terraform-provider-tencentcloud icon indicating copy to clipboard operation
terraform-provider-tencentcloud copied to clipboard

Published 20 hours ago verified publisher icon tencentcloudstack

Failed to create tencentcloud_kubernetes_cluster with existing VPC and subnets

Open quangthe opened this issue 3 years ago • 1 comments

Terraform Version

$ terraform -version Terraform v0.15.4 on darwin_amd64

Affected Resource(s)

  • tencentcloud_kubernetes_cluster

Terraform Configuration Files

terraform {
  # backend "http" {
  # }
  required_providers {
    tencentcloud = {
      source  = "tencentcloudstack/tencentcloud"
      version = "1.56.6"
    }
  }
}
# Define TF_VAR_tencent_access_key in Gitlab CICD Settings > Variables
variable "tencent_access_key" {
  type = string
}
# Define TF_VAR_tencent_secret_key in Gitlab CICD Settings > Variables
variable "tencent_secret_key" {
  type = string
}
# Define TF_VAR_tencent_region in Gitlab CICD Settings > Variables
variable "tencent_region" {
  type = string
}
# Configure the TencentCloud Provider
provider "tencentcloud" {
  secret_id  = var.tencent_access_key
  secret_key = var.tencent_secret_key
  region     = var.tencent_region
}
variable "vpc_cidr" {
  type = string
  default = "10.0.0.0/16"
}
variable "instance_type" {
  type        = string
  default     = "S5.MEDIUM4"
  description = "Worker node instance type S5.MEDIUM4"
}

# Get availability zones
data "tencentcloud_availability_zones" "default" {
  include_unavailable = false
}
locals {
  zones    = data.tencentcloud_availability_zones.default.zones
  cidrs = [
    "10.0.0.0/19",
    "10.0.32.0/19",
    "10.0.64.0/19",
    "10.0.96.0/19",
    "10.0.128.0/19",
    "10.0.160.0/19",
    "10.0.192.0/19",
    "10.0.224.0/19"
  ]
  zone_map = {
    for index, value in local.zones :
    value["id"] => {
      cidr = local.cidrs[index]
      zone = value
    }
  }
}
output "zone_map" {
  value = local.zone_map
}

resource "tencentcloud_vpc" "myvpc" {
  name       = "tf-vpc"
  cidr_block = var.vpc_cidr
}
resource "tencentcloud_subnet" "mysubnet" {
  for_each          = local.zone_map
  availability_zone = each.value.zone.name
  name              = "${tencentcloud_vpc.myvpc.name}-${each.value.zone.id}"
  vpc_id            = tencentcloud_vpc.myvpc.id
  cidr_block        = each.value.cidr
}

output "subnets" {
  value = resource.tencentcloud_subnet.mysubnet
}

resource "tencentcloud_kubernetes_cluster" "managed_cluster" {
  vpc_id = tencentcloud_vpc.myvpc.id
  # VPC-CNI cluster doesn't need clusterCIDR
  # cluster_cidr            = var.cluster_cidr
  #cluster_max_pod_num     = 64
  cluster_name            = "terraform-mainland-cn"
  cluster_desc            = "Demo cluster in China Mainland"
  cluster_max_service_num = 16384
  cluster_deploy_type     = "MANAGED_CLUSTER"
  cluster_os              = "tlinux2.4x86_64"
  cluster_version         = "1.18.4"
  container_runtime       = "docker"
  network_type            = "VPC-CNI"
  # `service_cidr` must be set and `eni_subnet_ids` must be set when cluster `network_type` is VPC-CNI.
  service_cidr = "172.16.0.0/18"
  # extract subnetId from list of subnets
  eni_subnet_ids   = [for subnet in resource.tencentcloud_subnet.mysubnet : subnet.id]
  # Internet access to cluster
  cluster_internet = true
  managed_cluster_internet_security_policies = ["0.0.0.0/0"]

  dynamic "worker_config" {
    for_each = resource.tencentcloud_subnet.mysubnet
    content {
      count                      = 1
      availability_zone          = worker_config.value.availability_zone
      instance_type              = var.instance_type
      system_disk_type           = "CLOUD_SSD"
      system_disk_size           = 60
      internet_charge_type       = "TRAFFIC_POSTPAID_BY_HOUR"
      internet_max_bandwidth_out = 100
      public_ip_assigned         = true
      subnet_id                  = worker_config.value.id
      key_ids                    = ["skey-r5x08uoh"]

      data_disk {
        disk_type = "CLOUD_PREMIUM"
        disk_size = 50
      }

      enhanced_security_service = true
      enhanced_monitor_service  = true
    }
  }
}

Debug Output

https://gist.github.com/quangthe/3df4e71f96df632e564a285935987df5

Panic Output

No

Expected Behavior

Should create a VPC with 3 subnets. Should create a cluster with 3 worker nodes. Each worker nodes is in each availability zones.

Actual Behavior

Created a VPC with 3 subnets (OK). Failed to create TKE cluster

Error: [TencentCloudSDKError] Code=InternalError.Param, Message=subnetId subnet-fqsrws7w must be empty,but used to create Instances, RequestId=e3baf034-abf8-4a05-a17f-1b6fb69df53b
│ 
│   with tencentcloud_kubernetes_cluster.managed_cluster,
│   on main.tf line 83, in resource "tencentcloud_kubernetes_cluster" "managed_cluster":
│   83: resource "tencentcloud_kubernetes_cluster" "managed_cluster" {
│

Steps to Reproduce

  1. terraform apply

Important Factoids

No

References

  • https://registry.terraform.io/providers/tencentcloudstack/tencentcloud/latest/docs/resources/kubernetes_cluster

quangthe avatar May 21 '21 03:05 quangthe

As the VPC-CNI Mode Documentation , Subnets in VPC-CNI mode cannot be used by other cloud resources, such as CVMs and CLBs. There is two way to solve this problem:

  • Avoid specifying workers and cluster under the same subnet
  • Set is_non_static_ip_mode=true

Kagashino avatar Nov 22 '21 11:11 Kagashino