search

gavinbunney / terraform-provider-kubectl

Terraform provider to handle raw kubernetes manifest yaml files
https://registry.terraform.io/providers/gavinbunney/kubectl
Mozilla Public License 2.0
609 stars 102 forks source link

ignore_fields not working #280

Open razahuss02 opened 10 months ago

razahuss02 commented 10 months ago

Hello,

I am trying to run an apply on my terraform, but I get an error message surrounded that the worker groups zones are immutable. The zones are the exact same, but the provider is trying to rearrange them for some reason which is causing an error on the apply.

The terraform plan is listed in the dropdown below.

I currently have these ignore_fields listed in my terraform resource:

resource "kubectl_manifest" "cluster" {
  yaml_body = local.yaml_body
  ignore_fields = [
    "metadata",
    "metadata.annotations",
    "metadata.finalizers",
    "metadata.generation",
    "metadata.labels",
    "metadata.managedFields",
    "status",
    "yaml_incluster",
    "spec.provider.workers.0.zones",
    "spec.provider.workers.1.zones"
  ]
  force_conflicts = true
}
terraform plan output
``` Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.cluster.kubectl_manifest.workload_cluster will be updated in-place ~ resource "kubectl_manifest" “workload_cluster” { + force_conflicts = true id = "/apis/" + ignore_fields = [ + "metadata", + "metadata.annotations", + "metadata.finalizers", + "metadata.generation", + "metadata.labels", + "metadata.managedFields", + "status", + "yaml_incluster", + "spec.provider.workers.0.zones", + "spec.provider.workers.1.zones", ] name = “cluster_name” + validate_schema = true + wait_for_rollout = true ~ yaml_body = (sensitive value) ~ yaml_body_parsed = <<-EOT apiVersion: apiVersion kind: Cluster metadata: name: cluster_name namespace: namespace spec: addons: kubernetesDashboard: authenticationMode: token enabled: false nginxIngress: enabled: false externalTrafficPolicy: Cluster cloudProfileName: cloud dns: domain: domain providers: - domains: include: - domain primary: true secretName: secret type: dns extensions: - providerConfig: apiVersion: apiVersion kind: DNSConfig providers: - domains: include: - domain secretName: secret type: dns syncProvidersFromShootSpecDNS: true type: dns-service hibernation: {} kubernetes: allowPrivilegedContainers: true enableStaticTokenKubeconfig: false kubeAPIServer: defaultNotReadyTolerationSeconds: 300 defaultUnreachableTolerationSeconds: 300 enableAnonymousAuthentication: false eventTTL: 1h0m0s logging: verbosity: 2 requests: maxMutatingInflight: 200 maxNonMutatingInflight: 400 kubeControllerManager: nodeCIDRMaskSize: 24 nodeMonitorGracePeriod: 2m0s kubeProxy: enabled: true mode: IPTables kubeScheduler: profile: balanced kubelet: failSwapOn: true imageGCHighThresholdPercent: 50 imageGCLowThresholdPercent: 40 kubeReserved: cpu: 80m memory: 1Gi pid: 20k serializeImagePulls: true version: verticalPodAutoscaler: enabled: true evictAfterOOMThreshold: 10m0s evictionRateBurst: 1 evictionRateLimit: -1 evictionTolerance: 0.5 recommendationMarginFraction: 0.15 recommenderInterval: 1m0s updaterInterval: 1m0s networking: nodes: cidr pods: cidr services: cidr type: type provider: controlPlaneConfig: apiVersion: apiVersion cloudControllerManager: useCustomRouteController: false kind: kind storage: managedDefaultClass: true infrastructureConfig: apiVersion: apiVersion kind: kind networks: vpc: id: vpcid zones: - internal: cidr name: name public: cidr workers: cidr - internal: cidr name: name public: cidr workers: cidr - internal: cidr name: name public: cidr workers: cidr type: type workers: - cri: name: containerruntime machine: architecture: arch image: name: name version: version type: type maxSurge: 1 maxUnavailable: 1 maximum: 1 minimum: 1 name: name systemComponents: allow: true volume: size: size type: type zones: - region-c - region-b - region-a - cri: name: containerruntime machine: architecture: arch image: name: name version: version type: type maxSurge: 1 maxUnavailable: 1 maximum: 1 minimum: 1 name: name systemComponents: allow: true volume: size: size type: type zones: - region-c - - region-a - region-b + - region-a workersSettings: sshAccess: enabled: true purpose: development region: region resources: - name: dns-secret resourceRef: apiVersion: v1 kind: Secret name: name secretBindingName: secret - status: [REDACTED] EOT # (10 unchanged attributes hidden) # (1 unchanged block hidden) } Plan: 0 to add, 1 to change, 0 to destroy. ```