search

terraform-google-modules / terraform-google-kubernetes-engine

Configures opinionated GKE clusters
https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google
Apache License 2.0
1.13k stars 1.16k forks source link

enable_confidential_storage force node pool replacement #2051

Open xueshanf opened 3 weeks ago

xueshanf commented 3 weeks ago

TL;DR

Upgraded from Terraform 1.9.3 to 1.9.5 and terraform plan show new enable_confidential_storage setting and force node pool replacement. 1.9.3 has no problems.

Expected behavior

Should not force node-pool replacement when no Terraform code changes.

Observed behavior

+/- resource "random_id" "name" {
      ~ b64_std     = "node-pool-HQw=" -> (known after apply)
      ~ b64_url     = "node-pool-HQw" -> (known after apply)
      ~ dec         = "node-pool-7436" -> (known after apply)
      ~ hex         = "node-pool-1d0c" -> (known after apply)
      ~ id          = "HQw" -> (known after apply)
      ~ keepers     = { # forces replacement
          + "enable_confidential_storage" = null
            # (26 unchanged elements hidden)
        }
        # (2 unchanged attributes hidden)
    }

### Terraform Configuration

```hcl
node_pools = [
    {
      # https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/modules/beta-private-cluster#node_pools-variable
      name              = "node-pool"
      machine_type      = "{{ .Env.GKE_MACHINE_TYPE }}"
      min_count         = "1"
      max_count         = "5"
      local_ssd_count   = 0
      disk_size_gb      = "{{ .Env.GKE_DISK_SIZE }}"
      disk_type         = "{{ .Env.GKE_DISK_TYPE }}"
      image_type        = "COS_CONTAINERD"
      initial_node_count  = "1"
      accelerator_type  = ""
      accelerator_count = "0"
      spot              = {{.Env.GKE_SPOT}}
      # https://cloud.google.com/kubernetes-engine/docs/how-to/image-streaming
      enable_gcfs       = true
      auto_repair       = true
      auto_upgrade      = true
    },
  ]
...

Terraform Version

Upgrade from 1.9.3 (terraform plan is clean) to 1.9.5 causes replacement.

Additional information

No response

xueshanf commented 3 weeks ago

I was able to workaround this by pining 31.1 version, instead of using the latest 32.02.

module "gke" {
  source                    = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster-update-variant"
  version = "~> 31.1"