terraform-provider-kubernetes icon indicating copy to clipboard operation
terraform-provider-kubernetes copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

`image_pull_secrets` are not removed from deployment

Open viceice opened this issue 1 year ago • 1 comments

Terraform Version, Provider Version and Kubernetes Version

Terraform version: 1.7.5
Kubernetes provider version: 2.27.0
Kubernetes version: 1.28.7

Affected Resource(s)

  • kubernetes_deployment

Terraform Configuration Files

resource "kubernetes_deployment" "whoami" {
  metadata {
    name      = "whoami"
    labels = {
      app = "whoami"
    }
  }
  spec {
    replicas = 1

    selector {
      match_labels = {
        app = "whoami"
      }
    }
    template {
      metadata {
        labels = {
          app = "whoami"
        }
      }
      spec {
        container {
          image = "traefik/whoami"
          name  = "whoami"
          
        }
        
        # remove after initial deploy
        image_pull_secrets {
          name = "docker-cfg"
        }
      }
    }
  }
}

Debug Output

Panic Output

Steps to Reproduce

  1. terraform apply
  2. remove pull secret
  3. terraform apply
  4. see that pull screcret isn't removed

Expected Behavior

What should have happened?

pull secret should be removed from deployment

Actual Behavior

What actually happened?

pull secret is still there

Important Factoids

References

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

viceice avatar Mar 18 '24 09:03 viceice

I remove the pull secrets a long time ago with older versions. I don't on the versions used, so now you see the current versions in use.

viceice avatar Mar 18 '24 09:03 viceice

The issue with image_pull_secrets not being removed is due to Terraform's behavior with compute attributes and Kubernetes resource management. If image_pull_secrets is not explicitly set in the Terraform configuration, Terraform might pull the existing value from the Kubernetes resource and update its state file accordingly. Thus, if you remove image_pull_secrets from the configuration and re-apply, Terraform could see the existing value in Kubernetes and assume it's still valid, hence not removing it. When image_pull_secrets is removed from your configuration, Kubernetes does not automatically delete the secret references from the resource.

sheneska avatar Jul 11 '24 14:07 sheneska

@sheneska , I am confused how it can be. TF has own state and it clearly capable of calculating diff between last recorded state and desired state. Do you say that any block resource can't removed? volumes, env vars etc?

redbaron avatar Dec 10 '24 18:12 redbaron