in the lifecycle: https://github.com/Azure/terraform-azurerm-aks/blob/02bec58ba53544b5debf9f8942f7cc1ebf3170f7/main.tf#L543-L551

this is necessary to avoid Terraform state drift when using automatic_channel_upgrade: https://github.com/Azure/terraform-azurerm-aks/blob/02bec58ba53544b5debf9f8942f7cc1ebf3170f7/variables.tf#L346-L357

It is still necessary a mechanism to upgrade minor kubernetes versions, for example when using the patch channel. For this reason the azapi_update_resource.aks_cluster_post_create is triggered by a change in var.kubernetes_version.

https://github.com/Azure/terraform-azurerm-aks/blob/02bec58ba53544b5debf9f8942f7cc1ebf3170f7/main.tf#L631-L650

Please we are open for feedback, if you have a better proposal on how to handle AKS upgrade channels without causing Terraform configuration drift please share it with us.

Thanks

zioproto commented 2 months ago

@michaeljguarino I forgot to mention explicitly that the lifecycle ignore_changes block cannot be made optional with a condition.

For this reason we can't make optional the calls to the resource azapi_update_resource. aks_cluster_post_create.

Please let us know if you have additional questions or feedback, otherwise I will close this issue. Thanks

lonegunmanb commented 2 weeks ago

I'm closing this issue since no response from @michaeljguarino , please feel free to reopen it if you have any further questions.