search

hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.51k stars 4.6k forks source link

Image Cleaner for AKS causes Terraform apply to fail #21271

Closed ashwinphilipgeorge closed 1 year ago

ashwinphilipgeorge commented 1 year ago

Is there an existing issue for this?

Community Note

Terraform Version

1.3.8

AzureRM Provider Version

3.49.0

Affected Resource(s)/Data Source(s)

azurerm_kubernetes_cluster

Terraform Configuration Files

A kubernetes cluster configuration with the fields `image_cleaner_enabled` and `image_cleaner_interval_hours` not specified 

resource "azurerm_kubernetes_cluster" "example" {
  name                = "example-aks1"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  dns_prefix          = "exampleaks1"

  default_node_pool {
    name       = "default"
    node_count = 1
    vm_size    = "Standard_D2_v2"
  }

  identity {
    type = "SystemAssigned"
  }

  tags = {
    Environment = "Production"
  }
}

### Debug Output/Panic Output

```shell
The fields `image_cleaner_enabled` and `image_cleaner_interval_hours` are added t othe configuratio nand forced to use the default values, which fail when used together because `image_cleaner_interval_hours` cannot be set when `image_cleaner_enabled` is set to false

AKS cluster gets stuck in Updating state, Terraform times out

Expected Behaviour

AKS should have not been modified at all, as image_cleaner_enabled is not specified in our configuration.

Actual Behaviour

According to the AzureRM documentation, the fields image_cleaner_enabled and image_cleaner_interval_hours should be optional. However, the terraform plan shows that these two fields are automatically added to the state and will update the AKS instance. The default value for image_cleaner_enabled is false, and the default value of image_cleaner_interval_hours is 48. However if you look at the Azure documentation , and try it out via CLI, the API wont allow you to specify the image_cleaner_interval_hours field if the image_cleaner_enabled is set to false. This causes a panic in AKS and hence fails to update the AKS instance.

Screenshot 2023-04-04 at 12 58 00 PM

Steps to Reproduce

terraform apply

Important Factoids

No response

References

No response

stephybun commented 1 year ago

Thanks for opening this issue @ashwinphilipgeorge.

The Azure CLI could be performing additional validation or steps when enabling and configuring features on the cluster. So it is not entirely representative of how the AKS API works. In addition the provider does not try to mimic the behaviour of the Azure CLI.

I'm also unable reproduce any panic or state drift given the information and configuration provided above, is there any additional information you could provide? As of now it appears this is working as it should.

stephybun commented 1 year ago

Closing since we haven't heard back.

kapoorakansha commented 1 year ago

Hi @stephybun I am facing the similar issue with terraform version 1.4.6 and azurerm version 3.54.0 where terraform shows it will add image_cleaner_enabled and image_cleaner_interval_hours but ideally it should not add.

Please help!!

github-actions[bot] commented 3 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.