Provider prduced inconsistent result after apply

[xfirestyle2k]

I try to deploy a Postgres DB via Data Services Manager, it actually does work and the DB will be deployed, however, because of the error I receive, I think Terraform doesn't recognise it correctly and want to delete and recreate the DB after re-appling the terraform script

│ Error: Provider produced inconsistent result after apply │ │ When applying changes to kubernetes_manifest.terra-pg-cluster, provider "provider[\"registry.terraform.io/hashicorp/kubernetes\"]" produced an unexpected new value: │ .object.spec.version: was cty.StringVal("15.7"), but now cty.StringVal("15.7+vmware.v2.1.0-rc.40"). │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker.

Terraform Version, Provider Version and Kubernetes Version

➜ ~ terraform -v Terraform v1.9.2 on darwin_arm64 Kubernetes provider version: kubernetes v2.31.0

Affected Resource(s)

• kubernetes_manifest

Terraform Configuration Files

terraform {
  required_providers {
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = ">= 2.0.0"
    }
  }
}

provider "kubernetes" {
  config_path = "dsm-admin.kubeconfig"
}

resource "kubernetes_manifest" "terra-pg-cluster" {
  manifest = {
    "apiVersion" = "databases.dataservices.vmware.com/v1alpha1"
    "kind" = "PostgresCluster"
    "metadata" = {
      "name" = "terra-pg-cluster"
      "namespace" = "default"
      "annotations" = {
        "dsm.vmware.com/owner" = "admin@vmware.com"
      }
      "labels": {
        "dsm.vmware.com/aria-automation-instance": "Instance"
        "dsm.vmware.com/created-in": "terraform"
        "dsm.vmware.com/aria-automation-project" = "Terraform-Test"
      }
    }
    "spec" = {
      "replicas" = 3
      "version" = "15.7"
      "storageSpace" = "30G"
      "vmClass" = {
        "name" = "small"
      }
      "infrastructurePolicy" = {
        "name" = "terraform-infra-policy"
      }
      "storagePolicyName" = "vSAN Default Storage Policy"
      "backupLocation" = {
        "name" = "local-backup"
      }
      "backupConfig" = {
        "backupRetentionDays" = 7
        "schedules" = [
          {
            "name" = "full-weekly"
            "type" = "full"
            "schedule" = "0 0 * * 0"
          },
          {
            "name" = "incremental-daily"
            "type" = "incremental"
            "schedule" = "0 0 * * *"
          }
        ]
      }
    }
  }

  wait {
    condition {
      type = "Ready"
      status = "True"
    }
  }
  timeouts {
    create = "20m"
    delete = "15m"
  }
}

terraform apply --> Terraform will perform the following actions:

kubernetes_manifest.terra-pg-cluster will be created

• resource "kubernetes_manifest" "terra-pg-cluster" {

  • manifest = {

    • apiVersion = "databases.dataservices.vmware.com/v1alpha1"
    • kind = "PostgresCluster"
    • metadata = {
      • annotations = {
        • "dsm.vmware.com/owner" = "admin@vmware.com" }
      • labels = {
        • "dsm.vmware.com/aria-automation-instance" = "Instance"
        • "dsm.vmware.com/aria-automation-project" = "Terraform-Test"
        • "dsm.vmware.com/created-in" = "terraform" }
      • name = "terra-pg-cluster"
      • namespace = "default" }
    • spec = {
      • backupConfig = {
        • backupRetentionDays = 7
        • schedules = [
          • {
            • name = "full-weekly"
            • schedule = "0 0 0"
            • type = "full" },
          • {
            • name = "incremental-daily"
            • schedule = "0 0 *"
            • type = "incremental" }, ] }
      • backupLocation = {
        • name = "local-backup" }
      • infrastructurePolicy = {
        • name = "terraform-infra-policy" }
      • replicas = 3
      • storagePolicyName = "vSAN Default Storage Policy"
      • storageSpace = "30G"
      • version = "15.7"
      • vmClass = {
        • name = "small" } } }

  • object = {

    • apiVersion = "databases.dataservices.vmware.com/v1alpha1"
    • kind = "PostgresCluster"
    • metadata = {
      • annotations = (known after apply)
      • creationTimestamp = (known after apply)
      • deletionGracePeriodSeconds = (known after apply)
      • deletionTimestamp = (known after apply)
      • finalizers = (known after apply)
      • generateName = (known after apply)
      • generation = (known after apply)
      • labels = (known after apply)
      • managedFields = (known after apply)
      • name = "terra-pg-cluster"
      • namespace = "default"
      • ownerReferences = (known after apply)
      • resourceVersion = (known after apply)
      • selfLink = (known after apply)
      • uid = (known after apply) }
    • spec = {
      • adminPasswordRef = {
        • fieldPath = (known after apply)
        • name = (known after apply)
        • value = (known after apply) }
      • adminUsername = (known after apply)
      • backupConfig = {
        • backupRetentionDays = 7
        • schedules = [
          • {
            • name = "full-weekly"
            • schedule = "0 0 0"
            • type = "full" },
          • {
            • name = "incremental-daily"
            • schedule = "0 0 *"
            • type = "incremental" }, ] }
      • backupLocation = {
        • name = "local-backup" }
      • basedOn = {
        • cluster = {
          • name = (known after apply)
          • timestamp = (known after apply) } }
      • databaseConfig = {
        • name = (known after apply) }
      • databaseName = (known after apply)
      • description = (known after apply)
      • directoryService = {
        • apiVersion = (known after apply)
        • fieldPath = (known after apply)
        • kind = (known after apply)
        • name = (known after apply)
        • namespace = (known after apply)
        • resourceVersion = (known after apply)
        • uid = (known after apply) }
      • dnsNames = (known after apply)
      • infrastructurePolicy = {
        • name = "terraform-infra-policy" }
      • maintenanceWindow = {
        • duration = (known after apply)
        • startDay = (known after apply)
        • startTime = (known after apply) }
      • placementSelector = {
        • cluster = (known after apply)
        • datacenter = (known after apply)
        • resourcePool = (known after apply) }
      • replicas = 3
      • storagePolicyName = "vSAN Default Storage Policy"
      • storageSpace = "30G"
      • tls = {
        • secretName = (known after apply) }
      • version = "15.7"
      • vmClass = {
        • name = "small" } } }

  • timeouts {

    • create = "20m"
    • delete = "15m" }

  • wait {

    • condition {
      • status = "True"
      • type = "Ready" } } }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve.

Enter a value: yes kubernetes_manifest.terra-pg-cluster: Creating... kubernetes_manifest.terra-pg-cluster: Still creating... [10s elapsed] kubernetes_manifest.terra-pg-cluster: Still creating... [20s elapsed] kubernetes_manifest.terra-pg-cluster: Still creating... [30s elapsed] kubernetes_manifest.terra-pg-cluster: Still creating... [40s elapsed] kubernetes_manifest.terra-pg-cluster: Still creating... [50s elapsed] kubernetes_manifest.terra-pg-cluster: Still creating... [1m0s elapsed]

Expected Behavior

What should have happened?

The Postgres Database will be deployed successfully, however I think based on the error Terraform expect the DB as fault and by re-apply the terraform script it wants to destroy the deployed DB and recreate.

Actual Behavior

➜ DSM_User terraform apply kubernetes_manifest.terra-pg-cluster: Refreshing state...

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: -/+ destroy and then create replacement

Terraform will perform the following actions:

kubernetes_manifest.terra-pg-cluster is tainted, so must be replaced

-/+ resource "kubernetes_manifest" "terra-pg-cluster" { ~ object = { ~ metadata = { ~ annotations = {

• "dsm.vmware.com/admin-password-version" = ""
• "dsm.vmware.com/backup-loc-version" = "dsm-system/local-backup/{cred:2125,stloc:2127,trust:2126}"
• "dsm.vmware.com/directory-service-version" = ""
• "dsm.vmware.com/owner" = "admin@vmware.com"
• "dsm.vmware.com/provider-tls-checksum" = "66be4da1117318864c723cb04954c6cc856df8d54208227981b2f5afbcd41b31"
• "dsm.vmware.com/vcenter-credentials-version" = "-8027525795950539031"
• "dsm.vmware.com/vcenter-trusted-root-certificates-version" = "dsm-system/vcenter-ca/84" } -> (known after apply)
  • creationTimestamp = (known after apply)
  • deletionGracePeriodSeconds = (known after apply)
  • deletionTimestamp = (known after apply) ~ finalizers = [
• "databases.dataservices.vmware.com/finalizer", ] -> (known after apply)
  • generateName = (known after apply)
  • generation = (known after apply) ~ labels = {
• "dsm.vmware.com/admin-password-version" = ""
• "dsm.vmware.com/aria-automation-instance" = "Instance"
• "dsm.vmware.com/aria-automation-project" = "Terraform-Test"
• "dsm.vmware.com/backup-loc-ns.name" = "local-backup"
• "dsm.vmware.com/backup-loc-ns.namespace" = "dsm-system"
• "dsm.vmware.com/created-in" = "terraform"
• "dsm.vmware.com/directory-service-name" = ""
• "dsm.vmware.com/directory-service-namespace" = ""
• "dsm.vmware.com/infra-policy" = "terraform-infra-policy"
• "dsm.vmware.com/vm-class" = "small" } -> (known after apply)
  • managedFields = (known after apply) name = "terra-pg-cluster"
  • ownerReferences = (known after apply)
  • resourceVersion = (known after apply)
  • selfLink = (known after apply)
  • uid = (known after apply)

    (1 unchanged attribute hidden)

    }

    ~ spec = { ~ adminPasswordRef = {

• fieldPath = (known after apply)
• name = (known after apply)
• value = (known after apply) }
  • adminUsername = (known after apply) ~ basedOn = { ~ cluster = {
    • name = (known after apply)
    • timestamp = (known after apply) } } ~ databaseConfig = {
• name = (known after apply) }
  • databaseName = (known after apply)
  • description = (known after apply) ~ directoryService = {
• apiVersion = (known after apply)
• fieldPath = (known after apply)
• kind = (known after apply)
• name = (known after apply)
• namespace = (known after apply)
• resourceVersion = (known after apply)
• uid = (known after apply) }
  • dnsNames = (known after apply) ~ maintenanceWindow = {
• duration = (known after apply)
• startDay = (known after apply)
• startTime = (known after apply) } ~ placementSelector = {
• cluster = (known after apply)
• datacenter = (known after apply)
• resourcePool = (known after apply) } ~ tls = {

• secretName = (known after apply) } ~ version = "15.7+vmware.v2.1.0-rc.40" -> "15.7"

  (7 unchanged attributes hidden)

      }
      # (2 unchanged attributes hidden)
  }
  # (1 unchanged attribute hidden)
  
  # (2 unchanged blocks hidden)

  }

Plan: 1 to add, 0 to change, 1 to destroy.

Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve.

Enter a value: yes

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[BBBmau]

│ .object.spec.version: was cty.StringVal("15.7"), but now cty.StringVal("15.7+vmware.v2.1.0-rc.40"). Hi @xfirestyle2k you'll want to refer to our docs regarding computed_fields. This would solve your inconsistent result since the value comes from server side. https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest#computed-fields

Apply this and let us know if this solved your issue. We can close this afterwards.