Expired vk8s credentials are not updated in module.volterra

[s-archer]

Terraform is not aware that the vk8s credentials have expired, so volterra_api_credential.cred and local_file.kubeconfig are not updated. Results in the following error:

│ Error: failed to create kubernetes rest client for read of resource: Get "https://tenant.console.ves.volterra.io/api/vk8s/namespaces/demo-app/demo-app-vk8s/api?timeout=32s": remote error: tls: expired certificate │ │ with module.kubectl.kubectl_manifest.documents[6], │ on modules/kubectl/main.tf line 28, in resource "kubectl_manifest" "documents": │ 28: resource "kubectl_manifest" "documents" {

Thanks

[kreynoldsf5]

@s-archer,

Here's a quick hack to get you unstuck if you're ever in a position where the kubeconfig is expired.

terraform state rm module.volterra.volterra_api_credential.vk8s_cred module.volterra.local_file.kubeconfig && \
terraform apply -var-file="some.tfvars"

The idea is remove the cred and the kubeconfig file from state and then apply again. This should recreate the cred and localfile, and then apply any other (manifest) changes.

I'm going to suggest that expiry be returned as a property of the cred and then maybe we could do something about it in the TF run (or use the 'kubernetes' providers exec capabilities?). In the meantime I've extended the cred expiry to 89 days to make sure we've all forgotten about this when it comes up again in ~3 months.