Skip to content

fix a bug with "enable-kube-proxy" flag in SKS #457

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

fix a bug with "enable-kube-proxy" flag in SKS #457

wants to merge 2 commits into from
+3 −2

Conversation

arthuraliiev
Copy link
Contributor

@arthuraliiev arthuraliiev commented Aug 28, 2025
edited
Loading

Description

enable_kube_proxy flag always set to true on SKS cluster creation.

...

seems like d.GetOk() for boolean fields treats false as "not set"

Checklist

(For exoscale contributors)

  • Changelog updated (under Unreleased block)
  • Acceptance tests OK
  • For a new resource, datasource or new attributes: acceptance test added/updated

Testing

main.tf

# Providers
# -> providers.tf

# Customizable parameters
locals {
  my_zone = "ch-gva-2"
}

data "exoscale_template" "my_template" {
  zone = "ch-gva-2"
  name = "Linux Ubuntu 22.04 LTS 64-bit"
}

resource "exoscale_sks_cluster" "kube-proxyless" {
  zone              = "ch-gva-2"
  name              = "kube-proxyless"
  version           = ""
  cni               = "calico"
  service_level     = "pro"
  auto_upgrade      = true
  exoscale_csi      = true
  exoscale_ccm      = true
  metrics_server    = true
  enable_kube_proxy = false
}

terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # exoscale_sks_cluster.kube-proxyless will be created
  + resource "exoscale_sks_cluster" "kube-proxyless" {
      + addons            = (known after apply)
      + aggregation_ca    = (known after apply)
      + auto_upgrade      = true
      + cni               = "calico"
      + control_plane_ca  = (known after apply)
      + created_at        = (known after apply)
      + enable_kube_proxy = false
      ...

      + oidc (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

========>>

restish root-api-preprod sks-get d85df96f-46d5-413e-8b94-050dfdecfeaf

{
  addons: [
    "exoscale-cloud-controller"
    "exoscale-container-storage-interface"
    "metrics-server"
  ]
  auto-upgrade: true
  cluster-cidr: "192.168.0.0/16"
  cni: "calico"
  created-at: "2025-08-28T07:01:21Z"
  default-security-group-id: null
  enable-kube-proxy: false
  ...

ENABLING:

maint.tf

resource "exoscale_sks_cluster" "kube-proxyless" {
  zone              = "ch-gva-2"
  name              = "kube-proxy"
  version           = ""
  cni               = "calico"
  service_level     = "pro"
  auto_upgrade      = true
  exoscale_csi      = true
  exoscale_ccm      = true
  metrics_server    = true
  enable_kube_proxy = true 
}

terraform apply

data.exoscale_template.my_template: Reading...
exoscale_sks_cluster.kube-proxyless: Refreshing state... [id=d85df96f-46d5-413e-8b94-050dfdecfeaf]
data.exoscale_template.my_template: Read complete after 1s [id=17d57a55-c3e4-418a-b518-df67c9399225]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # exoscale_sks_cluster.kube-proxyless must be replaced
-/+ resource "exoscale_sks_cluster" "kube-proxyless" {
      ...
            -----BEGIN CERTIFICATE-----
            MIIGBjCCA+6gAwIBAgIUEdmFSYyTsi2kbwCanuNLUrZoth4wDQYJKoZIhvcNAQEL
            PFmO4OktXyE03N4E7B8/osmVdGVTODsX/SbzhHa7IpAKIdfClY5La+v4zaitF2Di
            9YvRvSh7/zK1nw==
            -----END CERTIFICATE-----
        EOT -> (known after apply)
      ~ created_at        = "2025-08-28 07:01:21 +0000 UTC" -> (known after apply)
      ~ enable_kube_proxy = false -> true # forces replacement
      ~ endpoint          = "d85df96f-46d5-413e-8b94-050dfdecfeaf.ppsks-ch-gva-2.exo.io" -> (known after apply)
      - feature_gates     = [] -> null
      ~ id                = "d85df96f-46d5-413e-8b94-050dfdecfeaf" -> (known after apply)
      ...
    }

Plan: 1 to add, 0 to change, 1 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

========>>

restish root-api-preprod sks-get 7dac036f-19b5-41c3-bdd4-428a212e3635

{
addons: [
  "exoscale-cloud-controller"
  "exoscale-container-storage-interface"
  "metrics-server"
]
auto-upgrade: true
cluster-cidr: "192.168.0.0/16"
cni: "calico"
created-at: "2025-08-28T07:43:59Z"
default-security-group-id: null
enable-kube-proxy: true
enable-operators-ca: true
endpoint: "7dac036f-19b5-41c3-bdd4-428a212e3635.ppsks-ch-gva-2.exo.io"
exoscale.entity/zone: {
...
}

Default value:

main.tf

# Providers
# -> providers.tf

# Customizable parameters
locals {
  my_zone = "ch-gva-2"
}

data "exoscale_template" "my_template" {
  zone = "ch-gva-2"
  name = "Linux Ubuntu 22.04 LTS 64-bit"
}

resource "exoscale_sks_cluster" "kube-proxyless" {
  zone              = "ch-gva-2"
  name              = "kube-proxy"
  version           = ""
  cni               = "calico"
  service_level     = "pro"
  auto_upgrade      = true
  exoscale_csi      = true
  exoscale_ccm      = true
  metrics_server    = true
}

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # exoscale_sks_cluster.kube-proxyless will be created
  + resource "exoscale_sks_cluster" "kube-proxyless" {
      + addons            = (known after apply)
      + aggregation_ca    = (known after apply)
      + auto_upgrade      = true
      + cni               = "calico"
      + control_plane_ca  = (known after apply)
      + created_at        = (known after apply)
      + enable_kube_proxy = (known after apply)
      + endpoint          = (known after apply)
...

      + oidc (known after apply)
    }

========>>

restish root-api-preprod sks-get 2bbe1b85-6658-4714-aac1-3320cde82fd6

{
  addons: [
    "exoscale-cloud-controller"
    "exoscale-container-storage-interface"
    "metrics-server"
  ]
  auto-upgrade: true
  cluster-cidr: "192.168.0.0/16"
  cni: "calico"
  created-at: "2025-08-28T10:09:24Z"
  default-security-group-id: null
  enable-kube-proxy: true
  enable-operators-ca: true
  endpoint: "2bbe1b85-6658-4714-aac1-3320cde82fd6.ppsks-ch-gva-2.exo.io"
 ...
}

@arthuraliiev arthuraliiev force-pushed the aa/sc-139747/the-flag-enable-kube-proxy-does-not-work-with branch from bfb240a to 818566c Compare August 28, 2025 07:01
@arthuraliiev arthuraliiev marked this pull request as ready for review August 28, 2025 07:57
@arthuraliiev arthuraliiev force-pushed the aa/sc-139747/the-flag-enable-kube-proxy-does-not-work-with branch from 818566c to aaa3846 Compare August 28, 2025 08:07
@arthuraliiev arthuraliiev added the WIP 🚧 Work in progress (no review queue) label Aug 28, 2025
@arthuraliiev arthuraliiev force-pushed the aa/sc-139747/the-flag-enable-kube-proxy-does-not-work-with branch from aaa3846 to 59aa3d8 Compare August 28, 2025 10:13
@arthuraliiev arthuraliiev removed the WIP 🚧 Work in progress (no review queue) label Aug 28, 2025
sauterp
sauterp approved these changes Sep 1, 2025
View reviewed changes
@arthuraliiev @sauterp
Update exoscale/resource_exoscale_sks_cluster.go
27a28fa 
use constant instead of a string

Co-authored-by: Philipp Sauter <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kobajagi kobajagi kobajagi approved these changes

@sauterp sauterp sauterp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@arthuraliiev @kobajagi @sauterp