terraform-aws-eks-blueprints
terraform-aws-eks-blueprints copied to clipboard
aws-ia
Removing module cause cycle
- [ x] ✋ I have searched the open/closed issues and my issue is not listed.
Please describe your question here
Hello, I wanted to remove two modules:
enable_aws_cloudwatch_metrics = false
enable_aws_for_fluentbit = false
But what I got back is cycle error:
Error: Cycle: module.eks.aws_security_group_rule.node["ingress_cluster_kubelet"], module.eks.aws_security_group_rule.node["egress_self_coredns_tcp"], module.eks.aws_security_group_rule.node["egress_ntp_tcp"], module.eks.aws_iam_role_policy_attachment.this["arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"], module.eks.aws_security_group_rule.cluster["egress_nodes_kubelet"], module.eks.local.cluster_role (expand), module.eks.aws_security_group_rule.node["ingress_self_coredns_udp"], module.eks.aws_security_group_rule.node["ingress_cluster_443"], module.eks.aws_security_group_rule.node["egress_self_coredns_udp"], module.eks.aws_cloudwatch_log_group.this[0], module.eks.aws_security_group_rule.node["ingress_self_coredns_tcp"], module.vpc.aws_subnet.private[0], module.vpc.aws_subnet.private[2], module.vpc.local.vpc_id (expand), module.vpc.aws_subnet.private[1], module.vpc.output.private_subnets (expand), module.eks.var.subnet_ids (expand), module.eks.aws_security_group_rule.node["ingress_self_all"], module.eks.aws_security_group_rule.cluster["ingress_nodes_443"], module.eks.aws_security_group_rule.node["egress_cluster_443"], module.eks.aws_security_group_rule.node["egress_https"], module.eks.aws_security_group_rule.node["egress_ntp_udp"], module.eks.local.node_security_group_id (expand), module.eks.aws_security_group_rule.cluster["egress_nodes_443"], module.eks.aws_security_group.node[0], module.vpc.aws_vpc.this[0], module.vpc.output.vpc_id (expand), module.eks.var.vpc_id (expand), module.eks.aws_security_group.cluster[0], module.eks.local.cluster_security_group_id (expand), module.eks.aws_security_group_rule.node["egress_all"], module.eks_blueprints_kubernetes_addons.module.aws_cloudwatch_metrics[0].module.helm_addon.helm_release.addon[0] (destroy), module.eks_blueprints_kubernetes_addons.module.aws_cloudwatch_metrics[0].module.helm_addon.module.irsa[0].kubernetes_service_account_v1.irsa[0] (destroy), module.eks_blueprints_kubernetes_addons.module.aws_cloudwatch_metrics[0].module.helm_addon.module.irsa[0].kubernetes_namespace_v1.irsa[0] (destroy), module.eks_blueprints_kubernetes_addons.module.aws_for_fluent_bit[0].aws_iam_policy.aws_for_fluent_bit (destroy), module.eks.aws_iam_role.this[0], module.eks.output.cluster_endpoint (expand), module.eks.output.cluster_certificate_authority_data (expand), provider["registry.terraform.io/hashicorp/helm"], module.eks_blueprints_kubernetes_addons.module.aws_for_fluent_bit[0].module.helm_addon.helm_release.addon[0] (destroy), module.eks_blueprints_kubernetes_addons.module.aws_for_fluent_bit[0].module.helm_addon.module.irsa[0].aws_iam_role.irsa[0] (destroy), module.eks.aws_iam_role_policy_attachment.this["arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"], module.eks.aws_eks_cluster.this[0]
How to get rid of it ?
Hey, it's very hard to understand from this data what might be the issue, please follow our bug report guidance, we'll need more data like module(s) version, reproduction code etc. Thanks
Hi, @Zvikan I'll try to get something together. Because I hit the same issue on another EKS cluster, where removing enable_aws_cloudwatch_metrics and enable_aws_for_fluentbit that were previously installed cause cycle issue. I managed to remove it somehow on the first EKS by adding depends_on random modules from the output... but I did not save the line that did it in the end... and now I'm at it again :(
I took this many depends_on to finally remove enable_aws_cloudwatch_metrics:
depends_on = [module.vpc.loca, module.eks.aws_security_group_rule, module.eks.aws_cloudwatch_log_group, module.eks.aws_iam_role_policy_attachment, module.eks.aws_security_group_rule, module.eks.aws_eks_cluster, module.eks.aws_security_group_rule, module.vpc.output, module.vpc.aws_vpc]
Why ? no idea... it also does not work again when I want to remove enable_aws_for_fluentbit this is maddening...
@VladoPortos @kahirokunn @Zvikan it worked for me if I comment the entire line instead of putting value to false:
# enable_aws_cloudwatch_metrics = false it works
enable_aws_cloudwatch_metrics = false it doesn't works, it causes cycle error
it is difficult to tell what the issue is without a proper reproduction, but I am willing to be it is because you have an explicit depends_on between modules. You should remove this and the problem should subside - https://github.com/hashicorp/terraform/issues/26383#issuecomment-699149145
closing for now - please feel free to provide more information here and we can revisit
I was reducing the problem so you @bryantbiggs could have something to recreate it with. But while doing it I realized the problem goes away with terraform 1.3.7, was having issues with terraform 1.3.2. Seemingly there's no issue with the module then :+1: