Plan always shows an update with security_group_ids
freimer opened this issue · 7 comments
A plan (or apply) always seems to show a change, when there is no change. Here's the output:
# eksctl_cluster.vault will be updated in-place
~ resource "eksctl_cluster" "cluster" {
id = "randomID"
name = "vault"
+ security_group_ids = (known after apply)
tags = {
"appid" = "a"
"appname" = "app"
"environment" = "prod"
"owner" = "email"
}
# (10 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
If I dump the state, security_group_ids is not shown. You can't set the security group IDs either, so I don't know the purpose for this.
@freimer Hey! Thanks for reporting. I've heard this before elsewhere, but was unable to reproduce it myself in recent versions of the provider.
So - would you mind sharing me your version of the provider? If it's old, I'd appreciate if you could test out more recent version(s) of it.
My lock file says this:
provider "registry.terraform.io/mumoshu/eksctl" {
version = "0.14.6"
constraints = ">= 0.14.0"
hashes = [
"h1:2WrKJd15klykLVK4/GyYqpxUfAKJpSXynGDadNl1IaA=",
"zh:0fea476b3506a9e4563f22814a797e39a8e78a46861e2e764dd272c644ec672d",
"zh:13721cea2f695e11fd89d767c34756fc4aad2b5f9f97aaa9d4497816da77a674",
"zh:30b4b418a397d68623b42aaa4f57d0664e3129a4ecab96122d693f38642054ad",
"zh:3a66abcc989763a75adf27d07e512f450f12893ad8b0c1d0750b531eb841f671",
"zh:4cec4341a4cf14c7065843881848be814bd2a4afa7c595fe9591e63cbac43559",
"zh:4e974a47fa053bccf1a9de67cb7208e599d00533419c946ee1f8534b5e64f30b",
"zh:db885810e3e39850270cb733231eed5f01145606b1ce7bba1c224b18db1db83a",
"zh:e53460a36678ac8233c551aa15cfa77762dd771b1a4e8b465263c61275a624c2",
"zh:f5d71b9cecd0b1b5d41eb4f810c715124e4b0c548955c82e4ef20731649be0d2",
"zh:f93147408f2506b9dafcb54594eb7a1a9097538ba33620e26908e32593cb073a",
]
}
Same over here.
version:
provider "registry.terraform.io/mumoshu/eksctl" {
version = "0.15.2"
constraints = "0.15.2"
hashes = [
"h1:AwrWTLusDsAAbGq9NXabtKRUxpegdv+YEyx6c5tE+58=",
]
}Here's the snippet that's failing for me:
resource "eksctl_cluster" "this" {
name = var.cluster_name
region = var.region
version = var.kubernetes_version
api_version = "eksctl.io/v1alpha5"
eksctl_version = "0.41.0"
spec = <<-EOS
vpc:
cidr: "${var.cidr}"
nat:
gateway: Disable
EOS
lifecycle {
ignore_changes = [
kubeconfig_path,
]
}
}Ended up ignoring kubeconfig_path due to a similar behavior, but that's simpler since it's meant to be overwritten during CI and whatnot.
i see it too, on terraform 0.15.2 and mumoshu/eksctl 0.16.2
i recall it was present months ago also
In my log too, every time, very confusing, in fact, if you try to set it directly as a resource field, it refused to be set.
Terraform will perform the following actions:
# eksctl_cluster.cluster will be updated in-place
~ resource "eksctl_cluster" "cluster" {
id = "c39njhh6grhs07fppcug"
name = "cluster"
+ security_group_ids = (known after apply)
# (9 unchanged attributes hidden)
# (1 unchanged block hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Same for me, I have a cluster that was created with eksctl and I used terraform import. I see updates for kuebconfig_path and securtiy_group_ids everytime.
Terraform v0.14.4
mumoshu/eksctl version = "0.16.2"
@mumoshu any idea what could be causing this?
Terraform will perform the following actions:
# eksctl_cluster.eks_cluster will be updated in-place
~ resource "eksctl_cluster" "eks_cluster" {
id = "c4022mo6n88lg0gjavrg"
- kubeconfig_path = "/var/folders/cq/lz76_n1n4wgg_xzzd3c9szb1kygwws/T/tf-eksctl-kubeconfig887298127" -> null
name = "test-cluster"
+ security_group_ids = (known after apply)
# (8 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
I'm facing the same issue
eksctl_cluster.eks will be updated in-place
~ resource "eksctl_cluster" "eks" {
id = "ca8dgclvqc7sjc7q02dg"
name = "anekam-dev-eks"
+ security_group_ids = (known after apply)
tags = {
"Environment" = "dev"
}
# (10 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
Solved kubectl_path issue by adding to lifecycle.ignore_changes