terraform-provider-kubernetes-alpha icon indicating copy to clipboard operation
terraform-provider-kubernetes-alpha copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Error: Dry-run failed for non-structured resource

Open bg2132332 opened this issue 3 years ago • 3 comments

If you prefer, you can also ask your question in the Kubernetes community Slack channel #terraform-providers. (Sign up here)

Terraform version, Kubernetes provider version and Kubernetes version

Terraform version: 0.14.8
Kubernetes Alpha Provider version: 0.4.0
Kubernetes version: 4.7.2

Terraform configuration

resource "kubernetes_manifest" "test" {
  provider = "kubernetes-alpha"
  manifest = {
    "apiVersion"="kubevirt.io/vlalpha3"
    "kind"="VirtualMachine"
    "metadata"={
      ...
    }
    "spec"= {
      ...
    }
  }
}

Question

I get the following warning and then error back.  Would anyone suggest a solution?

> Warning: This custom resource does not have an associated OpenAPI schema.
> 
>   on main.tf line 45, in resource "kubernetes_manifest" .....
> 
> We could not find an OpenAPI schema for this custom resource. Updates to this 
> resource will cause a forced replacement.
> 
> Error: Dry-run failed for non-structured resource
> 
>   on main.tf line 45, in resource "kubernetes_manifest" .....
> 
> A dry-run apply was performed for this resource by was unsuccessful:
> admission webhook "virtualmachines-mutator.kubevirt.io" does not support dry
> run

bg2132332 avatar May 21 '21 20:05 bg2132332

@bg2132332 do you have the virtualmachines-mutator.kubevirt.io CRD installed on the cluster? Can you see it when you run kubectl get crds | grep virtualmachines-mutator.kubevirt.io ?

alexsomesan avatar May 22 '21 09:05 alexsomesan

Hi Alex, thank you for a prompt response. i get nothing when i run your command, but I'm assured by my OpenShift expert that KubeVirt is installed correctly and functional. This is partly what he wrote:

... In the product as shipped by Red Hat, the web hook [referring to mutating admission web hook] in question has the side effects set to "unknown". This has the effect of making a dry run not possible using a resource that has this web hook in the admission chain, as the API server will refuse it because it cannot guarantee safety. ...

The second issue is that there is not an OpenAPI specification for the KubeVirt API, which will result in Terraform force replacing any resource that is modified.

I've been going over some of the open issues and looks like there may be solutions for side effects "unknown" and the missing OpenAPI spec issues. This feels like not an uncommon situation. Please help me understand.

bg2132332 avatar May 27 '21 01:05 bg2132332

It looks like this is happening because the virtualmachines-mutator webhook does not support dry-run, and we do a dry-run at plan time for resources which have no schema as a last-measure to confirm they will apply successfully. A possible solution here is to check for this error explicitly and allow the plan to continue anyway, generate a warning, and hope for the best at apply time.

jrhouston avatar Jun 02 '21 04:06 jrhouston