Applying CRD and chart on same TF

moreiramarti commented 1 year ago

Terraform, Provider, Kubernetes and Helm Versions

Terraform version: 1.3.2
Provider version: 2.7.1
Kubernetes version: 1.21

Affected Resource(s)

helm_release

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

Debug Output

NOTE: In addition to Terraform debugging, please set HELM_DEBUG=1 to enable debugging info from helm.

Error: unable to build kubernetes objects from release manifest: resource mapping not found for name: "ingress-nginx-controller" namespace: "" from "": no matches for kind "ServiceMonitor" in version "monitoring.coreos.com/v1"
ensure CRDs are installed first

with module.eks_services.helm_release.ingress_nginx,
on .terraform/modules/eks_services/ingress-nginx.tf line 1, in resource "helm_release" "ingress_nginx":
  1: resource "helm_release" "ingress_nginx" {

Panic Output

Steps to Reproduce

terraform apply

Expected Behavior

This behavior seems expected since v2.7.0 (PR)

Is it possible to have on option to disable manifest rendering during plan ?

Actual Behavior

Important Factoids

References

GH-1234

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

anapsix commented 1 year ago

Seeing the same error while installing cert-manager and aws-load-balancer-controller in the same TF module and same run, with aws-load-balancer-controller having depends_on = [ helm_release.cert-manager ].

# Versions testes

- K8s v1.22 (EKS)
- Terraform 1.3.2 and 1.3.3
- Helm provider 2.7.0 and 2.7.1

│
│ Error: unable to build kubernetes objects from release manifest: [resource mapping not found for name: "aws-load-balancer-serving-cert" namespace: "kube-system" from "": no matches for kind "Certificate" in version "cert-manager.io/v1alpha2"
│ ensure CRDs are installed first, resource mapping not found for name: "aws-load-balancer-selfsigned-issuer" namespace: "kube-system" from "": no matches for kind "Issuer" in version "cert-manager.io/v1alpha2"
│ ensure CRDs are installed first, unable to recognize no matches for kind "IngressClassParams" in version "elbv2.k8s.aws/v1beta1"]
│ 
│   with module.k8s.helm_release.aws-load-balancer-controller,
│   on ../../../modules/core/k8s/aws-load-balancer-controller.tf line 1, in resource "helm_release" "aws-load-balancer-controller":
│    1: resource "helm_release" "aws-load-balancer-controller" {
│

Downgrading to 2.6.0 resolves the issue.

terraform {
  required_providers {
    helm = {
      source  = "hashicorp/helm"
      version = "~> 2.6.0"
    }
}

wadexu007 commented 1 year ago

Same issue here, I need terraform apply -target to apply CRDs Resource first, then apply the remaining resources.

suggest to remove CRDs check in provider >= 2.7.0.

mamoit commented 1 year ago

@BBBmau I see you added the upstream-terraform label. Is this an upstream issue of terraform itself? If so, how should it be resolved correctly.

If not, can't there just be a flag in this provider to disable the render during the plan like @moreiramarti suggested? Or is it too much of a workaround?

dhirschfeld commented 1 year ago

I'm unable to deploy Traefik with the latest version of this provider. helm install installs the Traefik Helm Chart with no problems but this provider now complains that the CRDs aren't available before installing the Helm Chart... which installs the CRDs 😞

Can we please get an escape hatch to disable this behaviour?

jrhouston commented 1 year ago

Hi @moreiramarti the provider should only try and render a manifest at plan time if you have manifest = true in the experiments block in the provider config. As a workaround you can set it to false when you are doing the first install, then set it to true when you want to see the rendered manifest.

Perhaps there is a case for having two toggles for manifest rendering, one for create time and one for update.

moreiramarti commented 1 year ago

Hi @jrhouston

Indeed, I had this option activated. Switching to false solve my issue but having 2 toggles is a great idea IMO.

Thank you for your feedback

github-actions[bot] commented 8 months ago

Marking this issue as stale due to inactivity. If this issue receives no comments in the next 30 days it will automatically be closed. If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. This helps our maintainers find and focus on the active issues. Maintainers may also remove the stale label at their discretion. Thank you!

dhirschfeld commented 8 months ago

ugh, a stale bot.

alex-english-elvt commented 4 weeks ago

Also having this issue with external-secrets-operator

hashicorp / terraform-provider-helm