Creating new cluster in same project deletes old Load Balancer

[schlichtanders]

Description

This just destroyed my cluster :cry:

I wanted to create a new cluster next to my previous one, but apparently the old load balancer got deleted (or renamed) ?

I have no clue how this can happen... I hope for quick help to get a fix as soon as possible. And prevent something like this for others.

EDIT: I just realized that the public IP of the load balancer stayed the same - hence somehow the old one got renamed (instead of creating an additional new one)

Kube.tf file

locals {
  # You have the choice of setting your Hetzner API token here or define the TF_VAR_hcloud_token env
  # within your shell, such as such: export TF_VAR_hcloud_token=xxxxxxxxxxx
  # If you choose to define it in the shell, this can be left as is.

  # Your Hetzner token can be found in your Project > Security > API Token (Read & Write is required).
  hcloud_token = "xxxxxxxxxxx"
}

module "kube-hetzner" {
  providers = {
    hcloud = hcloud
  }
  hcloud_token = var.hcloud_token != "" ? var.hcloud_token : local.hcloud_token

  # Then fill or edit the below values. Only the first values starting with a * are obligatory; the rest can remain with their default values, or you
  # could adapt them to your needs.

  # * For local dev, path to the git repo
  # source = "../../kube-hetzner/"
  # If you want to use the latest master branch
  # source = "github.com/kube-hetzner/terraform-hcloud-kube-hetzner"
  # For normal use, this is the path to the terraform registry
  source = "kube-hetzner/kube-hetzner/hcloud"

  ###################
  # FIXING VERSIONS #
  ###################

  # You can optionally specify a version number
  version = "2.2.0"

  # If you want to use a specific Hetzner CCM and CSI version, set them below; otherwise, leave them as-is for the latest versions.
  # https://github.com/hetznercloud/hcloud-cloud-controller-manager
  hetzner_ccm_version = "v1.15.0"
  # https://github.com/hetznercloud/csi-driver
  hetzner_csi_version = "v2.3.2"

  # If you want to specify the Kured version, set it below - otherwise it'll use the latest version available.
  # https://github.com/kubereboot/kured
  kured_version = "1.13.1"

  # Allows you to specify either stable, latest, testing or supported minor versions.
  # see https://rancher.com/docs/k3s/latest/en/upgrades/basic/ and https://update.k3s.io/v1-release/channels
  # ⚠️ If you are going to use Rancher addons for instance, it's always a good idea to fix the kube version to latest - 0.01,
  # ⚠️ Rancher currently only supports v1.25 and earlier versions: https://github.com/rancher/rancher/issues/41113
  # The default is "v1.26".
  initial_k3s_channel = "v1.26"

  # You can choose the version of Calico that you want. By default, the latest is used.
  # More info on available versions can be found at https://github.com/projectcalico/calico/releases
  # Please note that if you are getting 403s from Github, it's also useful to set the version manually. However there is rarely a need for that!
  calico_version = "v3.26.0"

  #######################
  # END FIXING VERSIONS #
  #######################

  # Note that some values, notably "location" and "public_key" have no effect after initializing the cluster.
  # This is to keep Terraform from re-provisioning all nodes at once, which would lose data. If you want to update
  # those, you should instead change the value here and manually re-provision each node. Grep for "lifecycle".

  # Customize the SSH port (by default 22)
  # ssh_port = 2222

  # * Your ssh public key
  ssh_public_key = file("~/.ssh/hetzner_id_ed25519.pub")
  # * Your private key must be "ssh_private_key = null" when you want to use ssh-agent for a Yubikey-like device authentification or an SSH key-pair with a passphrase.
  # For more details on SSH see https://github.com/kube-hetzner/kube-hetzner/blob/master/docs/ssh.md
  ssh_private_key = file("~/.ssh/hetzner_id_ed25519")
  # You can add additional SSH public Keys to grant other team members root access to your cluster nodes.
  # ssh_additional_public_keys = []

  # You can also add additional SSH public Keys which are saved in the hetzner cloud by a label.
  # See https://docs.hetzner.cloud/#label-selector
  # ssh_hcloud_key_label = "role=admin"

  # If you want to use an ssh key that is already registered within hetzner cloud, you can pass its id.
  # If no id is passed, a new ssh key will be registered within hetzner cloud.
  # It is important that exactly this key is passed via `ssh_public_key` & `ssh_private_key` vars.
  # hcloud_ssh_key_id = ""

  # These can be customized, or left with the default values
  # * For Hetzner locations see https://docs.hetzner.com/general/others/data-centers-and-connection/
  network_region = "eu-central" # change to `us-east` if location is ash

  # If you must change the network CIDR you can do so below, but it is highly advised against.
  # network_ipv4_cidr = "10.0.0.0/8"

  # If you must change the cluster CIDR you can do so below, but it is highly advised against.
  # Cluster CIDR must be a part of the network CIDR!
  # cluster_ipv4_cidr = "10.42.0.0/16"

  # For the control planes, at least three nodes are the minimum for HA. Otherwise, you need to turn off the automatic upgrades (see README).
  # **It must always be an ODD number, never even!** Search the internet for "splitbrain problem with etcd" or see https://rancher.com/docs/k3s/latest/en/installation/ha-embedded/
  # For instance, one is ok (non-HA), two is not ok, and three is ok (becomes HA). It does not matter if they are in the same nodepool or not! So they can be in different locations and of various types.

  # Of course, you can choose any number of nodepools you want, with the location you want. The only constraint on the location is that you need to stay in the same network region, Europe, or the US.
  # For the server type, the minimum instance supported is cpx11 (just a few cents more than cx11); see https://www.hetzner.com/cloud.

  # IMPORTANT: Before you create your cluster, you can do anything you want with the nodepools, but you need at least one of each, control plane and agent.
  # Once the cluster is up and running, you can change nodepool count and even set it to 0 (in the case of the first control-plane nodepool, the minimum is 1).
  # You can also rename it (if the count is 0), but do not remove a nodepool from the list.

  # The only nodepools that are safe to remove from the list are at the end. That is due to how subnets and IPs get allocated (FILO).
  # You can, however, freely add other nodepools at the end of each list if you want. The maximum number of nodepools you can create combined for both lists is 255.
  # Also, before decreasing the count of any nodepools to 0, it's essential to drain and cordon the nodes in question. Otherwise, it will leave your cluster in a bad state.

  # Before initializing the cluster, you can change all parameters and add or remove any nodepools. You need at least one nodepool of each kind, control plane, and agent.
  # The nodepool names are entirely arbitrary, you can choose whatever you want, but no special characters or underscore, and they must be unique; only alphanumeric characters and dashes are allowed.

  # If you want to have a single node cluster, have one control plane nodepools with a count of 1, and one agent nodepool with a count of 0.

  # Please note that changing labels and taints after the first run will have no effect. If needed, you can do that through Kubernetes directly.

  # ⚠️ When choosing ARM cax* server types, for the moment they are only available in fsn1.
  # Muli-architecture clusters are OK for most use cases, as container underlying images tend to be multi-architecture too.

  # * Example below:

  control_plane_nodepools = [
    {
      name        = "control-plane-fsn1",
      server_type = "cax11",
      location    = "fsn1",
      labels      = [
        # no longer needed, but may be interesting when using klipper as the load balancer
        # as this seems to be the final option which counts
        # taken from https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/issues/447#issuecomment-1350597300
        # "node.kubernetes.io/exclude-from-external-load-balancers=true",
      ],
      taints      = [],
      count       = 1

      # Enable automatic backups via Hetzner (default: false)
      # backups = true
    },
  ]

  agent_nodepools = [
    # Arm based nodes, currently available only in FSN location
    {
      name        = "agent-arm-largest",
      server_type = "cax41",
      location    = "fsn1",
      labels      = [],
      taints      = [],
      count       = 1,
    }
  ]
  # Add custom control plane configuration options here.
  # E.g to enable monitoring for etcd, proxy etc:
  # control_planes_custom_config = {
  #  etcd-expose-metrics = true,
  #  kube-controller-manager-arg = "bind-address=0.0.0.0",
  #  kube-proxy-arg ="metrics-bind-address=0.0.0.0",
  #  kube-scheduler-arg = "bind-address=0.0.0.0",
  # }

  # You can enable encrypted wireguard for the CNI by setting this to "true". Default is "false".
  # FYI, Hetzner says "Traffic between cloud servers inside a Network is private and isolated, but not automatically encrypted."
  # Source: https://docs.hetzner.com/cloud/networks/faq/#is-traffic-inside-hetzner-cloud-networks-encrypted
  # It works with all CNIs that we support.
  # Just note, that if Cilium with cilium_values, the responsability of enabling of disabling Wireguard falls on you.
  enable_wireguard = true

  # * LB location and type, the latter will depend on how much load you want it to handle, see https://www.hetzner.com/cloud/load-balancer
  load_balancer_type     = "lb11"
  load_balancer_location = "fsn1"

  ### The following values are entirely optional (and can be removed from this if unused)

  # You can refine a base domain name to be use in this form of nodename.base_domain for setting the reserve dns inside Hetzner
  base_domain = "cloud.jolin.io"

  # Cluster Autoscaler
  # Providing at least one map for the array enables the cluster autoscaler feature, default is disabled
  # By default we set a compatible version with the default initial_k3s_channel, to set another one,
  # have a look at the tag value in https://github.com/kubernetes/autoscaler/blob/master/charts/cluster-autoscaler/values.yaml
  # ⚠️ Based on how the autoscaler works with this project, you can only choose either x86 instances or ARM server types for ALL autocaler nodepools.
  # Also, as mentioned above, for the time being ARM cax* instances are only available in fsn1.
  # If you are curious, it's ok to have a multi-architecture cluster, as most underlying container images are multi-architecture too.
  # * Example below:
  autoscaler_nodepools = [
    {
      name        = "autoscaled-arm-largest"
      server_type = "cax41"
      location    = "fsn1"
      min_nodes   = 0  # somehow a first autoscaler node is spawned even if `min_nodes = 0`, for updates see https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/issues/756
      max_nodes   = 4
    }
  ]

  # Enable etcd snapshot backups to S3 storage.
  # Just provide a map with the needed settings (according to your S3 storage provider) and backups to S3 will
  # be enabled (with the default settings for etcd snapshots).
  # Cloudflare's R2 offers 10GB, 10 million reads and 1 million writes per month for free.
  # For proper context, have a look at https://docs.k3s.io/backup-restore.
  etcd_s3_backup = {
    etcd-s3-endpoint   = var.etcd_s3_endpoint
    etcd-s3-access-key = var.etcd_s3_access_key
    etcd-s3-secret-key = var.etcd_s3_secret_key
    etcd-s3-bucket     = var.etcd_s3_bucket
  }

  # To enable Hetzner Storage Box support, you can enable csi-driver-smb, default is "false".
  # enable_csi_driver_smb = true

  # To use local storage on the nodes, you can enable Longhorn, default is "false".
  # See a full recap on how to configure agent nodepools for longhorn here https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/discussions/373#discussioncomment-3983159
  # Also see Longhorn best practices here https://gist.github.com/ifeulner/d311b2868f6c00e649f33a72166c2e5b
  # enable_longhorn = true

  # By default, longhorn is pulled from https://charts.longhorn.io.
  # If you need a version of longhorn which assures compatibility with rancher you can set this variable to https://charts.rancher.io.
  # longhorn_repository = "https://charts.rancher.io"

  # The namespace for longhorn deployment, default is "longhorn-system".
  # longhorn_namespace = "longhorn-system"

  # The file system type for Longhorn, if enabled (ext4 is the default, otherwise you can choose xfs).
  # longhorn_fstype = "xfs"

  # how many replica volumes should longhorn create (default is 3).
  # longhorn_replica_count = 1

  # When you enable Longhorn, you can go with the default settings and just modify the above two variables OR you can add a longhorn_values variable
  # with all needed helm values, see towards the end of the file in the advanced section.
  # If that file is present, the system will use it during the deploy, if not it will use the default values with the two variable above that can be customized.
  # After the cluster is deployed, you can always use HelmChartConfig definition to tweak the configuration.

  # Also, you can choose to use a Hetzner volume with Longhorn. By default, it will use the nodes own storage space, but if you add an attribute of
  # longhorn_volume_size (⚠️ not a variable, just a possible agent nodepool attribute) with a value between 10 and 10000 GB to your agent nodepool definition, it will create and use the volume in question.
  # See the agent nodepool section for an example of how to do that.

  # To disable Hetzner CSI storage, you can set the following to "true", default is "false".
  # disable_hetzner_csi = true

  # If you want to use a specific Hetzner CCM and CSI version, set them below; otherwise, leave them as-is for the latest versions.
  # https://github.com/hetznercloud/hcloud-cloud-controller-manager
  # hetzner_ccm_version = "v1.15.0"
  # https://github.com/hetznercloud/csi-driver
  # hetzner_csi_version = "v2.3.2"

  # If you want to specify the Kured version, set it below - otherwise it'll use the latest version available.
  # https://github.com/kubereboot/kured
  # kured_version = "1.13.1"

  # If you want to enable the Nginx ingress controller (https://kubernetes.github.io/ingress-nginx/) instead of Traefik, you can set this to "nginx". Default is "traefik".
  # By the default we load optimal Traefik and Nginx ingress controller config for Hetzner, however you may need to tweak it to your needs, so to do,
  # we allow you to add a traefik_values and nginx_values, see towards the end of this file in the advanced section.
  # After the cluster is deployed, you can always use HelmChartConfig definition to tweak the configuration.
  # If you want to disable both controllers set this to "none"
  # ingress_controller = "nginx"

  # You can change the number of replicas for selected ingress controller here. The default 0 means autoselecting based on number of agent nodes (1 node = 1 replica, 2 nodes = 2 replicas, 3+ nodes = 3 replicas)
  # ingress_replica_count = 1

  # Use the klipperLB (similar to metalLB), instead of the default Hetzner one, that has an advantage of dropping the cost of the setup.
  # Automatically "true" in the case of single node cluster (as it does not make sense to use the Hetzner LB in that situation).
  # It can work with any ingress controller that you choose to deploy.
  # Please note that because the klipperLB points to all nodes, we automatically allow scheduling on the control plane when it is active.
  # enable_klipper_metal_lb = "true"

  # If you want to configure additional arguments for traefik, enter them here as a list and in the form of traefik CLI arguments; see https://doc.traefik.io/traefik/reference/static-configuration/cli/
  # They are the options that go into the additionalArguments section of the Traefik helm values file.
  # Example: traefik_additional_options = ["--log.level=DEBUG", "--tracing=true"]
  # traefik_additional_options = []

  # By default traefik is configured to redirect http traffic to https, you can set this to "false" to disable the redirection.
  # traefik_redirect_to_https = false

  # If you want to disable the metric server set this to "false". Default is "true".
  # enable_metrics_server = false

  # If you want to allow non-control-plane workloads to run on the control-plane nodes, set this to "true". The default is "false".
  # True by default for single node clusters, and when enable_klipper_metal_lb is true. In those cases, the value below will be ignored.
  # allow_scheduling_on_control_plane = true

  # If you want to disable the automatic upgrade of k3s, you can set below to "false".
  # Ideally, keep it on, to always have the latest Kubernetes version, but lock the initial_k3s_channel to a kube major version,
  # of your choice, like v1.25 or v1.26. That way you get the best of both worlds without the breaking changes risk.
  # For production use, always use an HA setup with at least 3 control-plane nodes and 2 agents, and keep this on for maximum security.

  # The default is "true" (in HA setup i.e. at least 3 control plane nodes & 2 agents, just keep it enabled since it works flawlessly).
  # automatically_upgrade_k3s = false

  # The default is "true" (in HA setup it works wonderfully well, with automatic roll-back to the previous snapshot in case of an issue).
  # IMPORTANT! For non-HA clusters i.e. when the number of control-plane nodes is < 3, you have to turn it off.
  automatically_upgrade_os = false

  # If you need more control over kured and the reboot behaviour, you can pass additional options to kured.
  # For example limiting reboots to certain timeframes. For all options see: https://kured.dev/docs/configuration/
  # The default options are: `--reboot-command=/usr/bin/systemctl reboot --pre-reboot-node-labels=kured=rebooting --post-reboot-node-labels=kured=done --period=5m`
  # Defaults can be overridden by using the same key.
  # kured_options = {
  #   "reboot-days": "su"
  #   "start-time": "3am"
  #   "end-time": "8am"
  #   "time-zone": "Local"
  # }

  # Allows you to specify either stable, latest, testing or supported minor versions.
  # see https://rancher.com/docs/k3s/latest/en/upgrades/basic/ and https://update.k3s.io/v1-release/channels
  # ⚠️ If you are going to use Rancher addons for instance, it's always a good idea to fix the kube version to latest - 0.01,
  # ⚠️ Rancher currently only supports v1.25 and earlier versions: https://github.com/rancher/rancher/issues/41113
  # The default is "v1.26".
  # initial_k3s_channel = "stable"

  # The cluster name, by default "k3s"
  cluster_name = "jolin"

  # Whether to use the cluster name in the node name, in the form of {cluster_name}-{nodepool_name}, the default is "true".
  # use_cluster_name_in_node_name = false

  # Extra k3s registries. This is useful if you have private registries and you want to pull images without additional secrets.
  # Or if you want to proxy registries for various reasons like rate-limiting.
  # It will create the registries.yaml file, more info here https://docs.k3s.io/installation/private-registry.
  # Note that you do not need to get this right from the first time, you can update it when you want during the life of your cluster.
  # The default is blank.
  /* k3s_registries = <<-EOT
    mirrors:
      hub.my_registry.com:
        endpoint:
          - "hub.my_registry.com"
    configs:
      hub.my_registry.com:
        auth:
          username: username
          password: password
  EOT */

  # Additional environment variables for the host OS on which k3s runs. See for example https://docs.k3s.io/advanced#configuring-an-http-proxy .
  # additional_k3s_environment = {
  #   "CONTAINERD_HTTP_PROXY" : "http://your.proxy:port",
  #   "CONTAINERD_HTTPS_PROXY" : "http://your.proxy:port",
  #   "NO_PROXY" : "127.0.0.0/8,10.0.0.0/8,",
  # }

  # Additional commands to execute on the host OS before the k3s install, for example fetching and installing certs.
  # preinstall_exec = [
  #   "curl https://somewhere.over.the.rainbow/ca.crt > /root/ca.crt",
  #   "trust anchor --store /root/ca.crt",
  # ]
  preinstall_exec = [
    # This is adding node-taints to the config
    # it is safest to do it here, because node-taints may have already been added, and setting --node-taint attribute to k3s agent args will clean out all the other node-taints
    # we check whether the csi-node-driver can be loaded
    # if we get 403 response, this means that we got a bad IP
    # adapted from https://stackoverflow.com/questions/53526188/can-i-have-curl-print-just-the-response-code
    "echo 'I am here' > /tmp/iamhere"
    ,
    # <<-EOF
    # [ -f /etc/rancher/k3s/config.yaml ] && \
    # [ "403" == $(curl -IL --silent --write-out "%%{http_code}\n" -o /dev/null https://registry.k8s.io/v2/sig-storage/csi-node-driver-registrar/manifests/v2.7.0) ] && \
    # sed -i -e 's/^"node-taint": \[]/"node-taint":/' -e 's/^"node-taint":/"node-taint":\n- jolin=badip:NoSchedule/' /etc/rancher/k3s/config.yaml
    # EOF
    # ,

    # we can simply add a second config to be aggregated
    # see https://docs.k3s.io/installation/configuration
    # node that `%%{` is the escaped version of a literal `%{`
    <<-EOF
    mkdir -p /etc/rancher/k3s/config.yaml.d && \
    [ "403" == $(curl -IL --silent --write-out "%%{http_code}\n" -o /dev/null https://registry.k8s.io/v2/sig-storage/csi-node-driver-registrar/manifests/v2.7.0) ] && \
    cat > /etc/rancher/k3s/config.yaml.d/jolin.yaml <<END
    node-taint+:
    - jolin=badip:NoSchedule
    END
    EOF
    ,
  ]

  # Additional flags to pass to the k3s server command (the control plane).
  # k3s_exec_server_args = "--kube-apiserver-arg enable-admission-plugins=PodTolerationRestriction,PodNodeSelector"
  # we need to repeat the default kubelet-arg as CLI arguments take precendence. See https://docs.k3s.io/installation/configuration#configuration-file
  # default kubelet_arg = ["cloud-provider=external", "volume-plugin-dir=/var/lib/kubelet/volumeplugins"]

  # If you want to allow all outbound traffic you can set this to "false". Default is "true".
  # restrict_outbound_traffic = false

  # Adding extra firewall rules, like opening a port
  # More info on the format here https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall
  extra_firewall_rules = [
    # {
    #   description = "For Postgres"
    #   direction       = "in"
    #   protocol        = "tcp"
    #   port            = "5432"
    #   source_ips      = ["0.0.0.0/0", "::/0"]
    #   destination_ips = [] # Won't be used for this rule
    # },
    # {
    #   description = "To Allow ArgoCD (or ssh-keyscan) access to resources via SSH"
    #   direction       = "out"
    #   protocol        = "tcp"
    #   port            = "22"
    #   source_ips      = [] # Won't be used for this rule
    #   destination_ips = ["0.0.0.0/0", "::/0"]
    # }
    {
      description = "Allow any outward access. To Allow ArgoCD (or ssh-keyscan) access to resources via SSH, access to Databases via special ports, etc."
      direction       = "out"
      protocol        = "tcp"
      port            = "any"
      source_ips      = [] # Won't be used for this rule
      destination_ips = ["0.0.0.0/0", "::/0"]
    }
  ]

  # If you want to configure a different CNI for k3s, use this flag
  # possible values: flannel (Default), calico, and cilium
  # As for Cilium, we allow infinite configurations via helm values, please check the CNI section of the readme over at https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/#cni.
  # Also, see the cilium_values at towards the end of this file, in the advanced section.
  # cni_plugin = "cilium"

  # You can choose the version of Calico that you want. By default, the latest is used.
  # More info on available versions can be found at https://github.com/projectcalico/calico/releases
  # Please note that if you are getting 403s from Github, it's also useful to set the version manually. However there is rarely a need for that!
  # calico_version = "v3.25.0"

  # If you want to disable the k3s default network policy controller, use this flag!
  # Both Calico and Ciliun cni_plugin values override this value to true automatically, the default is "false".
  # disable_network_policy = true

  # If you want to disable the automatic use of placement group "spread". See https://docs.hetzner.com/cloud/placement-groups/overview/
  # We advise to not touch that setting, unless you have a specific purpose.
  # The default is "false", meaning it's enabled by default.
  # placement_group_disable = true

  # By default, we allow ICMP ping in to the nodes, to check for liveness for instance. If you do not want to allow that, you can. Just set this flag to true (false by default).
  # block_icmp_ping_in = true

  # You can enable cert-manager (installed by Helm behind the scenes) with the following flag, the default is "true".
  # enable_cert_manager = false

  # IP Addresses to use for the DNS Servers, set to an empty list to use the ones provided by Hetzner, defaults to ["1.1.1.1", "8.8.8.8", "9.9.9.9"].
  # The number of different DNS servers is limited to 3 by Kubernetes itself.
  # dns_servers = []

  # When this is enabled, rather than the first node, all external traffic will be routed via a control-plane loadbalancer, allowing for high availability.
  # The default is false.
  # see https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/discussions/302
  use_control_plane_lb = false

  # Let's say you are not using the control plane LB solution above, and still want to have one hostname point to all your control-plane nodes.
  # You could create multiple A records of to let's say cp.cluster.my.org pointing to all of your control-plane nodes ips.
  # In which case, you need to define that hostname in the k3s TLS-SANs config to allow connection through it. It can be hostnames or IP addresses.
  # additional_tls_sans = ["cp.cluster.my.org"]

  # Oftentimes, you need to communicate to the cluster from inside the cluster itself, in which case it is important to set this value, as it will configure the hostname
  # at the load balancer level, and will save you from many slows downs when initiating communications from inside. Later on, you can point your DNS to the IP given
  # to the LB. And if you have other services pointing to it, you are also free to create CNAMES to point to it, or whatever you see fit.
  # If set, it will apply to either ingress controllers, Traefik or Ingress-Nginx.
  lb_hostname = "cloud.jolin.io"

  # You can enable Rancher (installed by Helm behind the scenes) with the following flag, the default is "false".
  # ⚠️ Rancher currently only supports Kubernetes v1.25 and earlier, you will need to set initial_k3s_channel to a supported version: https://github.com/rancher/rancher/issues/41113
  # When Rancher is enabled, it automatically installs cert-manager too, and it uses rancher's own self-signed certificates.
  # See for options https://rancher.com/docs/rancher/v2.0-v2.4/en/installation/resources/advanced/helm2/helm-rancher/#choose-your-ssl-configuration
  # The easiest thing is to leave everything as is (using the default rancher self-signed certificate) and put Cloudflare in front of it.
  # As for the number of replicas, by default it is set to the numbe of control plane nodes.
  # You can customized all of the above by adding a rancher_values variable see at the end of this file in the advanced section.
  # After the cluster is deployed, you can always use HelmChartConfig definition to tweak the configuration.
  # IMPORTANT: Rancher's install is quite memory intensive, you will require at least 4GB if RAM, meaning cx21 server type (for your control plane).
  # ALSO, in order for Rancher to successfully deploy, you have to set the "rancher_hostname".
  # enable_rancher = true

  # If using Rancher you can set the Rancher hostname, it must be unique hostname even if you do not use it.
  # If not pointing the DNS, you can just port-forward locally via kubectl to get access to the dashboard.
  # If you already set the lb_hostname above and are using a Hetzner LB, you do not need to set this one, as it will be used by default.
  # But if you set this one explicitly, it will have preference over the lb_hostname in rancher settings.
  # rancher_hostname = "rancher.xyz.dev"

  # When Rancher is deployed, by default is uses the "latest" channel. But this can be customized.
  # The allowed values are "stable" or "latest".
  # rancher_install_channel = "stable"

  # Finally, you can specify a bootstrap-password for your rancher instance. Minimum 48 characters long!
  # If you leave empty, one will be generated for you.
  # (Can be used by another rancher2 provider to continue setup of rancher outside this module.)
  # rancher_bootstrap_password = ""

  # Separate from the above Rancher config (only use one or the other). You can import this cluster directly on an
  # an already active Rancher install. By clicking "import cluster" choosing "generic", giving it a name and pasting
  # the cluster registration url below. However, you can also ignore that and apply the url via kubectl as instructed
  # by Rancher in the wizard, and that would register your cluster too.
  # More information about the registration can be found here https://rancher.com/docs/rancher/v2.6/en/cluster-provisioning/registered-clusters/
  # rancher_registration_manifest_url = "https://rancher.xyz.dev/v3/import/xxxxxxxxxxxxxxxxxxYYYYYYYYYYYYYYYYYYYzzzzzzzzzzzzzzzzzzzzz.yaml"

  # Extra values that will be passed to the `extra-manifests/kustomization.yaml.tpl` if its present.
  # extra_kustomize_parameters={}

  # It is best practice to turn this off, but for backwards compatibility it is set to "true" by default.
  # See https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/issues/349
  # When "false". The kubeconfig file can instead be created by executing: "terraform output --raw kubeconfig > cluster_kubeconfig.yaml"
  # Always be careful to not commit this file!
  # create_kubeconfig = false

  # Don't create the kustomize backup. This can be helpful for automation.
  # create_kustomization = false

  ### ADVANCED - Custom helm values for packages above (search _values if you want to located where those are mentioned upper in this file)
  # ⚠️ Inside the _values variable below are examples, up to you to find out the best helm values possible, we do not provide support for customized helm values.
  # Please understand that the indentation is very important, inside the EOTs, as those are proper yaml helm values.
  # We advise you to use the default values, and only change them if you know what you are doing!

  # Cilium, all Cilium helm values can be found at https://github.com/cilium/cilium/blob/master/install/kubernetes/cilium/values.yaml
  # The following is an example, please note that the current indentation inside the EOT is important.
  /*   cilium_values = <<EOT
ipam:
  mode: kubernetes
devices: "eth1"
k8s:
  requireIPv4PodCIDR: true
kubeProxyReplacement: strict
l7Proxy: false
encryption:
  enabled: true
  type: wireguard
  EOT */

  # Cert manager, all cert-manager helm values can be found at https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/values.yaml
  # The following is an example, please note that the current indentation inside the EOT is important.
  /*   cert_manager_values = <<EOT
installCRDs: true
replicaCount: 3
webhook:
  replicaCount: 3
cainjector:
  replicaCount: 3
  EOT */

  # csi-driver-smb, all csi-driver-smb helm values can be found at https://github.com/kubernetes-csi/csi-driver-smb/blob/master/charts/latest/csi-driver-smb/values.yaml
  # The following is an example, please note that the current indentation inside the EOT is important.
  /*   csi_driver_smb_values = <<EOT
controller:
  name: csi-smb-controller
  replicas: 1
  runOnMaster: false
  runOnControlPlane: false
  resources:
    csiProvisioner:
      limits:
        memory: 300Mi
      requests:
        cpu: 10m
        memory: 20Mi
    livenessProbe:
      limits:
        memory: 100Mi
      requests:
        cpu: 10m
        memory: 20Mi
    smb:
      limits:
        memory: 200Mi
      requests:
        cpu: 10m
        memory: 20Mi
  EOT */

  # Longhorn, all Longhorn helm values can be found at https://github.com/longhorn/longhorn/blob/master/chart/values.yaml
  # The following is an example, please note that the current indentation inside the EOT is important.
  /*   longhorn_values = <<EOT
defaultSettings:
  defaultDataPath: /var/longhorn
persistence:
  defaultFsType: ext4
  defaultClassReplicaCount: 3
  defaultClass: true
  EOT */

  # Traefik, all Traefik helm values can be found at https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml
  # The following is an example, please note that the current indentation inside the EOT is important.
  /*   traefik_values = <<EOT
deployment:
  replicas: 1
globalArguments: []
service:
  enabled: true
  type: LoadBalancer
  annotations:
    "load-balancer.hetzner.cloud/name": "k3s"
    "load-balancer.hetzner.cloud/use-private-ip": "true"
    "load-balancer.hetzner.cloud/disable-private-ingress": "true"
    "load-balancer.hetzner.cloud/location": "nbg1"
    "load-balancer.hetzner.cloud/type": "lb11"
    "load-balancer.hetzner.cloud/uses-proxyprotocol": "true"

ports:
  web:
    redirectTo: websecure

    proxyProtocol:
      trustedIPs:
        - 127.0.0.1/32
        - 10.0.0.0/8
    forwardedHeaders:
      trustedIPs:
        - 127.0.0.1/32
        - 10.0.0.0/8
  websecure:
    proxyProtocol:
      trustedIPs:
        - 127.0.0.1/32
        - 10.0.0.0/8
    forwardedHeaders:
      trustedIPs:
        - 127.0.0.1/32
        - 10.0.0.0/8
  EOT */

  # Nginx, all Nginx helm values can be found at https://github.com/kubernetes/ingress-nginx/blob/main/charts/ingress-nginx/values.yaml
  # You can also have a look at https://kubernetes.github.io/ingress-nginx/, to understand how it works, and all the options at your disposal.
  # The following is an example, please note that the current indentation inside the EOT is important.
  /*   nginx_values = <<EOT
controller:
  watchIngressWithoutClass: "true"
  kind: "DaemonSet"
  config:
    "use-forwarded-headers": "true"
    "compute-full-forwarded-for": "true"
    "use-proxy-protocol": "true"
  service:
    annotations:
      "load-balancer.hetzner.cloud/name": "k3s"
      "load-balancer.hetzner.cloud/use-private-ip": "true"
      "load-balancer.hetzner.cloud/disable-private-ingress": "true"
      "load-balancer.hetzner.cloud/location": "nbg1"
      "load-balancer.hetzner.cloud/type": "lb11"
      "load-balancer.hetzner.cloud/uses-proxyprotocol": "true"
  EOT */

  # Rancher, all Rancher helm values can be found at https://rancher.com/docs/rancher/v2.5/en/installation/install-rancher-on-k8s/chart-options/
  # The following is an example, please note that the current indentation inside the EOT is important.
  /*   rancher_values = <<EOT
ingress:
  tls:
    source: "rancher"
hostname: "rancher.example.com"
replicas: 1
bootstrapPassword: "supermario"
  EOT */

}

provider "hcloud" {
  token = var.hcloud_token != "" ? var.hcloud_token : local.hcloud_token
}

terraform {
  required_version = ">= 1.3.3"
  required_providers {
    hcloud = {
      source  = "hetznercloud/hcloud"
      version = ">= 1.38.2"
    }
  }
}

output "kubeconfig" {
  value     = module.kube-hetzner.kubeconfig
  sensitive = true
}

variable "cluster_name" {
  default   = ""
}

variable "hcloud_token" {
  sensitive = true
  default   = ""
}

variable "etcd_s3_endpoint" {
  sensitive = true
  default   = ""
}

variable "etcd_s3_bucket" {
  sensitive = true
  default   = ""
}

variable "etcd_s3_access_key" {
  sensitive = true
  default   = ""
}

variable "etcd_s3_secret_key" {
  sensitive = true
  default   = ""
}

Screenshots

No response

Platform

Linux

[schlichtanders]

further investigation brought me to this terraform documentation where it is mentioned, that the id field is unique, but not the name.

however the id is not set at all in kube-hetzner

data "hcloud_load_balancer" "cluster" {
  count = local.has_external_load_balancer ? 0 : 1
  name  = var.cluster_name

  depends_on = [null_resource.kustomization]
}

Also this is a data definition, while the alternative control plane load_balancer is a resource definition. Maybe this interacts as well

[schlichtanders]

Reading the documentation for the resource "hcloud_load_balancer" https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/load_balancer it is clear that the real issue is not the id (it is not needed for the resource definition), but really the use of the data definition.

Why is the default load_balancer a data definition? This has the described disadvantage, but this disadvantage was not known and it had other advantages which is why it was done this way.

@mysticaltech you last edited this definition. Do you know why you have chosen this to be a data definition?

[mysticaltech]

@schlichtanders Basically, this LB has nothing to do with terraform, it's deployed via the CCM on the request of the ingress controller. That's one of the reason we need the cleanupkh script, same for the new instances sprung up by the autoscaler, both do not originate from terraform. Via terraform we just read the deployed LB to ensure that everything is fine at the end of the deployment.

[mysticaltech]

And we do set the cluster name as the lb name, so there would be an issue only if you did not change your cluster name for your new cluster!

https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/blob/8c16a08d0ec1a4a01b22586531c5a42c0dc2f14c/locals.tf#L451

[schlichtanders]

And we do set the cluster name as the lb name, so there would be an issue only if you did not change your cluster name for your new cluster!

https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/blob/8c16a08d0ec1a4a01b22586531c5a42c0dc2f14c/locals.tf#L451

I changed the cluster_name and my previously named loadbalancer jolin got renamed to the new cluster-name jolin-20230903t120301z, please re-add the bug label.

EDIT: So if I understand your confidence correctly, it seems like my renaming was due to some other mistake somewhere. Still super weird as it got renamed from the old cluster_name to the new cluster_name. This should not be possible if I understand what you are saying... I will test tomorrow again

[schlichtanders]

I was able to test it again today (took quite some time).

and apparently I misunderstood how terraform works. It seems I've been running into terraform newbie issue:

• executing terraform apply with different settings from the same folder does not create a second deployment, but changes the existing deployment. This is how also the load-balancer probably got changed.

[schlichtanders]

running into completely different issues now.. e.g. #963

closing this as caused by confusion

[schlichtanders]

it actually got renamed.

I am now using terraform workspaces nicely, and have everything twice, but the load balancer. It got renamed...

[mysticaltech]

@schlichtanders I believe you, but please show me some hcloud cli outputs, or screenshots of the ui, or anything. Because not sure we can do a lot about this, we set the name as shown above, so unless the cluster name changes, it shouldn't be renamed. And everything is managed by the ingress controller and ccm automatically, so maybe there is a bug upstream. Need more info!

[schlichtanders]

here the logs which did the overwrite

``` Initializing the backend... Upgrading modules... Downloading git::https://github.com/schlichtanders/terraform-hcloud-kube-hetzner.git?ref=restore_advanced for kube-hetzner... - kube-hetzner in .terraform/modules/kube-hetzner - kube-hetzner.agents in .terraform/modules/kube-hetzner/modules/host - kube-hetzner.control_planes in .terraform/modules/kube-hetzner/modules/host Initializing provider plugins... - Finding latest version of hashicorp/random... - Finding latest version of hashicorp/cloudinit... - Finding hetznercloud/hcloud versions matching ">= 1.38.2, >= 1.41.0"... - Finding tenstad/remote versions matching ">= 0.0.23"... - Finding integrations/github versions matching ">= 4.0.0"... - Finding hashicorp/local versions matching ">= 2.0.0"... - Finding latest version of hashicorp/null... - Using previously-installed tenstad/remote v0.1.2 - Using previously-installed integrations/github v5.34.0 - Using previously-installed hashicorp/local v2.4.0 - Using previously-installed hashicorp/null v3.2.1 - Using previously-installed hashicorp/random v3.5.1 - Using previously-installed hashicorp/cloudinit v2.3.2 - Using previously-installed hetznercloud/hcloud v1.42.1 Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. module.kube-hetzner.data.hcloud_servers.autoscaled_nodes["autoscaled-arm-largest"]: Reading... module.kube-hetzner.data.hcloud_image.microos_x86_snapshot: Reading... module.kube-hetzner.data.hcloud_image.microos_arm_snapshot: Reading... module.kube-hetzner.data.hcloud_image.microos_arm_snapshot: Read complete after 0s module.kube-hetzner.data.hcloud_image.microos_x86_snapshot: Read complete after 0s module.kube-hetzner.data.cloudinit_config.autoscaler-config[0]: Reading... module.kube-hetzner.data.cloudinit_config.autoscaler-config[0]: Read complete after 0s [id=1146440377] module.kube-hetzner.data.hcloud_servers.autoscaled_nodes["autoscaled-arm-largest"]: Read complete after 0s [id=da39a3ee5e6b4b0d3255bfef95601890afd80709] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create <= read (data resources) Terraform will perform the following actions: # module.kube-hetzner.data.hcloud_load_balancer.cluster[0] will be read during apply # (depends on a resource or a module with changes pending) <= data "hcloud_load_balancer" "cluster" { + algorithm = (known after apply) + delete_protection = (known after apply) + id = (known after apply) + ipv4 = (known after apply) + ipv6 = (known after apply) + labels = (known after apply) + load_balancer_type = (known after apply) + location = (known after apply) + name = "jolin-20230906t105955z" + network_id = (known after apply) + network_ip = (known after apply) + network_zone = (known after apply) + service = (known after apply) + target = (known after apply) } # module.kube-hetzner.data.remote_file.kubeconfig will be read during apply # (config refers to values not yet known) <= data "remote_file" "kubeconfig" { + content = (known after apply) + group = (known after apply) + group_name = (known after apply) + id = (known after apply) + owner = (known after apply) + owner_name = (known after apply) + path = "/etc/rancher/k3s/k3s.yaml" + permissions = (known after apply) + conn { + agent = (sensitive value) + host = (known after apply) + port = 22 + private_key = (sensitive value) + user = "root" } } # module.kube-hetzner.hcloud_firewall.k3s will be created + resource "hcloud_firewall" "k3s" { + id = (known after apply) + labels = { + "cluster" = "jolin-20230906t105955z" + "engine" = "k3s" + "provisioner" = "terraform" } + name = "jolin-20230906t105955z" + rule { + description = "Allow Incoming ICMP Ping Requests" + destination_ips = [] + direction = "in" + protocol = "icmp" + source_ips = [ + "0.0.0.0/0", + "::/0", ] } + rule { + description = "Allow Incoming Requests to Kube API Server" + destination_ips = [] + direction = "in" + port = "6443" + protocol = "tcp" + source_ips = [ + "0.0.0.0/0", + "::/0", ] } + rule { + description = "Allow Incoming SSH Traffic" + destination_ips = [] + direction = "in" + port = "22" + protocol = "tcp" + source_ips = [ + "0.0.0.0/0", + "::/0", ] } + rule { + description = "Allow Outbound HTTP Requests" + destination_ips = [ + "0.0.0.0/0", + "::/0", ] + direction = "out" + port = "80" + protocol = "tcp" + source_ips = [] } + rule { + description = "Allow Outbound HTTPS Requests" + destination_ips = [ + "0.0.0.0/0", + "::/0", ] + direction = "out" + port = "443" + protocol = "tcp" + source_ips = [] } + rule { + description = "Allow Outbound ICMP Ping Requests" + destination_ips = [ + "0.0.0.0/0", + "::/0", ] + direction = "out" + protocol = "icmp" + source_ips = [] } + rule { + description = "Allow Outbound TCP DNS Requests" + destination_ips = [ + "0.0.0.0/0", + "::/0", ] + direction = "out" + port = "53" + protocol = "tcp" + source_ips = [] } + rule { + description = "Allow Outbound UDP DNS Requests" + destination_ips = [ + "0.0.0.0/0", + "::/0", ] + direction = "out" + port = "53" + protocol = "udp" + source_ips = [] } + rule { + description = "Allow Outbound UDP NTP Requests" + destination_ips = [ + "0.0.0.0/0", + "::/0", ] + direction = "out" + port = "123" + protocol = "udp" + source_ips = [] } + rule { + description = "Allow any outward access. To Allow ArgoCD (or ssh-keyscan) access to resources via SSH, access to Databases via special ports, etc." + destination_ips = [ + "0.0.0.0/0", + "::/0", ] + direction = "out" + port = "any" + protocol = "tcp" + source_ips = [] } } # module.kube-hetzner.hcloud_network.k3s will be created + resource "hcloud_network" "k3s" { + delete_protection = false + expose_routes_to_vswitch = false + id = (known after apply) + ip_range = "10.0.0.0/8" + labels = { + "cluster" = "jolin-20230906t105955z" + "engine" = "k3s" + "provisioner" = "terraform" } + name = "jolin-20230906t105955z" } # module.kube-hetzner.hcloud_network_subnet.agent[0] will be created + resource "hcloud_network_subnet" "agent" { + gateway = (known after apply) + id = (known after apply) + ip_range = "10.0.0.0/16" + network_id = (known after apply) + network_zone = "eu-central" + type = "cloud" } # module.kube-hetzner.hcloud_network_subnet.control_plane[0] will be created + resource "hcloud_network_subnet" "control_plane" { + gateway = (known after apply) + id = (known after apply) + ip_range = "10.255.0.0/16" + network_id = (known after apply) + network_zone = "eu-central" + type = "cloud" } # module.kube-hetzner.hcloud_placement_group.agent[0] will be created + resource "hcloud_placement_group" "agent" { + id = (known after apply) + labels = { + "cluster" = "jolin-20230906t105955z" + "engine" = "k3s" + "provisioner" = "terraform" } + name = "jolin-20230906t105955z-agent-1" + servers = (known after apply) + type = "spread" } # module.kube-hetzner.hcloud_placement_group.control_plane[0] will be created + resource "hcloud_placement_group" "control_plane" { + id = (known after apply) + labels = { + "cluster" = "jolin-20230906t105955z" + "engine" = "k3s" + "provisioner" = "terraform" } + name = "jolin-20230906t105955z-control-plane-1" + servers = (known after apply) + type = "spread" } # module.kube-hetzner.local_file.kustomization_backup[0] will be created + resource "local_file" "kustomization_backup" { + content = <<-EOT "apiVersion": "kustomize.config.k8s.io/v1beta1" "kind": "Kustomization" "patchesStrategicMerge": - | apiVersion: apps/v1 kind: Deployment metadata: name: system-upgrade-controller namespace: system-upgrade spec: template: spec: containers: - name: system-upgrade-controller volumeMounts: - name: ca-certificates mountPath: /var/lib/ca-certificates volumes: - name: ca-certificates hostPath: path: /var/lib/ca-certificates type: Directory - "kured.yaml" - "ccm.yaml" "resources": - "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/v1.17.2/ccm-networks.yaml" - "https://github.com/kubereboot/kured/releases/download/1.14.0/kured-1.14.0-dockerhub.yaml" - "https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml" - "hcloud-csi.yml" - "traefik_ingress.yaml" - "cert_manager.yaml" EOT + content_base64sha256 = (known after apply) + content_base64sha512 = (known after apply) + content_md5 = (known after apply) + content_sha1 = (known after apply) + content_sha256 = (known after apply) + content_sha512 = (known after apply) + directory_permission = "0777" + file_permission = "600" + filename = "jolin-20230906t105955z_kustomization_backup.yaml" + id = (known after apply) } # module.kube-hetzner.local_sensitive_file.kubeconfig[0] will be created + resource "local_sensitive_file" "kubeconfig" { + content = (sensitive value) + content_base64sha256 = (known after apply) + content_base64sha512 = (known after apply) + content_md5 = (known after apply) + content_sha1 = (known after apply) + content_sha256 = (known after apply) + content_sha512 = (known after apply) + directory_permission = "0700" + file_permission = "600" + filename = "jolin-20230906t105955z_kubeconfig.yaml" + id = (known after apply) } # module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] will be created + resource "null_resource" "agents" { + id = (known after apply) + triggers = { + "agent_id" = (known after apply) } } # module.kube-hetzner.null_resource.configure_autoscaler[0] will be created + resource "null_resource" "configure_autoscaler" { + id = (known after apply) + triggers = { + "template" = (sensitive value) } } # module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] will be created + resource "null_resource" "control_planes" { + id = (known after apply) + triggers = { + "control_plane_id" = (known after apply) } } # module.kube-hetzner.null_resource.first_control_plane will be created + resource "null_resource" "first_control_plane" { + id = (known after apply) } # module.kube-hetzner.null_resource.kustomization will be created + resource "null_resource" "kustomization" { + id = (known after apply) + triggers = { + "helm_values_yaml" = (sensitive value) + "options" = "" + "versions" = <<-EOT v1.26 v1.27.3 v1.17.2 v2.4.0 1.14.0 v3.26.1 v1.14.0 EOT } } # module.kube-hetzner.random_password.k3s_token will be created + resource "random_password" "k3s_token" { + bcrypt_hash = (sensitive value) + id = (known after apply) + length = 48 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = true + numeric = true + result = (sensitive value) + special = false + upper = true } # module.kube-hetzner.random_password.rancher_bootstrap[0] will be created + resource "random_password" "rancher_bootstrap" { + bcrypt_hash = (sensitive value) + id = (known after apply) + length = 48 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = true + numeric = true + result = (sensitive value) + special = false + upper = true } # module.kube-hetzner.module.agents["0-0-agent-arm-largest"].data.cloudinit_config.config will be read during apply # (config refers to values not yet known) <= data "cloudinit_config" "config" { + base64_encode = true + boundary = (known after apply) + gzip = true + id = (known after apply) + rendered = (known after apply) + part { + content = (known after apply) + content_type = "text/cloud-config" + filename = "init.cfg" } } # module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_rdns.server[0] will be created + resource "hcloud_rdns" "server" { + dns_ptr = (known after apply) + id = (known after apply) + ip_address = (known after apply) + server_id = (known after apply) } # module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server will be created + resource "hcloud_server" "server" { + allow_deprecated_images = false + backup_window = (known after apply) + backups = false + datacenter = (known after apply) + delete_protection = false + firewall_ids = (known after apply) + id = (known after apply) + ignore_remote_firewall_ids = false + image = "107893918" + ipv4_address = (known after apply) + ipv6_address = (known after apply) + ipv6_network = (known after apply) + keep_disk = false + labels = { + "cluster" = "jolin-20230906t105955z" + "engine" = "k3s" + "provisioner" = "terraform" + "role" = "agent_node" } + location = "hel1" + name = (known after apply) + placement_group_id = (known after apply) + rebuild_protection = false + server_type = "cax41" + ssh_keys = [ + (sensitive value), ] + status = (known after apply) + user_data = (known after apply) } # module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server_network.server will be created + resource "hcloud_server_network" "server" { + id = (known after apply) + ip = "10.0.0.101" + mac_address = (known after apply) + server_id = (known after apply) + subnet_id = (known after apply) } # module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries will be created + resource "null_resource" "registries" { + id = (known after apply) + triggers = { + "registries" = " " } } # module.kube-hetzner.module.agents["0-0-agent-arm-largest"].random_string.identity_file will be created + resource "random_string" "identity_file" { + id = (known after apply) + length = 20 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = true + numeric = true + result = (known after apply) + special = false + upper = false } # module.kube-hetzner.module.agents["0-0-agent-arm-largest"].random_string.server will be created + resource "random_string" "server" { + id = (known after apply) + keepers = { + "name" = "jolin-20230906t105955z-agent-arm-largest" } + length = 3 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = false + numeric = false + result = (known after apply) + special = false + upper = false } # module.kube-hetzner.module.control_planes["0-0-control-plane"].data.cloudinit_config.config will be read during apply # (config refers to values not yet known) <= data "cloudinit_config" "config" { + base64_encode = true + boundary = (known after apply) + gzip = true + id = (known after apply) + rendered = (known after apply) + part { + content = (known after apply) + content_type = "text/cloud-config" + filename = "init.cfg" } } # module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_rdns.server[0] will be created + resource "hcloud_rdns" "server" { + dns_ptr = (known after apply) + id = (known after apply) + ip_address = (known after apply) + server_id = (known after apply) } # module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server will be created + resource "hcloud_server" "server" { + allow_deprecated_images = false + backup_window = (known after apply) + backups = false + datacenter = (known after apply) + delete_protection = false + firewall_ids = (known after apply) + id = (known after apply) + ignore_remote_firewall_ids = false + image = "107893918" + ipv4_address = (known after apply) + ipv6_address = (known after apply) + ipv6_network = (known after apply) + keep_disk = false + labels = { + "cluster" = "jolin-20230906t105955z" + "engine" = "k3s" + "provisioner" = "terraform" + "role" = "control_plane_node" } + location = "hel1" + name = (known after apply) + placement_group_id = (known after apply) + rebuild_protection = false + server_type = "cax11" + ssh_keys = [ + (sensitive value), ] + status = (known after apply) + user_data = (known after apply) } # module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server_network.server will be created + resource "hcloud_server_network" "server" { + id = (known after apply) + ip = "10.255.0.101" + mac_address = (known after apply) + server_id = (known after apply) + subnet_id = (known after apply) } # module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries will be created + resource "null_resource" "registries" { + id = (known after apply) + triggers = { + "registries" = " " } } # module.kube-hetzner.module.control_planes["0-0-control-plane"].random_string.identity_file will be created + resource "random_string" "identity_file" { + id = (known after apply) + length = 20 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = true + numeric = true + result = (known after apply) + special = false + upper = false } # module.kube-hetzner.module.control_planes["0-0-control-plane"].random_string.server will be created + resource "random_string" "server" { + id = (known after apply) + keepers = { + "name" = "jolin-20230906t105955z-control-plane" } + length = 3 + lower = true + min_lower = 0 + min_numeric = 0 + min_special = 0 + min_upper = 0 + number = false + numeric = false + result = (known after apply) + special = false + upper = false } Plan: 27 to add, 0 to change, 0 to destroy. Changes to Outputs: + kubeconfig = (sensitive value) module.kube-hetzner.hcloud_network.k3s: Creating... module.kube-hetzner.hcloud_placement_group.control_plane[0]: Creating... module.kube-hetzner.hcloud_placement_group.agent[0]: Creating... module.kube-hetzner.local_file.kustomization_backup[0]: Creating... module.kube-hetzner.random_password.k3s_token: Creating... module.kube-hetzner.random_password.rancher_bootstrap[0]: Creating... module.kube-hetzner.local_file.kustomization_backup[0]: Creation complete after 0s [id=3c6a262b418d2c7b0922601f93c95bcaf7af645e] module.kube-hetzner.hcloud_firewall.k3s: Creating... module.kube-hetzner.random_password.k3s_token: Creation complete after 0s [id=none] module.kube-hetzner.random_password.rancher_bootstrap[0]: Creation complete after 0s [id=none] module.kube-hetzner.hcloud_placement_group.control_plane[0]: Creation complete after 0s [id=199152] module.kube-hetzner.hcloud_network.k3s: Creation complete after 1s [id=3315846] module.kube-hetzner.hcloud_network_subnet.agent[0]: Creating... module.kube-hetzner.hcloud_network_subnet.control_plane[0]: Creating... module.kube-hetzner.hcloud_firewall.k3s: Creation complete after 1s [id=1043976] module.kube-hetzner.hcloud_placement_group.agent[0]: Creation complete after 1s [id=199151] module.kube-hetzner.hcloud_network_subnet.agent[0]: Creation complete after 1s [id=3315846-10.0.0.0/16] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].random_string.identity_file: Creating... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].random_string.server: Creating... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].random_string.identity_file: Creation complete after 0s [id=vixyzo5nntxlf5aw4qkb] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].random_string.server: Creation complete after 0s [id=ele] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].data.cloudinit_config.config: Reading... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].data.cloudinit_config.config: Read complete after 0s [id=2725380955] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Creating... module.kube-hetzner.hcloud_network_subnet.control_plane[0]: Creation complete after 1s [id=3315846-10.255.0.0/16] module.kube-hetzner.module.control_planes["0-0-control-plane"].random_string.identity_file: Creating... module.kube-hetzner.module.control_planes["0-0-control-plane"].random_string.server: Creating... module.kube-hetzner.module.control_planes["0-0-control-plane"].random_string.identity_file: Creation complete after 0s [id=eqfig02ts0lxq4xne6bt] module.kube-hetzner.module.control_planes["0-0-control-plane"].random_string.server: Creation complete after 0s [id=kbn] module.kube-hetzner.module.control_planes["0-0-control-plane"].data.cloudinit_config.config: Reading... module.kube-hetzner.module.control_planes["0-0-control-plane"].data.cloudinit_config.config: Read complete after 0s [id=4102967451] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Creating... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Still creating... [10s elapsed] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Still creating... [10s elapsed] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Still creating... [20s elapsed] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Still creating... [20s elapsed] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Still creating... [30s elapsed] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Still creating... [30s elapsed] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Still creating... [40s elapsed] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Still creating... [40s elapsed] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Still creating... [50s elapsed] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Still creating... [50s elapsed] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Still creating... [1m0s elapsed] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Still creating... [1m0s elapsed] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Still creating... [1m10s elapsed] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Still creating... [1m10s elapsed] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Still creating... [1m20s elapsed] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Still creating... [1m20s elapsed] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Still creating... [1m30s elapsed] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Still creating... [1m30s elapsed] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Still creating... [1m40s elapsed] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Still creating... [1m40s elapsed] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Provisioning with 'local-exec'... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (local-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Provisioning with 'local-exec'... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (local-exec): Executing: ["/bin/sh" "-c" "until ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -o PubkeyAuthentication=yes -i /tmp/vixyzo5nntxlf5aw4qkb -o ConnectTimeout=2 -p 22 root@65.109.11.247 true 2> /dev/null\ndo\n echo \"Waiting for MicroOS to become available...\"\n sleep 3\ndone\n"] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (local-exec): Waiting for MicroOS to become available... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (local-exec): Waiting for MicroOS to become available... module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Provisioning with 'local-exec'... module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (local-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Provisioning with 'local-exec'... module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (local-exec): Executing: ["/bin/sh" "-c" "until ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -o PubkeyAuthentication=yes -i /tmp/eqfig02ts0lxq4xne6bt -o ConnectTimeout=2 -p 22 root@95.217.188.184 true 2> /dev/null\ndo\n echo \"Waiting for MicroOS to become available...\"\n sleep 3\ndone\n"] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Still creating... [1m50s elapsed] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Still creating... [1m50s elapsed] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (local-exec): Waiting for MicroOS to become available... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (local-exec): Waiting for MicroOS to become available... module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (local-exec): Waiting for MicroOS to become available... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (local-exec): Waiting for MicroOS to become available... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Still creating... [2m0s elapsed] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Still creating... [2m0s elapsed] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (local-exec): Waiting for MicroOS to become available... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (local-exec): Waiting for MicroOS to become available... module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (local-exec): Waiting for MicroOS to become available... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (local-exec): Waiting for MicroOS to become available... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Still creating... [2m10s elapsed] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Still creating... [2m10s elapsed] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (local-exec): Waiting for MicroOS to become available... module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (local-exec): Waiting for MicroOS to become available... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Provisioning with 'local-exec'... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (local-exec): Executing: ["/bin/sh" "-c" "rm /tmp/vixyzo5nntxlf5aw4qkb\n"] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Provisioning with 'remote-exec'... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (remote-exec): Connecting to remote host via SSH... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (remote-exec): Host: 65.109.11.247 module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (remote-exec): User: root module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (remote-exec): Password: false module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (remote-exec): Private key: true module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (remote-exec): Certificate: false module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (remote-exec): SSH Agent: true module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (remote-exec): Checking Host Key: false module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (remote-exec): Target Platform: unix module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (remote-exec): Connected! module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (local-exec): Waiting for MicroOS to become available... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (remote-exec): Automatic OS updates are disabled module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server (remote-exec): Removed "/etc/systemd/system/timers.target.wants/transactional-update.timer". module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server.server: Creation complete after 2m18s [id=36806616] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_rdns.server[0]: Creating... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server_network.server: Creating... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries: Creating... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries: Provisioning with 'file'... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries: Provisioning with 'remote-exec'... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries (remote-exec): Connecting to remote host via SSH... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries (remote-exec): Host: 65.109.11.247 module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries (remote-exec): User: root module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries (remote-exec): Password: false module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries (remote-exec): Private key: true module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries (remote-exec): Certificate: false module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries (remote-exec): SSH Agent: true module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries (remote-exec): Checking Host Key: false module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries (remote-exec): Target Platform: unix module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries (remote-exec): Connected! module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (local-exec): Waiting for MicroOS to become available... module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries (remote-exec): No update required to the registries.yaml file module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Still creating... [2m20s elapsed] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].null_resource.registries: Creation complete after 3s [id=4952865149328809997] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_rdns.server[0]: Creation complete after 4s [id=s-36806616-65.109.11.247] module.kube-hetzner.module.agents["0-0-agent-arm-largest"].hcloud_server_network.server: Creation complete after 6s [id=36806616-3315846] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Provisioning with 'local-exec'... module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (local-exec): Executing: ["/bin/sh" "-c" "rm /tmp/eqfig02ts0lxq4xne6bt\n"] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Provisioning with 'remote-exec'... module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (remote-exec): Connecting to remote host via SSH... module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (remote-exec): Host: 95.217.188.184 module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (remote-exec): User: root module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (remote-exec): Password: false module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (remote-exec): Private key: true module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (remote-exec): Certificate: false module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (remote-exec): SSH Agent: true module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (remote-exec): Checking Host Key: false module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (remote-exec): Target Platform: unix module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (remote-exec): Connected! module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (remote-exec): Automatic OS updates are disabled module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server (remote-exec): Removed "/etc/systemd/system/timers.target.wants/transactional-update.timer". module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server.server: Creation complete after 2m25s [id=36806618] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server_network.server: Creating... module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_rdns.server[0]: Creating... module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries: Creating... module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries: Provisioning with 'file'... module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries: Provisioning with 'remote-exec'... module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries (remote-exec): Connecting to remote host via SSH... module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries (remote-exec): Host: 95.217.188.184 module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries (remote-exec): User: root module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries (remote-exec): Password: false module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries (remote-exec): Private key: true module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries (remote-exec): Certificate: false module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries (remote-exec): SSH Agent: true module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries (remote-exec): Checking Host Key: false module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries (remote-exec): Target Platform: unix module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries (remote-exec): Connected! module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries (remote-exec): No update required to the registries.yaml file module.kube-hetzner.module.control_planes["0-0-control-plane"].null_resource.registries: Creation complete after 3s [id=122673906790466180] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_server_network.server: Creation complete after 4s [id=36806618-3315846] module.kube-hetzner.module.control_planes["0-0-control-plane"].hcloud_rdns.server[0]: Creation complete after 6s [id=s-36806618-95.217.188.184] module.kube-hetzner.null_resource.first_control_plane: Creating... module.kube-hetzner.null_resource.first_control_plane: Provisioning with 'file'... module.kube-hetzner.null_resource.first_control_plane: Provisioning with 'remote-exec'... module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane: Still creating... [10s elapsed] module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane: Still creating... [20s elapsed] module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane: Still creating... [30s elapsed] module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane: Still creating... [40s elapsed] module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.first_control_plane: Provisioning with 'remote-exec'... module.kube-hetzner.null_resource.first_control_plane (remote-exec): Connecting to remote host via SSH... module.kube-hetzner.null_resource.first_control_plane (remote-exec): Host: 95.217.188.184 module.kube-hetzner.null_resource.first_control_plane (remote-exec): User: root module.kube-hetzner.null_resource.first_control_plane (remote-exec): Password: false module.kube-hetzner.null_resource.first_control_plane (remote-exec): Private key: true module.kube-hetzner.null_resource.first_control_plane (remote-exec): Certificate: false module.kube-hetzner.null_resource.first_control_plane (remote-exec): SSH Agent: true module.kube-hetzner.null_resource.first_control_plane (remote-exec): Checking Host Key: false module.kube-hetzner.null_resource.first_control_plane (remote-exec): Target Platform: unix module.kube-hetzner.null_resource.first_control_plane (remote-exec): Connected! module.kube-hetzner.null_resource.first_control_plane: Still creating... [50s elapsed] module.kube-hetzner.null_resource.first_control_plane: Creation complete after 53s [id=6474925354835976480] module.kube-hetzner.null_resource.control_planes["0-0-control-plane"]: Creating... module.kube-hetzner.null_resource.kustomization: Creating... module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"]: Creating... module.kube-hetzner.null_resource.kustomization: Provisioning with 'file'... module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"]: Provisioning with 'file'... module.kube-hetzner.null_resource.control_planes["0-0-control-plane"]: Provisioning with 'file'... module.kube-hetzner.null_resource.control_planes["0-0-control-plane"]: Provisioning with 'remote-exec'... module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization: Provisioning with 'file'... module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"]: Provisioning with 'remote-exec'... module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization: Provisioning with 'file'... module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization: Provisioning with 'file'... module.kube-hetzner.null_resource.kustomization: Provisioning with 'file'... module.kube-hetzner.null_resource.kustomization: Provisioning with 'file'... module.kube-hetzner.null_resource.kustomization: Provisioning with 'file'... module.kube-hetzner.null_resource.kustomization: Provisioning with 'file'... module.kube-hetzner.null_resource.kustomization: Provisioning with 'file'... module.kube-hetzner.null_resource.kustomization: Provisioning with 'file'... module.kube-hetzner.null_resource.kustomization: Provisioning with 'file'... module.kube-hetzner.null_resource.kustomization: Still creating... [10s elapsed] module.kube-hetzner.null_resource.control_planes["0-0-control-plane"]: Still creating... [10s elapsed] module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"]: Still creating... [10s elapsed] module.kube-hetzner.null_resource.kustomization: Provisioning with 'file'... module.kube-hetzner.null_resource.kustomization: Provisioning with 'remote-exec'... module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.control_planes["0-0-control-plane"]: Provisioning with 'remote-exec'... module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): Connecting to remote host via SSH... module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): Host: 95.217.188.184 module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): User: root module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): Password: false module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): Private key: true module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): Certificate: false module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): SSH Agent: true module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): Checking Host Key: false module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): Target Platform: unix module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.control_planes["0-0-control-plane"] (remote-exec): Connected! module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization: Provisioning with 'remote-exec'... module.kube-hetzner.null_resource.kustomization (remote-exec): Connecting to remote host via SSH... module.kube-hetzner.null_resource.kustomization (remote-exec): Host: 95.217.188.184 module.kube-hetzner.null_resource.kustomization (remote-exec): User: root module.kube-hetzner.null_resource.kustomization (remote-exec): Password: false module.kube-hetzner.null_resource.kustomization (remote-exec): Private key: true module.kube-hetzner.null_resource.kustomization (remote-exec): Certificate: false module.kube-hetzner.null_resource.kustomization (remote-exec): SSH Agent: true module.kube-hetzner.null_resource.kustomization (remote-exec): Checking Host Key: false module.kube-hetzner.null_resource.kustomization (remote-exec): Target Platform: unix module.kube-hetzner.null_resource.control_planes["0-0-control-plane"]: Creation complete after 16s [id=724459830536005020] module.kube-hetzner.data.remote_file.kubeconfig: Reading... module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): Connected! module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): + sed -i 's/^- |[0-9]\+$/- |/g' /var/post_install/kustomization.yaml module.kube-hetzner.null_resource.kustomization (remote-exec): + timeout 360 bash module.kube-hetzner.null_resource.kustomization (remote-exec): + kubectl apply -k /var/post_install module.kube-hetzner.data.remote_file.kubeconfig: Read complete after 2s [id=95.217.188.184:22:/etc/rancher/k3s/k3s.yaml] module.kube-hetzner.local_sensitive_file.kubeconfig[0]: Creating... module.kube-hetzner.local_sensitive_file.kubeconfig[0]: Creation complete after 0s [id=19f6d3f511614f66ac0ac28e361930798b20f782] module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): E0906 11:04:05.087813 3092 memcache.go:287] couldn't get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): E0906 11:04:05.126791 3092 memcache.go:121] couldn't get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.kustomization (remote-exec): namespace/cert-manager unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): namespace/system-upgrade configured module.kube-hetzner.null_resource.kustomization (remote-exec): namespace/traefik unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): storageclass.storage.k8s.io/hcloud-volumes unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): serviceaccount/hcloud-cloud-controller-manager created module.kube-hetzner.null_resource.kustomization (remote-exec): serviceaccount/hcloud-csi-controller unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): serviceaccount/kured unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): serviceaccount/system-upgrade unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): role.rbac.authorization.k8s.io/kured unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): clusterrole.rbac.authorization.k8s.io/hcloud-csi-controller unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): clusterrole.rbac.authorization.k8s.io/kured unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): rolebinding.rbac.authorization.k8s.io/kured unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): clusterrolebinding.rbac.authorization.k8s.io/hcloud-csi-controller unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): clusterrolebinding.rbac.authorization.k8s.io/kured unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): clusterrolebinding.rbac.authorization.k8s.io/system-upgrade unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): clusterrolebinding.rbac.authorization.k8s.io/system:hcloud-cloud-controller-manager created module.kube-hetzner.null_resource.kustomization (remote-exec): configmap/default-controller-env configured module.kube-hetzner.null_resource.kustomization (remote-exec): service/hcloud-csi-controller-metrics unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): service/hcloud-csi-node-metrics unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): deployment.apps/hcloud-cloud-controller-manager configured module.kube-hetzner.null_resource.kustomization (remote-exec): deployment.apps/hcloud-csi-controller configured module.kube-hetzner.null_resource.kustomization (remote-exec): deployment.apps/system-upgrade-controller configured module.kube-hetzner.null_resource.kustomization (remote-exec): daemonset.apps/hcloud-csi-node configured module.kube-hetzner.null_resource.kustomization (remote-exec): daemonset.apps/kured configured module.kube-hetzner.null_resource.kustomization (remote-exec): helmchart.helm.cattle.io/cert-manager unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): helmchart.helm.cattle.io/traefik configured module.kube-hetzner.null_resource.kustomization (remote-exec): csidriver.storage.k8s.io/csi.hetzner.cloud unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): + echo 'Waiting for the system-upgrade-controller deployment to become available...' module.kube-hetzner.null_resource.kustomization (remote-exec): Waiting for the system-upgrade-controller deployment to become available... module.kube-hetzner.null_resource.kustomization (remote-exec): + kubectl -n system-upgrade wait --for=condition=available --timeout=360s deployment/system-upgrade-controller module.kube-hetzner.null_resource.kustomization (remote-exec): E0906 11:04:05.480499 3147 memcache.go:287] couldn't get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request module.kube-hetzner.null_resource.kustomization (remote-exec): E0906 11:04:05.505253 3147 memcache.go:121] couldn't get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request module.kube-hetzner.null_resource.kustomization (remote-exec): E0906 11:04:05.508085 3147 memcache.go:121] couldn't get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request module.kube-hetzner.null_resource.kustomization: Still creating... [20s elapsed] module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"]: Still creating... [20s elapsed] module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): (output suppressed due to sensitive value in config) module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"]: Provisioning with 'remote-exec'... module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): Connecting to remote host via SSH... module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): Host: 65.109.11.247 module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): User: root module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): Password: false module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): Private key: true module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): Certificate: false module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): SSH Agent: true module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): Checking Host Key: false module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): Target Platform: unix module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"] (remote-exec): Connected! module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"]: Still creating... [30s elapsed] module.kube-hetzner.null_resource.kustomization: Still creating... [30s elapsed] module.kube-hetzner.null_resource.kustomization (remote-exec): deployment.apps/system-upgrade-controller condition met module.kube-hetzner.null_resource.kustomization (remote-exec): + sleep 7 module.kube-hetzner.null_resource.agents["0-0-agent-arm-largest"]: Creation complete after 35s [id=383686060007761392] module.kube-hetzner.null_resource.kustomization (remote-exec): + kubectl -n system-upgrade apply -f /var/post_install/plans.yaml module.kube-hetzner.null_resource.kustomization (remote-exec): E0906 11:04:25.171265 3651 memcache.go:287] couldn't get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request module.kube-hetzner.null_resource.kustomization (remote-exec): E0906 11:04:25.173060 3651 memcache.go:121] couldn't get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request module.kube-hetzner.null_resource.kustomization (remote-exec): plan.upgrade.cattle.io/k3s-agent unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): plan.upgrade.cattle.io/k3s-server unchanged module.kube-hetzner.null_resource.kustomization (remote-exec): + timeout 360 bash module.kube-hetzner.null_resource.kustomization: Creation complete after 40s [id=1913262552649797322] module.kube-hetzner.data.hcloud_load_balancer.cluster[0]: Reading... module.kube-hetzner.null_resource.configure_autoscaler[0]: Creating... module.kube-hetzner.null_resource.configure_autoscaler[0]: Provisioning with 'file'... module.kube-hetzner.null_resource.configure_autoscaler[0]: Provisioning with 'remote-exec'... module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): Connecting to remote host via SSH... module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): Host: 95.217.188.184 module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): User: root module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): Password: false module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): Private key: true module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): Certificate: false module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): SSH Agent: true module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): Checking Host Key: false module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): Target Platform: unix module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): Connected! module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): E0906 11:04:28.402553 3828 memcache.go:287] couldn't get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): E0906 11:04:28.427027 3828 memcache.go:121] couldn't get resource list for metrics.k8s.io/v1beta1: the server is currently unable to handle the request module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): serviceaccount/cluster-autoscaler unchanged module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): clusterrole.rbac.authorization.k8s.io/cluster-autoscaler unchanged module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): role.rbac.authorization.k8s.io/cluster-autoscaler unchanged module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): clusterrolebinding.rbac.authorization.k8s.io/cluster-autoscaler unchanged module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): rolebinding.rbac.authorization.k8s.io/cluster-autoscaler unchanged module.kube-hetzner.null_resource.configure_autoscaler[0] (remote-exec): deployment.apps/cluster-autoscaler configured module.kube-hetzner.null_resource.configure_autoscaler[0]: Creation complete after 3s [id=3403193993910540446] ╷ │ Error: no Load Balancer found with name jolin-20230906t105955z │ │ with module.kube-hetzner.data.hcloud_load_balancer.cluster[0], │ on .terraform/modules/kube-hetzner/data.tf line 31, in data "hcloud_load_balancer" "cluster": │ 31: data "hcloud_load_balancer" "cluster" { │ ╵ error: Recipe `apply-tf` failed with exit code 1 ```

The final error goes away after waiting some time - apparently the load balancer is still setup.

---

I found this documentation which mentions that as soon as the name field is defined, it tries to import an existing load-balancer.

I want to look deeper into the respective code, but my current best guess is that the load-balancer could be defined before via terraform. Maybe that already fixes this issue.

[mysticaltech]

@schlichtanders Yes, I saw the error, weird. The doc you found is super interesting, I had no idea we could create and use an lb previously deployed. That is theoretically doable as we can configure the service part in both nginx and traefik.

@aleksasiriski @M4t7e @ifeulner What do you think about that folks? I think it would be nice to go that route, it will simplify our code, and fix the occasional lb recreation we saw in the past.

[schlichtanders]

I just tried to create the loadbalancer in advance, but somehow it did not work

here a screenshot from my hetzner

these two loadbalancers are now from a SINGLE terraform apply.

1. The name with the timestamp is the cluster-name (so this should have been picked up, but apparently didn't)
2. instead there is a second loadbalancer with my very first cluster name jolin (EDIT: and a different location than specified)
   • I have no clue how this name/location can even be found. (
   • Maybe this is also the reason why the renaming happened initially it found some old configuration somewhere and reactivated it (by id), and then applied the new name to it, which now failed because the name was already used somewhere else

Looking into the kustomize service definition which got deployed, really the timestamped name is used...

So something must get confused... Here the pointer to the current source code of this ccm https://github.com/hetznercloud/hcloud-cloud-controller-manager/blob/main/hcloud/load_balancers.go#L93-L166

[schlichtanders]

@mysticaltech is there a way to inspect the full debug logs from the terraform apply?

on the console always only the logs without sensible information is shown. It would be great to see if the full logs have some hints. (couldn't find a way myself by googling terraform logs, but maybe there is a kube-hetzner way of doing it)

[schlichtanders]

I opened a bug report https://github.com/hetznercloud/hcloud-cloud-controller-manager/issues/504

[schlichtanders]

Just a thought: It might be an interaction with the restoring (I am still trying to finish the restoring).

The backup may have had the old location and name...

• the first deployment of the load_balancer may have happened very early on.
• then later the new kustomization was applied, which just changed some configurations, but reused the already started loadbalancer

Maybe via a match of ids this could also explain why a second deployment to the same cluster somehow took over the load-balancer.

[schlichtanders]

I think I understood also the final missing pieces:

• The code of the load-balancer setup (see the entry point and its definition) will first check whether it can find something in kubernetes itself which simply matches the LabelServiceUID
• no cluster name nothing else is checked.
• if this search is successful, nothing else will be tried, but the loadbalancer is taken

This explains why every of my restoration deployments picked the same loadbalancer, leading to the renaming behaviour.

[schlichtanders]

I now added a kubectl delete service/traefik -n traefik line right after kubectl becomes available and indeed the load balancer is no longer renamed...

the downside is that this actually takes a while... probably because it was already deployed again and the loadbalancer was also already created.

I haven't found a sound way to delete this service reference before it starts. Not sure what would be the ideal way to work with it. At the other ticket I suggest to have a flag which makes it explicit that only the cluster-name should count.

[schlichtanders]

I am closing this issue, because I am now able to have two healthy load-balancers without one deployment interfering with the other. Hence it is an interaction with the restoration :+1: .

[mysticaltech]

@schlichtanders Interesting! Thanks for sharing your in-depth analysis. So what are your conclusions on the ability to do restorations with this project?

[schlichtanders]

Yesterday I luckily was able to do a proper restoration without the side-effects of this issue. Only a tiny addition is actually needed - see my pullrequest https://github.com/kube-hetzner/terraform-hcloud-kube-hetzner/pull/968

Further thoughts I had:

• even if I could wish for some ideal behaviour of hetzner ccm, I couldn't find something which prevents side-effects. Any kind of reference to the outer hetzner project would naturally be able interfer. Because it needs to reference by name. And by name is just not enough when restoring into the same hetzner project.
• so it seemed one possibility is to create a new hetzner project for every restore. That is an option, but I really liked to have a clean restore into the same project. This way I have one prod project and one test project, and can name restores with monotonously increasing names (like timestamps). (another thought: If I would need another hetzner project for restore, I probably would need a blue and green prod project and always track which is currently the real prod project.)

But to have a restoration to the same project than really needs to get rid of this load-balancer kubernetes configuration already before the restoration is done (I really want to prevent any kind of side-effects with existing load-balancers).

• the difficulty here is that standard kubectl is only running if the cluster is running, but then also the restoration gets already applied which is too late. :slightly_frowning_face:
• I tried to use etcdctl instead on the raw etcd storage and, I am so happy, it seems to have worked. :slightly_smiling_face:

So now I can do a etcd restore and delete the traefik service from it before any config gets executed. This is tested now in fixes everything as hoped for.