terraform-provider-kubectl icon indicating copy to clipboard operation
terraform-provider-kubectl copied to clipboard

Published 20 hours ago verified publisher icon gavinbunney

--force flag

Open AlecZebrick opened this issue 3 years ago • 1 comments

I would like the ability to adjust parameters of things like storage classes. In my particular case I'm using kubectl_manifest resource to provision a variety of things in an EKS cluster. One problem I'm having is the default storage class created by EKS does not come with {encrypted: "true"} parameter enabled by default. I currently change this with a shell script but it would be amazing to automate it with this terraform resource.

resource "kubectl_manifest" "sc" {  
yaml_body = <<YAML
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  annotations:
    storageclass.kubernetes.io/is-default-class: "true"
  name: gp2
provisioner: kubernetes.io/aws-ebs
parameters:
  type: io2
  encrypted: "true"
  fsType: ext4
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer
YAML
force_new = true
}

This currently throws the error "StorageClass.storage.k8s.io "gp2" is invalid: parameters: Forbidden: updates to parameters are forbidden". The storage class named gp2 already exists. A kubectl apply --force would circumvent this.

AlecZebrick avatar Jun 18 '21 05:06 AlecZebrick

I found a workaround for my use case. I break it apart into two resources and simply change the annotation of the existing eks default storage class (allowed without --force) and create a new default storage class. The code is below. A --force option would still be wonderful though.

resource "kubectl_manifest" "sc" {  
yaml_body = <<YAML
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  annotations:
    storageclass.kubernetes.io/is-default-class: "false"
  name: gp2
provisioner: kubernetes.io/aws-ebs
parameters:
  type: gp2
  fsType: ext4
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer
YAML
}

resource "kubectl_manifest" "sc2" {  
yaml_body = <<YAML
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  annotations:
    storageclass.kubernetes.io/is-default-class: "true"
  name: encrypted-kubeflow
provisioner: kubernetes.io/aws-ebs
parameters:
  type: io2
  encrypted: "true"
  fsType: ext4
reclaimPolicy: Delete
volumeBindingMode: WaitForFirstConsumer
YAML
}

AlecZebrick avatar Jun 18 '21 05:06 AlecZebrick