Open kamilporwitaccenture opened 2 years ago
Hey @kamilporwitaccenture š It looks the error you're seeing is coming from the AWS API response, rather than the regex validation that Terraform does. I did notice something a bit odd in the error:
"Invalid value: : field must consist of alphanumeric characters
Specifically, I would expect there to be a value after value:
and before : field
. So that we can get a better look, is it possible to provide debug logs as well (redacted as needed)?
I'd be remiss if I didn't mention that the id
attribute of data.aws_eks_cluster
will be the same as the name
, so you could switch to using data.aws_eks_cluster.io-ocean-cluster.name
, or even passing var.eks_cluster_name
directly (since that's what you're interpolating for the data source). I presume you may have a reason for wanting to use the id
, but figured I'd mention it, in case it helps at all!
Hi @justinretzolk yeah, forgot to add debug (I will edit the issue and at it there as well): https://gist.github.com/kamilporwitaccenture/ebf73fc90a31b413ac8067657e63cadc
At first we tried with var.eks_cluster_name
but that did not work and returned the same error as above that's why we switched to data (the name should not be malformed there).
Hi @justinretzolk Any update on this issue?
One more thing. In the debug I also found such response from API:
2022-05-25T12:01:23.041Z [DEBUG] provider.terraform-provider-aws_v4.15.1_x5: [aws-sdk-go] {
"clusterName" : "IoCluster",
"nodegroupName" : "testnodegroup",
"fargateProfileName" : null,
"addonName" : null,
"message" : "Invalid value: : field must consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]')"
}: timestamp=2022-05-25T12:01:23.041Z
Which may point out that addonName
is empty. Unfortunately I cannot find anything in the documentation (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group) about that variable.
If it is really the culprit here could You add that in the documentation?
Hey @kamilporwitaccenture š I took another look at this now that we have the debug logs and I'm beginning to wonder if the issue is what you have defined for the aws_eks_node_group.eks_managed_node_group_worker.taint.value
argument. Based on the Node taints on managed node groups AWS document:
The value is optional and must begin with a letter or number. It can contain letters, numbers, hyphens (-),periods (.), and underscores (_). It can be up to 63 characters long.
Do you experience the same behavior if you pass null
here, rather than ""
(an empty string)? Apologies; I'd generally just try to run this test myself, but wanted to get back to you quicker than it would have taken me to spin all of the surrounding resources up.
I had a cluster up and running this evening so gave @justinretzolk 's idea a shot. It doesn't matter if ""
is passed in as the taint value or not, TF strips that out of the map (see https://gist.github.com/kamilporwitaccenture/ebf73fc90a31b413ac8067657e63cadc#file-out-L883-L885). In addition, if I do give the taint value an invalid string, I get the following back, which is close, but doesn't exactly match the original report:
Message_: "invalid taint spec: , a qualified name must consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]')",
I was, however, able to reproduce the error by adding the labels that show up in that debug output, specifically, it's the last label that causes the issue:
labels = {
"APP" = "SNAKEMAKE"
"GITLAB" = "K8S-WORKER"
"KIAM" = "AGENT"
"k8s.amazonaws.com/eniConfig" = ""
}
Error: error updating EKS Node Group (example:example) config: InvalidParameterException: Invalid value: : field must consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]')
ā {
ā RespMetadata: {
ā StatusCode: 400,
ā RequestID: "f7776fc9-d2f1-4435-8036-bb178a279909"
ā },
ā ClusterName: "example",
ā Message_: "Invalid value: : field must consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]')",
ā NodegroupName: "example"
ā }
@kamilporwitaccenture - you might need to go back to AWS support to see how you're expected to set up custom networking for EKS using the API. It would appear that it doesn't let you set Annotations at all, and it doesn't let you set a label with the name of the default label that the CNI is configured to use. The docs state that you can override that default label name by getting the node to set an environment variable, so that might be a way out.
Not sure if helpful but... I had my aws_eks_node_groups working in my environments and suddenly it stopped and started firing the same error as the OP. Due to the error message which prints
labels = {
userid = "1"
serverid = "1"
size = "" <<<<<<<<<< HERE
environment = "dev"
}
This is not unexpected as I have seen this problem before with tags in other resources. Apparently AWS does accept empty tags or label values so I wouldn't be surprised if it doesn't accept your taint.value=""
So I fixed the bug and set my label to the proper value size="10" and all worked ok.
So my suggestion. change your code to: value = lookup(var.eks_worker_node_group_taints[0], "value", "undefined")
Due to the error message which prints clustername:groupname I spent a long time thinking it was a problem with the node group provider and and how it was passing an id with a colon which failed the regex, until I realised there was a bug in my code and one of the labels was being set as empty like:
I have the same problem and cannot set the label value to empty, which should not be a problem since Kubernetes allows empty label values. I am not sure if this problem is due to a problem with EKS Node Group itself or with this terraform provider.
Community Note
Terraform CLI and Terraform AWS Provider Version
Terraform version: 1.2.1 AWS Provider Version : ~> 4.15.1"
Affected Resource(s)
Terraform Configuration Files
Cluster (IoCluster) and all resources required for node group creation (VPC, subnets, role, security_group) already exists and all needed arns/ids are provided either through data resources or as fixed arns/ids.
node_group.tf
data.tf
variables.tf
Debug Output
https://gist.github.com/kamilporwitaccenture/ebf73fc90a31b413ac8067657e63cadc
Expected Behavior
Node group should be created and attached to the cluster provided in the data resources.
Actual Behavior
Error appears:
which (we think) points out that cluster_name (IoCluster) is not valid as it does not lies within given regex (which is not true). If it points out to other variables it would be good that the error would point out exact variable which is missing.
Steps to Reproduce
terraform apply --auto-approve
.