terraform-provider-aws
terraform-provider-aws copied to clipboard
hashicorp
[Enhancement]: Support new `force` parameter for upgrading `aws_eks_cluster`
Terraform Core Version
1.5.9
AWS Provider Version
5.61.0
Affected Resource(s)
- aws_eks_cluster
- aws_eks_addon
Expected Behavior
EKS cluster upgrade should be performed successfully.
Actual Behavior
Error is returned, EKS cluster is not upgraded.
Relevant Error/Panic Output Snippet
Error: updating EKS Cluster (atmos-scratch-mrusso) version: operation error EKS: UpdateClusterVersion, https response error StatusCode: 400, RequestID: 967a5037-c605-4bf8-98a3-003e7581d4c4, api error InvalidStateException: Upgrade readiness issues detected. Call the EKS ListInsights API to view upgrade blocking issues detected by EKS. Pass the force flag to override upgrade readiness errors and proceed with upgrade.
with module.atmos.module.eks.aws_eks_cluster.main,
on ../../modules/eks/cluster.tf line 181, in resource "aws_eks_cluster" "main":
181: resource "aws_eks_cluster" "main" {
Terraform Configuration Files
resource "aws_eks_cluster" "main" {
name = "my-cluster"
version = "1.30"
}
resource "aws_eks_addon" "vpc_cni" {
cluster_name = aws_eks_cluster.main.name
addon_name = "vpc-cni"
addon_version = "v1.16.0-eksbuild.1" # oldest version listed for EKS 1.30
}
Steps to Reproduce
Generally speaking, to reproduce this, you need to have an EKS cluster in a state where AWS cluster insights will block the upgrade, like having an addon version that's incompatible with the new EKS version.
- Create aws_eks_cluster using
version = "1.30" - Create aws_eks_addon.vpc_cni using
addon_version = "v1.16.0-eksbuild.1"(supported in EKS v1.30, not v1.31) - Change aws_eks_cluster using
version = "1.31"
Debug Output
No response
Panic Output
No response
Important Factoids
Yesterday, AWS announced that it will block EKS cluster upgrades via new "cluster insights" features. The feature is opt-out. You can skip this check by "forcing" the upgrade using the AWS Console or AWS CLI.
When creating an EKS cluster using Terraform, there is no argument to "force" this upgrade.
References
- Amazon EKS now enforces upgrade insights checks as part of cluster upgrades - AWS
- Prepare for Kubernetes version upgrades with cluster insights - Amazon EKS
Would you like to implement a fix?
No
Community Guidelines
This comment is added to every new Issue to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! :rocket:
Voting for Prioritization
- Please vote on this Issue by adding a :+1: reaction to the original post to help the community and maintainers prioritize it.
- Please see our prioritization guide for additional information on how the maintainers handle prioritization.
- Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Issue and do not help prioritize the request.
Volunteering to Work on This Issue
- If you are interested in working on this issue, please leave a comment.
- If this would be your first contribution, please review the contribution guide.
- For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@merusso looks like AWS https://github.com/aws/containers-roadmap/issues/2570 rollbacked the feature for now. It seems that the roadmap is still blocked and they are not going to move forward till more items support it ig. I feel we should wait on this until they support --force on their APIs and CLIs.
Hey @merusso 👋 Thank you for taking the time to raise this! We consider the addition of additional features to existing resources (in this case, the force argument) to be an enhancement rather than a bug. With that in mind, I'm going to update this issue slightly. There's no further action for you to take at this point, I just like to let people know before I make these types of modifications.
@merusso looks like AWS aws/containers-roadmap#2570 rollbacked the feature for now. It seems that the roadmap is still blocked and they are not going to move forward till more items support it ig. I feel we should wait on this until they support
--forceon their APIs and CLIs.
The issue was rolled back because it affected users who use Terraform, as it doesn't have support to --force upgrade and override EKS upgrade insights.
https://github.com/aws/containers-roadmap/issues/2570
If you read towards the end:
While we launched with support in AWS owned tools like aws cli and CloudFormation, we recognize many EKS customers use 3rd party management tools (such as Terraform) which have not yet been updated, and these users cannot easily pass the force flag.
Given this, we have decided to temporarily rollback this feature (the --force flag will still exist, but be treated as a no-op) and give time for community tools to catch up releasing support for the new force flag. We are aiming to have this change completed by end day. We will update this issue again once the roll back is completed, and we will provide further updates on when we will re-roll forward the feature once we feel enough 3rd party tools have been updated with support for the force flag.
@zeljkostjepanovic yup sorry missed that part out... will start working on this.. thanks for pointing the fact 👍
[!WARNING] This Issue has been closed, meaning that any additional comments are much easier for the maintainers to miss. Please assume that the maintainers will not see them.
Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.
This functionality has been released in v5.95.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.
For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.