Closed td4b closed 1 year ago
I have a simple patch
data "kustomization_overlay" "kust_vault" {
resources = [
"kustomize/"
]
patches {
target {
kind = "ServiceAccount"
name = "vault"
namespace = "vault"
annotation_selector = "eks.amazonaws.com/role-arn"
}
patch = <<-EOF
- op: add
path: "/metadata/annotations"
value:
eks.amazonaws.com/role-arn: "${module.iam_assumable_role_vault.iam_role_arn}"
EOF
}
}
that cant be applied via:
resource "kustomization_resource" "vault_kst_resource" {
for_each = data.kustomization_overlay.kust_vault.ids
manifest = data.kustomization_overlay.kust_vault.manifests[each.value]
}
I managed to get by this issue by applying the data resource first and then trying to apply the kustomization resource, however now I get another error:
github.com/kbst/terraform-provider-kustomize/kustomize.kustomizationResourceDiff: "policy/PodDisruptionBudget/vault/vault": api error: no matches for kind "PodDisruptionBudget" in version "policy/v1beta1"
looks like I need to downgrade my cluster to support this, FYI its not great that you have to manually apply the data resource before using the customize resource properly, as well as that depends_on for whatever reason is not respected in the kustomize resource in cases where an overlay is used..
Data sources that depend on known after apply values are pushed into the apply phase, for_each
doesn't work with that. This is common to Terraform and not specific to this provider. It's just that using this provider almost always also uses for_each
. But it doesn't have to. If you know the resources and they're not changing frequently, you can do without for_each
on the ids and instead have one kustomization_resource hardcoded for each resource in the kustomization. Like you would with any other provider. It's just a pita if you consume upstream YAML.
I cant currently apply my overlay properly, seems like something chaged between the provider versions.
This makes no sense since this is a data resource defined with HCL it should have no dependecy here.