Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plan always shows an update with security_group_ids #33

Open
freimer opened this issue Feb 1, 2021 · 7 comments
Open

Plan always shows an update with security_group_ids #33

freimer opened this issue Feb 1, 2021 · 7 comments

Comments

@freimer
Copy link

freimer commented Feb 1, 2021

A plan (or apply) always seems to show a change, when there is no change. Here's the output:

  # eksctl_cluster.vault will be updated in-place
  ~ resource "eksctl_cluster" "cluster" {
        id                 = "randomID"
        name               = "vault"
      + security_group_ids = (known after apply)
        tags               = {
            "appid"       = "a"
            "appname"     = "app"
            "environment" = "prod"
            "owner"       = "email"
        }
        # (10 unchanged attributes hidden)



        # (3 unchanged blocks hidden)
    }

If I dump the state, security_group_ids is not shown. You can't set the security group IDs either, so I don't know the purpose for this.
@mumoshu
Copy link
Owner

mumoshu commented Feb 2, 2021

@freimer Hey! Thanks for reporting. I've heard this before elsewhere, but was unable to reproduce it myself in recent versions of the provider.

So - would you mind sharing me your version of the provider? If it's old, I'd appreciate if you could test out more recent version(s) of it.

@freimer
Copy link
Author

freimer commented Feb 4, 2021

My lock file says this:

provider "registry.terraform.io/mumoshu/eksctl" {
  version     = "0.14.6"
  constraints = ">= 0.14.0"
  hashes = [
    "h1:2WrKJd15klykLVK4/GyYqpxUfAKJpSXynGDadNl1IaA=",
    "zh:0fea476b3506a9e4563f22814a797e39a8e78a46861e2e764dd272c644ec672d",
    "zh:13721cea2f695e11fd89d767c34756fc4aad2b5f9f97aaa9d4497816da77a674",
    "zh:30b4b418a397d68623b42aaa4f57d0664e3129a4ecab96122d693f38642054ad",
    "zh:3a66abcc989763a75adf27d07e512f450f12893ad8b0c1d0750b531eb841f671",
    "zh:4cec4341a4cf14c7065843881848be814bd2a4afa7c595fe9591e63cbac43559",
    "zh:4e974a47fa053bccf1a9de67cb7208e599d00533419c946ee1f8534b5e64f30b",
    "zh:db885810e3e39850270cb733231eed5f01145606b1ce7bba1c224b18db1db83a",
    "zh:e53460a36678ac8233c551aa15cfa77762dd771b1a4e8b465263c61275a624c2",
    "zh:f5d71b9cecd0b1b5d41eb4f810c715124e4b0c548955c82e4ef20731649be0d2",
    "zh:f93147408f2506b9dafcb54594eb7a1a9097538ba33620e26908e32593cb073a",
  ]
}

@cilindrox
Copy link

Same over here.

version:

provider "registry.terraform.io/mumoshu/eksctl" {
  version     = "0.15.2"
  constraints = "0.15.2"
  hashes = [
    "h1:AwrWTLusDsAAbGq9NXabtKRUxpegdv+YEyx6c5tE+58=",
  ]
}

Here's the snippet that's failing for me:

resource "eksctl_cluster" "this" {
  name           = var.cluster_name
  region         = var.region
  version        = var.kubernetes_version
  api_version    = "eksctl.io/v1alpha5"
  eksctl_version = "0.41.0"

  spec    = <<-EOS
  vpc:
    cidr: "${var.cidr}"
    nat:
      gateway: Disable
  EOS

  lifecycle {
    ignore_changes = [
      kubeconfig_path,
    ]
  }
}

Ended up ignoring kubeconfig_path due to a similar behavior, but that's simpler since it's meant to be overwritten during CI and whatnot.

@dstandish
Copy link

i see it too, on terraform 0.15.2 and mumoshu/eksctl 0.16.2

i recall it was present months ago also

@charlie-fox
Copy link

In my log too, every time, very confusing, in fact, if you try to set it directly as a resource field, it refused to be set.

Terraform will perform the following actions:
  # eksctl_cluster.cluster will be updated in-place
  ~ resource "eksctl_cluster" "cluster" {
        id                 = "c39njhh6grhs07fppcug"
        name               = "cluster"
      + security_group_ids = (known after apply)
        # (9 unchanged attributes hidden)
        # (1 unchanged block hidden)
    }
Plan: 0 to add, 1 to change, 0 to destroy.

@markandersontrocme
Copy link

Same for me, I have a cluster that was created with eksctl and I used terraform import. I see updates for kuebconfig_path and securtiy_group_ids everytime.

Terraform v0.14.4
mumoshu/eksctl version = "0.16.2"

@mumoshu any idea what could be causing this?

Terraform will perform the following actions:

  # eksctl_cluster.eks_cluster will be updated in-place
  ~ resource "eksctl_cluster" "eks_cluster" {
        id                 = "c4022mo6n88lg0gjavrg"
      - kubeconfig_path    = "/var/folders/cq/lz76_n1n4wgg_xzzd3c9szb1kygwws/T/tf-eksctl-kubeconfig887298127" -> null
        name               = "test-cluster"
      + security_group_ids = (known after apply)
        # (8 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

@gtskaushik
Copy link

I'm facing the same issue

eksctl_cluster.eks will be updated in-place

~ resource "eksctl_cluster" "eks" {
id = "ca8dgclvqc7sjc7q02dg"
name = "anekam-dev-eks"
+ security_group_ids = (known after apply)
tags = {
"Environment" = "dev"
}
# (10 unchanged attributes hidden)

    # (3 unchanged blocks hidden)
}

Solved kubectl_path issue by adding to lifecycle.ignore_changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@mumoshu @cilindrox @gtskaushik @freimer @dstandish @markandersontrocme @charlie-fox