Open Migueljfs opened 2 years ago
alexsomesan
commented
2 years ago Hi @Migueljfs ! Thanks for reporting this. It looks very strange that this would happen. Can you share the cluster version that you were applying this to? (and any other details about the environment)
Migueljfs
commented
2 years ago Hi @alexsomesan
This is on a GKE cluster version 1.22.10-gke.600
Migueljfs
commented
2 years ago Any news on this? @alexsomesan
mar-rih
commented
1 year ago Hi Any update here, I got the same issue upon trying to upgrade our EKS cluster from 1.22 to 1.23 using Terraform v1.3.6, we encountered an error stating no matches for kind "ServiceAccount" in version "v1".
This error arises when trying to re-apply a ServiceAccount annotation resource using the kubernetes_annotations resource. The same Terraform configuration works fine on EKS 1.22 but throws the aforementioned error on EKS 1.23.
resource "kubernetes_annotations" "ebs-csi-sa" {
api_version = "v1"
kind = "ServiceAccount"
metadata {
name = "ebs-csi-controller-sa"
namespace = "kube-system"
}
annotations = {
"eks.amazonaws.com/role-arn" = module.ebs-csi-irsa[0].iam_role_arn
}
}│ Error: no matches for kind "ServiceAccount" in version "v1"
│ with kubernetes_annotations.ebs-csi-sa[0],
│ on main.tf line 192, in resource "kubernetes_annotations" "ebs-csi-sa":
│ 192: resource "kubernetes_annotations" "ebs-csi-sa" {Can you please help us understand what's causing this and suggest possible solutions?
Environment:
Terraform Version: v1.3.6 kubectl 1.23.17 EKS Version: v1.23 (issue), v1.22 (works fine) terraform providers:
dhaval512
commented
1 year ago @alexsomesan
mar-rih
commented
1 year ago Hi, any response ?
thi-baut
commented
1 year ago Same issue when trying to annotate an existing ServiceAccount through kubernetes_annotations, The resource "my-resource" does not exist - On a ROSA Cluster.
Terraform v1.5.7
on linux_amd64
+ provider registry.terraform.io/hashicorp/aws v5.15.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.23.0
+ provider registry.terraform.io/hashicorp/time v0.9.1Edit: tried on both v1.5.6 and v1.5.7 Edit 2: my issue was that I didn't specify the namespace name. After adding in the metadata block it worked :)
shiraBaranetz
commented
7 months ago Maybe its the same issue? trying to annotate an existing ServiceAccount through kubernetes_service_account But the annotation isnt recognized.
amreshh
commented
6 months ago Issue still exists
Environment:
Terraform Version: v1.7.2 kubectl 1.29.3 EKS Version: v1.28 terraform providers: hashicorp/kubernetes v2.27.0
In my case I am create a namespace first and annotating the default service account. In the namespace creation I set the option wait_for_default_service_account = true, but it seems that this doesn't have any effect since the service account doesn't get annotated.
Right now I run terraform apply twice, first for the resources and second time for the annotation.
resource "kubernetes_namespace_v1" "flux" {
metadata {
name = "flux-system"
}
wait_for_default_service_account = true
lifecycle {
ignore_changes = [
metadata[0].labels,
]
}
}
resource "kubernetes_annotations" "default_service_account" {
api_version = "v1"
kind = "ServiceAccount"
metadata {
name = "default"
namespace = "flux-system"
}
annotations = {
"eks.amazonaws.com/role-arn" = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/eks_flux"
}
depends_on = [
kubernetes_namespace_v1.flux
]
}
Hello,
Trying to annotate an existing kubernetes service account but it gives an error saying there's no match for kind "ServiceAccount" for API "v1". But it's this exact combination in any k8s service account manifest...
Terraform Version, Provider Version and Kubernetes Version
Affected Resource(s)
Terraform Configuration Files
Debug Output
https://gist.github.com/Migueljfs/04c040b76a9ac6a7d3566e8530dfb467
Panic Output
Steps to Reproduce
terraform apply-->Expected Behavior
My default SA in the default namespace should have been annotated
Actual Behavior
Terraform does not apply the file and exits with an error
Community Note