search

terraform-google-modules / terraform-google-kubernetes-engine

Configures opinionated GKE clusters
https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google
Apache License 2.0
1.13k stars 1.16k forks source link

how to make ACM module depend on hub? #911

Open jtangney opened 3 years ago

jtangney commented 3 years ago

Before installing Anthos Config Management (ACM), the underlying GKE cluster needs to be registered with Connect/Hub. How can I enforce this dependency in the terraform?

The hub module provides a 'wait' output value, so I'm trying to depend on this in the ACM module

  depends_on = [
    module.hub.wait
  ]

But it gives a bunch of errors like below

Error: Invalid count argument

   on .terraform/modules/acm-server.acm_operator.k8s_operator/main.tf line 57, in resource "random_id" "cache":
   57:   count = (! local.skip_download) ? 1 : 0

The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. 
To work around this, use the -target argument to first apply only the resources that the count depends on.

Obviously I can indeed split into two steps (apply the hub first, then separately do ACM) - but would be nice to have as single operation. I'm not very familiar with these modules so maybe I'm missing something?

This feels like a core requirement of the ACM module (i.e. enforcing the hub dependency) so would be good to have a clear description of how to achieve?

Thanks!

morgante commented 3 years ago

Can you share the full config?

jtangney commented 3 years ago

Essentially copied from https://cloud.google.com/architecture/provisioning-anthos-clusters-with-terraform. In that doc however, each bit is done as a separate step - so it's not an end-to-end apply.

I added the depends_on

module "hub-server" {
  source           = "terraform-google-modules/kubernetes-engine/google//modules/hub"
  project_id       = data.google_client_config.current.project

  cluster_name     = module.server-cluster.name
  location         = module.server-cluster.location
  cluster_endpoint = module.server-cluster.endpoint
  gke_hub_membership_name = "server"
  gke_hub_sa_name = "server"
}

module "acm-server" {
  source           = "github.com/terraform-google-modules/terraform-google-kubernetes-engine//modules/acm"

  project_id       = data.google_client_config.current.project
  cluster_name     = module.server-cluster.name
  location         = module.server-cluster.location
  cluster_endpoint = module.server-cluster.endpoint

  operator_path    = "config-management-operator.yaml"
  sync_repo        = var.acm_repo_location
  sync_branch      = var.acm_branch
  policy_dir       = var.acm_dir
  secret_type      = var.acm_secret_type
  create_ssh_key   = var.acm_create_ssh_key

  depends_on = [
    module.hub-server.wait
  ]
}
morgante commented 3 years ago

@jtangney What version of Terraform are you using? This sounds like a potential duplicate of #690, where the fix was to use Terraform 0.12.29.

jtangney commented 3 years ago

Hmmm ok. Tho depends_on for modules is only available >= 0.13, let me try workaround.

Still seems like there should be an out-of-the-box way in the ACM module to force wait on hub?

bharathkkb commented 3 years ago

https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/945 should fix this

github-actions[bot] commented 3 years ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days