terraform-google-kubernetes-engine icon indicating copy to clipboard operation
terraform-google-kubernetes-engine copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

how to make ACM module depend on hub?

Open jtangney opened this issue 4 years ago • 6 comments
trafficstars

Before installing Anthos Config Management (ACM), the underlying GKE cluster needs to be registered with Connect/Hub. How can I enforce this dependency in the terraform?

The hub module provides a 'wait' output value, so I'm trying to depend on this in the ACM module

  depends_on = [
    module.hub.wait
  ]

But it gives a bunch of errors like below

Error: Invalid count argument
 
   on .terraform/modules/acm-server.acm_operator.k8s_operator/main.tf line 57, in resource "random_id" "cache":
   57:   count = (! local.skip_download) ? 1 : 0
 
The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. 
To work around this, use the -target argument to first apply only the resources that the count depends on.

Obviously I can indeed split into two steps (apply the hub first, then separately do ACM) - but would be nice to have as single operation. I'm not very familiar with these modules so maybe I'm missing something?

This feels like a core requirement of the ACM module (i.e. enforcing the hub dependency) so would be good to have a clear description of how to achieve?

Thanks!

jtangney avatar May 27 '21 10:05 jtangney

Can you share the full config?

morgante avatar May 27 '21 14:05 morgante

Essentially copied from https://cloud.google.com/architecture/provisioning-anthos-clusters-with-terraform. In that doc however, each bit is done as a separate step - so it's not an end-to-end apply.

I added the depends_on

module "hub-server" {
  source           = "terraform-google-modules/kubernetes-engine/google//modules/hub"
  project_id       = data.google_client_config.current.project

  cluster_name     = module.server-cluster.name
  location         = module.server-cluster.location
  cluster_endpoint = module.server-cluster.endpoint
  gke_hub_membership_name = "server"
  gke_hub_sa_name = "server"
}

module "acm-server" {
  source           = "github.com/terraform-google-modules/terraform-google-kubernetes-engine//modules/acm"

  project_id       = data.google_client_config.current.project
  cluster_name     = module.server-cluster.name
  location         = module.server-cluster.location
  cluster_endpoint = module.server-cluster.endpoint

  operator_path    = "config-management-operator.yaml"
  sync_repo        = var.acm_repo_location
  sync_branch      = var.acm_branch
  policy_dir       = var.acm_dir
  secret_type      = var.acm_secret_type
  create_ssh_key   = var.acm_create_ssh_key

  depends_on = [
    module.hub-server.wait
  ]
}

jtangney avatar May 27 '21 15:05 jtangney

@jtangney What version of Terraform are you using? This sounds like a potential duplicate of #690, where the fix was to use Terraform 0.12.29.

morgante avatar May 27 '21 15:05 morgante

Hmmm ok. Tho depends_on for modules is only available >= 0.13, let me try workaround.

Still seems like there should be an out-of-the-box way in the ACM module to force wait on hub?

jtangney avatar May 27 '21 16:05 jtangney

https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/945 should fix this

bharathkkb avatar Jul 01 '21 03:07 bharathkkb

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] avatar Aug 30 '21 23:08 github-actions[bot]