Open moreiramarti opened 1 year ago
Seeing the same error while installing cert-manager
and aws-load-balancer-controller
in the same TF module and same run, with aws-load-balancer-controller
having depends_on = [ helm_release.cert-manager ]
.
# Versions testes
- K8s v1.22 (EKS)
- Terraform 1.3.2 and 1.3.3
- Helm provider 2.7.0 and 2.7.1
β
β Error: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "aws-load-balancer-serving-cert" namespace: "kube-system" from "": no matches for kind "Certificate" in version "cert-manager.io/v1alpha2"
β ensure CRDs are installed first, resource mapping not found for name: "aws-load-balancer-selfsigned-issuer" namespace: "kube-system" from "": no matches for kind "Issuer" in version "cert-manager.io/v1alpha2"
β ensure CRDs are installed first, unable to recognize no matches for kind "IngressClassParams" in version "elbv2.k8s.aws/v1beta1"]
β
β with module.k8s.helm_release.aws-load-balancer-controller,
β on ../../../modules/core/k8s/aws-load-balancer-controller.tf line 1, in resource "helm_release" "aws-load-balancer-controller":
β 1: resource "helm_release" "aws-load-balancer-controller" {
β
Downgrading to 2.6.0
resolves the issue.
terraform {
required_providers {
helm = {
source = "hashicorp/helm"
version = "~> 2.6.0"
}
}
Same issue here, I need terraform apply -target
to apply CRDs Resource
first, then apply the remaining resources.
suggest to remove CRDs check in provider >= 2.7.0.
@BBBmau I see you added the upstream-terraform
label.
Is this an upstream issue of terraform itself?
If so, how should it be resolved correctly.
If not, can't there just be a flag in this provider to disable the render during the plan like @moreiramarti suggested? Or is it too much of a workaround?
I'm unable to deploy Traefik with the latest version of this provider. helm install
installs the Traefik Helm Chart with no problems but this provider now complains that the CRDs aren't available before installing the Helm Chart... which installs the CRDs π
Can we please get an escape hatch to disable this behaviour?
Hi @moreiramarti the provider should only try and render a manifest at plan time if you have manifest = true
in the experiments
block in the provider config. As a workaround you can set it to false
when you are doing the first install, then set it to true
when you want to see the rendered manifest.
Perhaps there is a case for having two toggles for manifest
rendering, one for create time and one for update.
Hi @jrhouston
Indeed, I had this option activated. Switching to false solve my issue but having 2 toggles is a great idea IMO.
Thank you for your feedback
Marking this issue as stale due to inactivity. If this issue receives no comments in the next 30 days it will automatically be closed. If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. This helps our maintainers find and focus on the active issues. Maintainers may also remove the stale label at their discretion. Thank you!
ugh, a stale bot.
Also having this issue with external-secrets-operator
Terraform, Provider, Kubernetes and Helm Versions
Affected Resource(s)
Terraform Configuration Files
Debug Output
NOTE: In addition to Terraform debugging, please set HELM_DEBUG=1 to enable debugging info from helm.
Panic Output
Steps to Reproduce
terraform apply
Expected Behavior
This behavior seems expected since v2.7.0 (PR)
Is it possible to have on option to disable manifest rendering during plan ?
Actual Behavior
Important Factoids
References
Community Note