ignore_fields not working #280

razahuss02 · 2023-10-26T21:22:42Z

Hello,

I am trying to run an apply on my terraform, but I get an error message surrounded that the worker groups zones are immutable. The zones are the exact same, but the provider is trying to rearrange them for some reason which is causing an error on the apply.

The terraform plan is listed in the dropdown below.

I currently have these ignore_fields listed in my terraform resource:

resource "kubectl_manifest" "cluster" {
  yaml_body = local.yaml_body
  ignore_fields = [
    "metadata",
    "metadata.annotations",
    "metadata.finalizers",
    "metadata.generation",
    "metadata.labels",
    "metadata.managedFields",
    "status",
    "yaml_incluster",
    "spec.provider.workers.0.zones",
    "spec.provider.workers.1.zones"
  ]
  force_conflicts = true
}

terraform plan output

``` Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place

Terraform will perform the following actions:

# module.cluster.kubectl_manifest.workload_cluster will be updated in-place
~ resource "kubectl_manifest" “workload_cluster” {
    + force_conflicts         = true
      id                      = "/apis/"
    + ignore_fields           = [
        + "metadata",
        + "metadata.annotations",
        + "metadata.finalizers",
        + "metadata.generation",
        + "metadata.labels",
        + "metadata.managedFields",
        + "status",
        + "yaml_incluster",
        + "spec.provider.workers.0.zones",
        + "spec.provider.workers.1.zones",
      ]
      name                    = “cluster_name”
    + validate_schema         = true
    + wait_for_rollout        = true
    ~ yaml_body               = (sensitive value)
    ~ yaml_body_parsed        = <<-EOT
          apiVersion: apiVersion
          kind: Cluster
          metadata:
            name: cluster_name
            namespace: namespace
          spec:
            addons:
              kubernetesDashboard:
                authenticationMode: token
                enabled: false
              nginxIngress:
                enabled: false
                externalTrafficPolicy: Cluster
            cloudProfileName: cloud
            dns:
              domain: domain
              providers:
              - domains:
                  include:
                  - domain
                primary: true
                secretName: secret
                type: dns
            extensions:
               - providerConfig:
                apiVersion: apiVersion
                kind: DNSConfig
                providers:
                - domains:
                    include:
                    - domain
                  secretName: secret
                  type: dns
                syncProvidersFromShootSpecDNS: true
              type: dns-service
            hibernation: {}
            kubernetes:
              allowPrivilegedContainers: true
              enableStaticTokenKubeconfig: false
              kubeAPIServer:
                defaultNotReadyTolerationSeconds: 300
                defaultUnreachableTolerationSeconds: 300
                enableAnonymousAuthentication: false
                eventTTL: 1h0m0s
                logging:
                  verbosity: 2
                requests:
                  maxMutatingInflight: 200
                  maxNonMutatingInflight: 400
              kubeControllerManager:
                nodeCIDRMaskSize: 24
                nodeMonitorGracePeriod: 2m0s
              kubeProxy:
                enabled: true
                mode: IPTables
              kubeScheduler:
                profile: balanced
              kubelet:
                failSwapOn: true
                imageGCHighThresholdPercent: 50
                imageGCLowThresholdPercent: 40
                kubeReserved:
                  cpu: 80m
                  memory: 1Gi
                  pid: 20k
                serializeImagePulls: true
              version: <k8s_version>
              verticalPodAutoscaler:
                enabled: true
                evictAfterOOMThreshold: 10m0s
                evictionRateBurst: 1
                evictionRateLimit: -1
                evictionTolerance: 0.5
                recommendationMarginFraction: 0.15
                recommenderInterval: 1m0s
                updaterInterval: 1m0s
            networking:
              nodes: cidr
              pods: cidr
              services: cidr
              type: type
            provider:
              controlPlaneConfig:
                apiVersion: apiVersion
                cloudControllerManager:
                  useCustomRouteController: false
                kind: kind
                storage:
                  managedDefaultClass: true
              infrastructureConfig:
                apiVersion: apiVersion
                kind: kind
                networks:
                  vpc:
                    id: vpcid
                  zones:
                  - internal: cidr
                    name: name
                    public: cidr
                    workers: cidr
                  - internal: cidr
                    name: name
                    public: cidr
                    workers: cidr
                  - internal: cidr
                    name: name
                    public: cidr
                    workers: cidr
              type: type
              workers:
              - cri:
                  name: containerruntime
                machine:
                  architecture: arch
                  image:
                    name: name
                    version: version
                  type: type
                maxSurge: 1
                maxUnavailable: 1
                maximum: 1
                minimum: 1
                name: name
                systemComponents:
                  allow: true
                volume:
                  size: size
                  type: type
                zones:
                - region-c
                - region-b
                - region-a
              - cri:
                  name: containerruntime
                machine:
                  architecture: arch
                  image:
                    name: name
                    version: version
                  type: type
                maxSurge: 1
                maxUnavailable: 1
                maximum: 1
                minimum: 1
                name: name
                systemComponents:
                  allow: true
                volume:
                  size: size
                  type: type
                zones:
                - region-c
        -       - region-a
                - region-b
        +       - region-a
              workersSettings:
                sshAccess:
                  enabled: true
            purpose: development
            region: region
            resources:
            - name: dns-secret
              resourceRef:
                apiVersion: v1
                kind: Secret
                name: name
            secretBindingName: secret
        - status:
          [REDACTED]
      EOT
      # (10 unchanged attributes hidden)

      # (1 unchanged block hidden)
  }

Plan: 0 to add, 1 to change, 0 to destroy.

</details>

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ignore_fields not working #280

ignore_fields not working #280

razahuss02 commented Oct 26, 2023

ignore_fields not working #280

ignore_fields not working #280

Comments

razahuss02 commented Oct 26, 2023