terraform-provider-kubernetes
terraform-provider-kubernetes copied to clipboard
hashicorp
Using insecure = true doesn't work when the provider depends on another resource
Terraform Version, Provider Version and Kubernetes Version
Terraform v1.1.0
on linux_amd64
+ provider registry.terraform.io/hashicorp/azurerm v2.89.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.7.1
Affected Resource(s)
provider "kubernetes"
Terraform Configuration Files
provider "azurerm" {
features {}
}
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = ">=2.89.0"
}
}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_kubernetes_cluster" "example" {
name = "example-aks1"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
dns_prefix = "exampleaks1"
default_node_pool {
name = "default"
node_count = 1
vm_size = "Standard_D2_v2"
}
identity {
type = "SystemAssigned"
}
tags = {
Environment = "Production"
}
}
provider "kubernetes" {
host = azurerm_kubernetes_cluster.example.kube_config.0.host
username = azurerm_kubernetes_cluster.example.kube_config.0.username
password = azurerm_kubernetes_cluster.example.kube_config.0.password
client_certificate = base64decode(azurerm_kubernetes_cluster.example.kube_config.0.client_certificate)
client_key = base64decode(azurerm_kubernetes_cluster.example.kube_config.0.client_key)
# cluster_ca_certificate = base64decode(azurerm_kubernetes_cluster.example.kube_config.0.cluster_ca_certificate)
insecure = true
}
resource "kubernetes_config_map" "env" {
metadata {
name = "env"
}
data = {
foo = "bar"
}
}
Debug Output
https://gist.github.com/orgads/08799b38d39caae73cddae7b40a2e13e
Steps to Reproduce
-
terraform apply-->
│ Error: Provider configuration: cannot load Kubernetes client config
│
│ with provider["registry.terraform.io/hashicorp/kubernetes"],
│ on aks.tf line 40, in provider "kubernetes":
│ 40: provider "kubernetes" {
│
│ invalid configuration: default cluster has no server defined
Expected Behavior
What should have happened? It should work.
Actual Behavior
What actually happened? It fails with the error described above.
Important Factoids
If I use cluster_ca_certificate (the commented out line) and remove insecure = true it works as expected.
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Hello,
Same for me with GKE cluster. The bug happens when the cluster does not exist yet before execute a terraform apply. If the cluster already exists before execute a terraform apply, no bug.
Any news, please ?
Hi,
I'm facing the same error provisioning EKS clusters.
Is there any ETA for this?
Thanks!
I found the same problem.
HTTPS_PROXY=http://127.0.0.1:8888 HTTP_PROXY=http://127.0.0.1:8888 OS_INSECURE=true terraform apply -auto-approve
and I set insecure = true:
provider "kubernetes" {
config_path = "./k8s.yaml"
insecure = true
}
the result is:
kubernetes_pod.redis: Creating...
╷
│ Error: an error on the server ("tls: failed to verify certificate: x509: certificate signed by unknown authority") has prevented the request from succeeding (post pods)
│
│ with kubernetes_pod.redis,
│ on redis_1.tf line 8, in resource "kubernetes_pod" "redis":
│ 8: resource "kubernetes_pod" "redis" {
│
╵
