terraform-google-kubernetes-engine icon indicating copy to clipboard operation
terraform-google-kubernetes-engine copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

[beta-private-cluster-update-variant] Updating master_ipv4_cidr_block results in 'already exists' error

Open fbeevikm opened this issue 3 years ago • 1 comments

TL;DR

When we updated master_ipv4_cidr_block in beta-private-cluster-update-variant module, it forced recreation ofmodule.mllp_cluster.google_container_cluster.primary, but ,the creation failed with following error: Error: googleapi: Error 409: Already exists: projects/<project-id>/locations/us-central1/clusters/<cluster-name>, alreadyExists Step #2 - "Apply": Step #2 - "Apply": on .terraform/modules/<cluster-name>modules/beta-private-cluster-update-variant/cluster.tf line 22, in resource "google_container_cluster" "primary": Step #2 - "Apply": 22: resource "google_container_cluster" "primary" {

Expected behavior

Replace the existing cluster with the changes.

Observed behavior

Recreation failed with duplicate error.

Terraform Configuration

odule "{{.module_name}}" {
  source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster-update-variant"
  version = "~> 19.0.0"
  depends_on = [module.project]

  # Required.
  name       = "{{.cluster_name}}"
  project_id = "{{.project_id}}"
  region     = "{{.region}}"
  regional   = true

  network_project_id       = "{{.network_project_id}}"
  network                  = "{{.network}}"
  subnetwork               = "{{.subnet}}"
  ip_range_pods            = "pods-range"
  ip_range_services        = "services-range"
  add_cluster_firewall_rules = true
  master_ipv4_cidr_block   = "{{.master_ipv4_cidr_block}}"
  istio                    = false
  skip_provisioners        = true
  enable_private_endpoint  = true
  release_channel          = "STABLE"
  network_policy           = true
  # Removing the default node pull, as it cannot be modified without destroying the cluster.
  remove_default_node_pool = true
  issue_client_certificate      = false
  deploy_using_private_endpoint = true
  # Private nodes better control public exposure, and reduce the
  # ability of nodes to reach to the Internet without additional configurations.
  enable_private_nodes          = true
  # Allow the cluster master to be accessible globally (from any region).
  master_global_access_enabled  = true
  # master_authorized_networks can be specified to restrict access to the public endpoint.
  # Also see https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters.
  enable_binary_authorization   = true
  # Workload Identity is enabled by default in beta-private-cluster-update-variant.
  # And identity_namespace is set to [project_id].svc.id.goog and node_metadata to GKE_METADATA_SERVER.
  master_authorized_networks = [
    {
      display_name: "cloudbuild"
      cidr_block: "{{.cloud_build_pool_range}}"
    }
  ]
  node_pools = [
    {
      name               = "default-node-pool"
      machine_type       = "e2-medium"
      min_count          = 1
      max_count          = 20
      local_ssd_count    = 0
      disk_size_gb       = 100
      disk_type          = "pd-standard"
      image_type         = "COS_CONTAINERD"
      auto_repair        = true
      auto_upgrade       = true
      service_account    = "{{.service_account}}"
      preemptible        = false
      initial_node_count = 1
    },
  ]
}

Terraform Version

Terraform v0.14.9

Additional information

No response

fbeevikm avatar Jun 22 '22 19:06 fbeevikm

Hi @fbeevikm Do you happen to have logs from the apply?

bharathkkb avatar Jun 23 '22 01:06 bharathkkb

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] avatar Aug 22 '22 23:08 github-actions[bot]