nebari icon indicating copy to clipboard operation
nebari copied to clipboard
verified publisher icon nebari-dev

[BUG] - redeploying after node group changes does not redeploy helm charts

Open satra opened this issue 6 months ago • 2 comments

Describe the bug

when changing node_group parameters the node_groups reinitialized but idempotency is not maintained. so after redoing node groups it tries connect to keycloak which no longer exists.

Expected behavior

the deployment system should preserve state and redeploy helm charts to bring it back to working level. when making a change in an earlier stage, it should consider what the consequences are on future stages.

OS and architecture in which you are running Nebari

macos

How to Reproduce the problem?

deploy nebari add user to keycloak modify node_group (say instance type) deploy nebari

Command output

[tofu]: random_password.keycloak-nebari-bot-password: Refreshing state... [id=none]
[tofu]: data.aws_eks_cluster.default: Reading...
[tofu]: data.aws_eks_cluster_auth.default: Reading...
[tofu]: data.aws_eks_cluster_auth.default: Read complete after 0s [id=dandi-hub]
[tofu]: data.aws_eks_cluster.default: Read complete after 0s [id=dandi-hub]
[tofu]: module.kubernetes-keycloak-helm.helm_release.keycloak: Refreshing state... [id=keycloak]
[tofu]: module.kubernetes-keycloak-helm.kubernetes_manifest.keycloak-http: Refreshing state...
[tofu]: 
[tofu]: No changes. Your infrastructure matches the configuration.
[tofu]: 
[tofu]: OpenTofu has compared your real infrastructure against your configuration and
[tofu]: found no differences, so no changes are needed.
[tofu]: 
[tofu]: Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
[tofu]: 
[tofu]: Outputs:
[tofu]: 
[tofu]: keycloak_credentials = <sensitive>
[tofu]: keycloak_nebari_bot_password = <sensitive>
Attempt 1 failed connecting to keycloak master realm
Attempt 2 failed connecting to keycloak master realm
Attempt 3 failed connecting to keycloak master realm
Attempt 4 failed connecting to keycloak master realm
Attempt 5 failed connecting to keycloak master realm
Attempt 6 failed connecting to keycloak master realm
Attempt 7 failed connecting to keycloak master realm
Attempt 8 failed connecting to keycloak master realm
Attempt 9 failed connecting to keycloak master realm
Attempt 10 failed connecting to keycloak master realm
ERROR: unable to connect to keycloak master realm at url=<hidden> with root credentials

Versions and dependencies used.

nebari dev 2025.6.2 k8s 1.31 aws

Compute environment

None

Integrations

No response

Anything else?

No response

satra avatar Jul 03 '25 02:07 satra

hey @satra by modified node group, you meant a change to the general one correct? I will attempt to reproduce this issue

viniciusdc avatar Jul 04 '25 12:07 viniciusdc

you meant a change to the general one correct

yes, where all the service pods are housed

satra avatar Jul 04 '25 12:07 satra