Open gorantornqvist-sr opened 2 months ago
I face the same
There is another negative impact: When applying the plan, then it brought back the formerly removed defaultPodSecurityPolicyTemplateName config parameter in the cluster configuration. This then enabled back the (useless) configuration of a PSP for a Rancher project.
I mitigated the issue by redundantly added admission_configuration to the kube-api in cluster config in TF configuration. This stops the Rancher TF provider from removing it from the Rancher generated rke_config.
As an alternative, rke_config[0].services[0].kube_api[0].admission_configuration can be added to ignore_changes
This workaround appears to work:
resource "rancher2_cluster" "cluster" {
lifecycle {
ignore_changes = [
rke_config[0].services[0].kube_api[0].admission_configuration
]
}
}
For me too
Rancher Server Setup
Information about the Cluster
User Information
Provider Information
Describe the bug
When rancher2_cluster.default_pod_security_admission_configuration_template_name set, terraform wants to remove rke_config.services.kube_api.admission_configuration each time it is run, see screenshot.
To Reproduce
Actual Result
Expected Result
tf apply/plan should not try to remove the rancher generated contents
Screenshots
Additional context