terraform-provider-kubernetes
terraform-provider-kubernetes copied to clipboard
hashicorp
`kubernetes_annotations` resource does not seem to work with Gateway resource (gateway.networking.k8s.io/v1)
The kubernetes_annotations resource does not seem to work correctly when applied to a Gateway resource as it seems to be generating a bad patch request that break validation.
As you can see below, trying to apply an annotation to a Gateway resource leads to following error:
Error: Gateway.gateway.networking.k8s.io "eg-gateway" is invalid: [spec: Required value,
: Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]
So it seems the patch is somehow sending an incomplete resource body, specifically with a null or missing .spec.
Terraform Version, Provider Version and Kubernetes Version
Terraform version:
Terraform v1.12.0
on linux_amd64
+ provider registry.terraform.io/hashicorp/google v6.35.0
+ provider registry.terraform.io/hashicorp/helm v2.17.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.36.0
+ provider registry.terraform.io/hashicorp/null v3.2.4
Affected Resource(s)
- kubernetes_annotations
Terraform Configuration Files
Note: Config simplified. In the real setup the two resources (Gateway and Annotation happen at two separate stages)
resource "kubernetes_manifest" "gateway" {
provider = kubernetes
manifest = {
apiVersion = "gateway.networking.k8s.io/v1"
kind = "Gateway"
metadata = {
name = var.envoy_gateway_name
namespace = var.envoy_gateway_namespace
}
spec = {
listeners = [
{
name = "https-listener"
hostname = "test.domain.com"
port = 443
protocol = "HTTPS"
allowedRoutes = {
namespaces = {
from = "All"
}
}
tls = {
mode = "Terminate"
certificateRefs = [
{
kind = "Secret"
name = "staging-https-secret"
}
]
}
},
{
name = "http-listener"
port = 80
protocol = "HTTP"
allowedRoutes = {
namespaces = {
from = "All"
}
}
},
]
}
}
}
resource "kubernetes_annotations" "gateway_issuer_annotate" {
depends_on = [kubernetes_manifest.cluster_issuer]
provider = kubernetes.gke
api_version = "gateway.networking.k8s.io/v1"
kind = "Gateway"
metadata {
name = data.terraform_remote_state.setup.outputs.gateway_name
namespace = data.terraform_remote_state.setup.outputs.gateway_namespace
}
annotations = {
"cert-manager.io/cluster-issuer" = "letsencrypt-issuer"
}
}
Debug Output
n/a
Panic Output
n/a
Steps to Reproduce
terraform applywith the config above leads to the following error:
│ Error: Gateway.gateway.networking.k8s.io "eg-gateway" is invalid: [spec: Required value, <nil>: Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]
│
│ with kubernetes_annotations.gateway_issuer_annotate,
│ on main.tf line 121, in resource "kubernetes_annotations" "gateway_issuer_annotate":
│ 121: resource "kubernetes_annotations" "gateway_issuer_annotate" {
Expected Behavior
kubernetes_annotate should work on Gateway resource.
Actual Behavior
Valudation error was thrown.
Important Factoids
References
- GH-1234
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
