mumoshu/terraform-provider-eksctl

Modifying EKS cluster tags should not replace or recreate the cluster

Opened this issue · 3 comments

dmakeroam commented

I modified the EKS cluster tags in the resource eksctl_cluster, but eksctl provider detected changes to replace or recreate the cluster as follows:

  • resource "eksctl_cluster" "eksctl_cluster" {
    ~ id = "c474v8ecie6oieo0not0" -> (known after apply)
    - kubeconfig_path = "/var/folders/l3/63s7b385403dymdbp8ys1vv00000gn/T/tf-eksctl-kubeconfig577227778" -> null
    name = "kubeopsskills-argo"
    + oidc_provider_arn = (known after apply)
    + oidc_provider_url = (known after apply)
    ~ output = <<-EOT
    2021-08-10 17:58:41 [ℹ] eksctl version 0.60.0
    2021-08-10 17:58:41 [ℹ] using region ap-southeast-1
    2021-08-10 17:58:41 [ℹ] comparing 0 nodegroups defined in the given config ("-") against remote state
    2021-08-10 17:58:42 [ℹ] 2 nodegroup(s) present in the config file (kubeopsskills-subnet-a-spot,kubeopsskills-subnet-b-spot) will be excluded
    2021-08-10 17:58:42 [ℹ] will drain 0 nodegroup(s) in cluster "kubeopsskills-argo"
    2021-08-10 17:58:42 [ℹ] will delete 0 nodegroups from cluster "kubeopsskills-argo"
    2021-08-10 17:58:42 [ℹ] 1 task: { no tasks }
    2021-08-10 17:58:42 [ℹ] will delete 0 nodegroups from auth ConfigMap in cluster "kubeopsskills-argo"
    2021-08-10 17:58:42 [✔] deleted 0 nodegroup(s) from cluster "kubeopsskills-argo"
    EOT -> (known after apply)
    + security_group_ids = (known after apply)
    ~ tags = { # forces replacement
    ~ "kubeopsskills:environment" = "development" -> "production"
    ~ "kubeopsskills:project" = "terraform" -> "terraform-cloud"
    # (6 unchanged elements hidden)
    }
    # (7 unchanged attributes hidden)
    + aws_auth_configmap {
    + groups = (known after apply)
    + iamarn = (known after apply)
    + username = (known after apply)
    }
    - aws_auth_configmap {
    - groups = [
    - "system:bootstrappers",
    - "system:nodes",
    ] -> null
    - iamarn = "arn:aws:iam::034118682703:role/eksctl-kubeopsskills-argo-nodegr-NodeInstanceRole-1SW60RDK33H4R" -> null
    - username = "system:node:{{EC2PrivateDNSName}}" -> null
    }
    - aws_auth_configmap {
    - groups = [
    - "system:bootstrappers",
    - "system:nodes",
    ] -> null
    - iamarn = "arn:aws:iam::034118682703:role/eksctl-kubeopsskills-argo-nodegr-NodeInstanceRole-DEHIE6U2MTLY" -> null
    - username = "system:node:{{EC2PrivateDNSName}}" -> null
    }
    }

Expected Scenario:

eksctl provider should not replace or recreate the cluster if we modify only EKS cluster tags.

Do you have any idea to solve this?

pfnsec commented

We're running into this at the moment - did you ever find a solution?

gtskaushik commented

We are running into the same issue