search

gavinbunney / terraform-provider-kubectl

Terraform provider to handle raw kubernetes manifest yaml files
https://registry.terraform.io/providers/gavinbunney/kubectl
Mozilla Public License 2.0
619 stars 105 forks source link

Every resource 'will be updated in-place' #219

Open cpressland opened 2 years ago

cpressland commented 2 years ago

I'm not sure why exactly, but this provider now wants to replace every manifest on every cluster. I tried completely removing these manifests and re-applying from scratch, but no dice, this thing wants to "change" every resource on every terraform plan.

Example change:

  # module.uksouth_tools_aks_flux_tools.kubectl_manifest.sync["/apis/source.toolkit.fluxcd.io/v1beta1/namespaces/flux-system/gitrepositorys/flux-system"] will be updated in-place
  ~ resource "kubectl_manifest" "sync" {
      - api_version             = "source.toolkit.fluxcd.io/v1beta1" -> null
        id                      = "/apis/source.toolkit.fluxcd.io/v1beta1/namespaces/flux-system/gitrepositorys/flux-system"
      - kind                    = "GitRepository" -> null
      - live_manifest_incluster = (sensitive value)
      - live_uid                = "03b15e59-c51e-44d0-a72c-0f16643fdf1b" -> null
      - name                    = "flux-system" -> null
      - namespace               = "flux-system" -> null
      - uid                     = "03b15e59-c51e-44d0-a72c-0f16643fdf1b" -> null
      - yaml_body_parsed        = <<-EOT
            apiVersion: source.toolkit.fluxcd.io/v1beta1
            kind: GitRepository
            metadata:
              name: flux-system
              namespace: flux-system
            spec:
              interval: 1m0s
              ref:
                branch: master
              secretRef:
                name: flux-system
              url: ssh://git@github.com/binkhq/gitops
        EOT -> null
      - yaml_incluster          = (sensitive value)
        # (7 unchanged attributes hidden)
    }

Same resource:

data "kubectl_file_documents" "sync" {
    content = templatefile("${path.module}/manifests/sync.yaml", {
        flux_dir = local.flux_dir
    })
}

resource "kubectl_manifest" "sync" {
    depends_on = [ kubectl_manifest.deploy ]
    for_each = data.kubectl_file_documents.sync.manifests
    yaml_body = each.value
    wait_for_rollout = false
    lifecycle {
        ignore_changes = all
    }
}

I'm not massively familiar with this provider, so I'm not sure what we should change to help this along, we specifically add the lifecycle { ignore_changes = all } to help with some other incorrect diffs we've identified in the past, but I'm not sure why every manifest is now "wrong" 100% of the time.

Environment information:

AKS versions: v1.23.8 and v1.24.6 Terraform info:

$ terraform version
Terraform v1.3.1
on darwin_arm64
+ provider registry.terraform.io/gavinbunney/kubectl v1.14.0
+ provider registry.terraform.io/hashicorp/azurerm v3.24.0
+ provider registry.terraform.io/hashicorp/random v3.4.3
sabotup commented 1 year ago

The issue is present in Terraform v1.3.1. It is corrected in v1.3.2. You can have a look at the changelog:

https://github.com/hashicorp/terraform/blob/v1.3.4/CHANGELOG.md