Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubectl manifest can't find api resource eventhough it exist #274

Open
Edens-Angel opened this issue Aug 31, 2023 · 7 comments
Open

Kubectl manifest can't find api resource eventhough it exist #274

Edens-Angel opened this issue Aug 31, 2023 · 7 comments

Comments

@Edens-Angel
Copy link

I am trying to create components of the external-secrets.io/v1beta1 api. The resource get's created with success but after this, it returns an error which says Error: gcp-backend failed to fetch resource from kubernetes: the server could not find the requested resource

This error happens with everything from this resource. I am assuming it has something to do with the v1beta1 but I don't know why that would be an issue. This api resource does not yet has a released v1 api. I am running Terraform version 1.5.6

This is my required providers settings

terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "4.74.0"
    }
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "2.22.0"
    }
    kubectl = {
      source  = "gavinbunney/kubectl"
      version = "1.14.0"
    }
  }
}

# provider
provider "kubernetes" {
  host                   = "https://${data.terraform_remote_state.infrastructure.outputs.cluster_auth.endpoint}"
  client_certificate     = data.terraform_remote_state.infrastructure.outputs.cluster_auth.client_certificate
  client_key             = data.terraform_remote_state.infrastructure.outputs.cluster_auth.client_key
  cluster_ca_certificate = data.terraform_remote_state.infrastructure.outputs.cluster_auth.ca_certificate
  token                  = data.google_client_config.default.access_token
}

provider "kubectl" {
  host                   = "https://${data.terraform_remote_state.infrastructure.outputs.cluster_auth.endpoint}"
  client_certificate     = data.terraform_remote_state.infrastructure.outputs.cluster_auth.client_certificate
  client_key             = data.terraform_remote_state.infrastructure.outputs.cluster_auth.client_key
  cluster_ca_certificate = data.terraform_remote_state.infrastructure.outputs.cluster_auth.ca_certificate
  token                  = data.google_client_config.default.access_token
}

This is my terraform code

resource "k8s_external_secrets_io_cluster_secret_store_v1beta1" "cluster-secret-store" {
  metadata = {
    name = "gcp-backend"
  }

  spec = {
    provider = {
      gcpsm = {
        project_id = var.project
        auth = {
          workload_identity = {
            cluster_name     = var.cluster_name
            cluster_location = var.cluster_location
            service_account_ref = {
              name      = local.kubernetes_service_account_name
              namespace = local.namespace
            }
          }
        }
      }
    }
  }
}

# SecretClusterStore to authenticate the retrieval of secrets
resource "kubectl_manifest" "css-manifest" {
  yaml_body = k8s_external_secrets_io_cluster_secret_store_v1beta1.cluster-secret-store.yaml
}

The Api resources in my cluster include the following

clusterexternalsecrets            ces                     external-secrets.io/v1beta1               false        ClusterExternalSecret
clustersecretstores               css                     external-secrets.io/v1beta1               false        ClusterSecretStore
externalsecrets                   es                      external-secrets.io/v1beta1               true         ExternalSecret
pushsecrets                                               external-secrets.io/v1alpha1              true         PushSecret
secretstores                      ss                      external-secrets.io/v1beta1               true         SecretStore

Again, the resource gets created and everything works fine but my terraform code returns an error and does not save the resource in the state, resulting that it tries to recreate it with every run.
@Edens-Angel
Copy link
Author

I took a small deep dive in the code of the manifest but I am not very familiar with go so I have a limited understanding of it. I have to mention that the ClusterSecretStore kind is a kind with not namespace attached to it. It is accessible from everywhere. I am not sure how kubernetes handles this but could this be the problem of the error?

@clayrisser
Copy link

I just faced this issue too. It creates the resource but then says it can't find it. This didn't used to happen.

@clayrisser
Copy link

Seems to be the same problem as #270

@theunwisewolf
Copy link

Can confirm this is a legit issue.
This was not happening in older versions.

@alekc
Copy link
Contributor

alekc commented Sep 25, 2023

Can you try the fork

terraform {
  required_version = ">= 0.13"

  required_providers {
    kubectl = {
      source  = "alekc/kubectl"
      version = ">= 2.0.2"
    }
  }

That issue should be fixed there

@clay-risser
Copy link

Thanks

@scrooloose
Copy link

@alekc thanks. I was ready to cry, but your fork spared my dignity :-D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@scrooloose @alekc @theunwisewolf @clayrisser @Edens-Angel @clay-risser