search

terraform-google-modules / terraform-google-kubernetes-engine

Configures opinionated GKE clusters
https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google
Apache License 2.0
1.13k stars 1.16k forks source link

Error on terraform plan for safer-cluster-update-variant module: Iteration over null value #608

Closed erichaase closed 4 years ago

erichaase commented 4 years ago

We're getting the following error on terraform plan (as well as apply, refresh, etc.):

Already have image (with digest): gcr.io/cloud-foundation-cicd/cft/developer-tools:0.11.14
terraform plan terraform/corporate-dev
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

module.corp-dev-us-east1-c-01.data.google_client_config.default: Refreshing state...
module.corp-dev-us-east1-c-01.module.gke.module.gke.data.google_container_engine_versions.region: Refreshing state...
module.corp-dev-us-east1-c-01.module.gke.module.gke.data.google_compute_subnetwork.gke_subnetwork[0]: Refreshing state...
module.corp-dev-us-east1-c-01.module.gke.module.gke.data.google_compute_zones.available: Refreshing state...
module.corp-dev-us-east1-c-01.module.gke.module.gke.data.google_client_config.default: Refreshing state...
module.corp-dev-us-east1-c-01.module.gke.module.gke.data.google_container_engine_versions.zone: Refreshing state...

Error: Iteration over null value

  on .terraform/modules/corp-dev-us-east1-c-01.gke/terraform-google-kubernetes-engine-10.0.0/modules/beta-private-cluster-update-variant/main.tf line 72, in locals:
  72:   cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}
    |----------------
    | data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range is null

A null value cannot be used as the collection in a 'for' expression.

With the following module:

module "corp-dev-us-east1-c-01" {
  source                         = "../modules/mesh-cluster"
  project_id                     = "wp-engine-corporate-dev"
  cluster_name                   = "mesh-dev-us-east1-c-01"
  region                         = "us-east1" 
  compute_engine_service_account = ""   # Empty string => Create a service account for nodes
  regional                       = false
  release_channel                = "RAPID"
  zones                          = ["us-east1-c"]

  node_pools = [
    {
      name            = "pool-01"
      machine_type    = "e2-standard-4"
      autoscaling     = true
      min_count       = 4
      max_count       = 16
      auto_upgrade    = true
    },
  ]
}

which relies on this module:

locals {
  network_name           = "gke-${var.cluster_name}-network"
  subnet_name            = "gke-${var.cluster_name}-subnet"
  master_auth_subnetwork = "gke-${var.cluster_name}-master-subnet"
  pods_range_name        = "gke-${var.cluster_name}-ip-range-pods"
  svc_range_name         = "gke-${var.cluster_name}-ip-range-svc"
}

provider "google" {
  version = "~> 3.16.0"
}

provider "google-beta" {
  version = "~> 3.29.0"
}

module "gke" {
  source                         = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster-update-variant"
  project_id                     = var.project_id
  name                           = var.cluster_name
  regional                       = var.regional
  region                         = var.region
  zones                          = var.zones
  network                        = module.gcp-network.network_name
  subnetwork                     = module.gcp-network.subnets_names[index(module.gcp-network.subnets_names, local.subnet_name)]
  ip_range_pods                  = local.pods_range_name
  ip_range_services              = local.svc_range_name
  compute_engine_service_account = var.compute_engine_service_account
  release_channel                = var.release_channel
  node_pools                     = var.node_pools
  master_ipv4_cidr_block         = "172.16.0.0/28"
  add_cluster_firewall_rules     = true
  firewall_inbound_ports         = ["9443", "15017"]
  grant_registry_access          = true
  config_connector               = true
  # TODO: create registry project
  #registry_project_id            = <the project id for your GCR project>
  master_authorized_networks = [
    {
      cidr_block   = "10.60.0.0/17"
      display_name = "VPC"
    },
  ]
}

data "google_client_config" "default" {
}

which uses the safer-cluster-update-variant module.

The source of this error appears to be related to this line:

https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/470/files#r459069787

bharathkkb commented 4 years ago

I think this is same as #564