Skip to content
This repository has been archived by the owner on Aug 11, 2021. It is now read-only.

Helm dependency for CRD manifest #72

Closed
dbalymvz opened this issue Jun 23, 2020 · 22 comments · Fixed by #151
Closed

Helm dependency for CRD manifest #72

dbalymvz opened this issue Jun 23, 2020 · 22 comments · Fixed by #151
Labels
bug Something isn't working needs-investigation

Comments

@dbalymvz
Copy link

Terraform Version and Provider Version

Terraform v0.12.26

  • provider.helm v1.2.3
  • provider.kubernetes v1.11.3
  • provider.kubernetes-alpha (unversioned)
  • provider.null v2.1.2
  • provider.rancher2 v1.8.3

Affected Resource(s)

kubernetes_manifest

Terraform Configuration Files

resource "helm_release" "cert-manager" {
  name       = "cert-manager"
  repository = "https://charts.jetstack.io"
  chart      = "cert-manager"
  version    = "v0.15.1"
  namespace  = rancher2_namespace.cert-manager.name
  lint       = true
  atomic     = true
  values = [
  templatefile("helm_values/cert-manager.tmpl.yml", {
    namespace_name=rancher2_namespace.cert-manager.name,
    private_repo=var.private_repo,
    })
  ]
}
resource "kubernetes_manifest" "cert-manager-cluster-issuer" {
  provider = kubernetes-alpha
  manifest = yamldecode(templatefile("manifests/cert-manager-cluster-issuer.tmpl.yml", {
    cluster_name=var.cluster_name
    }))
  depends_on = [helm_release.cert-manager]
}

cert-manager-cluster-issuer.tmpl.yml:
---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: ${cluster_name}-cluster-issuer
spec:
  ca:
    secretName: rootca-tls

Panic Output

Error: rpc error: code = Unknown desc = no matches for cert-manager.io/v1alpha2, Resource=ClusterIssuer

Expected Behavior

Terraform schedules kubernetes_manifest.cert-manager-cluster-issuer deployment after helm_release.cert-manager is ready

Actual Behavior

Terraform throws an error that CRD is not available on 'plane' step

Steps to Reproduce

terraform plan

@dbalymvz dbalymvz added the bug Something isn't working label Jun 23, 2020
@dbalymvz dbalymvz changed the title Helm dependency for CRD Helm dependency for CRD manifest Jun 23, 2020
@dbalymvz
Copy link
Author

Here is terraform graph: https://ibb.co/WtpPnBS

@kron4eg
Copy link

kron4eg commented Jul 6, 2020

This happens because custom resource (ClusterIssuer) takes some time to properly register in API server. In case when CRD ClusterIssuer was just created and then immediately one tries to create custom resource — this error will happen.

@manobi
Copy link

manobi commented Jul 9, 2020

I have the exact same problem, cert manager via helm release and following error while planning for ClusterIssuer using kubernetes-alpha:

Acquiring state lock. This may take a few moments...

Error: rpc error: code = Canceled desc = context canceled
  • Terraform v0.12.26
  • kubernetes-alpha v0.1.0

I my case I'm applying the custom resource in a second run after the crds are already running.

@manobi
Copy link

manobi commented Jul 9, 2020

EDIT: I've discovered that my issue was because because of dynamic generated connection to kubernetes, when I switched to static kubeconfig file it worked. I don't understand the reason since it's documented as supported but I understand this is a topic for another issuer.


I've switched to a night build instead of v0.1.0 but still not working, given the following log do you think it's conflicting with other provider? it does not seems to have something to do with helm because any resource manifest give the same error:

PS: I'm also using GCS as state storage if it helps.

2020-07-08T22:39:40.996-0300 [DEBUG] plugin: using plugin: version=5
2020-07-08T22:39:41.062-0300 [DEBUG] plugin: plugin started: path=/usr/local/bin/terraform pid=25712
2020-07-08T22:39:41.062-0300 [DEBUG] plugin: waiting for RPC address: path=/usr/local/bin/terraform
2020-07-08T22:39:41.119-0300 [INFO]  plugin: configuring client automatic mTLS
2020-07-08T22:39:41.120-0300 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unimplemented desc = unknown service plugin.GRPCStdio"
2020-07-08T22:39:41.172-0300 [DEBUG] plugin: starting plugin: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-random_v2.2.1_x4 args=[/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-random_v2.2.1_x4]
2020-07-08T22:39:41.178-0300 [DEBUG] plugin: plugin started: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-random_v2.2.1_x4 pid=25713
2020-07-08T22:39:41.178-0300 [DEBUG] plugin: waiting for RPC address: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-random_v2.2.1_x4
2020-07-08T22:39:41.189-0300 [INFO]  plugin.terraform-provider-random_v2.2.1_x4: configuring server automatic mTLS: timestamp=2020-07-08T22:39:41.189-0300
2020-07-08T22:39:41.207-0300 [DEBUG] plugin.terraform: 2020/07/08 22:39:41 [WARN] Log levels other than TRACE are currently unreliable, and are supported only for backward compatibility.
2020-07-08T22:39:41.207-0300 [DEBUG] plugin.terraform:   Use TF_LOG=TRACE to see Terraform's internal logs.
2020-07-08T22:39:41.207-0300 [DEBUG] plugin.terraform:   ----
2020-07-08T22:39:41.225-0300 [DEBUG] plugin: using plugin: version=5
2020-07-08T22:39:41.225-0300 [DEBUG] plugin.terraform-provider-random_v2.2.1_x4: plugin address: address=/var/folders/86/fvyvb0694jn0_xf6f42dsp1c0000gn/T/plugin782958516 network=unix timestamp=2020-07-08T22:39:41.224-0300
2020-07-08T22:39:41.237-0300 [DEBUG] plugin.terraform: 2020/07/08 22:39:41 [INFO] Terraform version: 0.12.26  
2020-07-08T22:39:41.237-0300 [DEBUG] plugin.terraform: 2020/07/08 22:39:41 [INFO] Go runtime version: go1.13.11
2020-07-08T22:39:41.237-0300 [DEBUG] plugin.terraform: 2020/07/08 22:39:41 [INFO] CLI args: []string{"/usr/local/bin/terraform", "internal-plugin", "provisioner", "remote-exec"}
2020-07-08T22:39:41.237-0300 [DEBUG] plugin.terraform: 2020/07/08 22:39:41 [DEBUG] Attempting to open CLI config file: /Users/manobi/.terraformrc
2020-07-08T22:39:41.237-0300 [DEBUG] plugin.terraform: 2020/07/08 22:39:41 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2020-07-08T22:39:41.237-0300 [DEBUG] plugin.terraform: 2020/07/08 22:39:41 [DEBUG] checking for credentials in "/Users/manobi/.terraform.d/plugins"
2020-07-08T22:39:41.237-0300 [DEBUG] plugin.terraform: 2020/07/08 22:39:41 [INFO] CLI command args: []string{"internal-plugin", "provisioner", "remote-exec"}
2020-07-08T22:39:41.237-0300 [DEBUG] plugin.terraform: remote-exec-provisioner (internal) 2020/07/08 22:39:41 [INFO] Starting provisioner plugin remote-exec
2020-07-08T22:39:41.237-0300 [DEBUG] plugin.terraform: plugin address: address=/var/folders/86/fvyvb0694jn0_xf6f42dsp1c0000gn/T/plugin074085321 network=unix timestamp=2020-07-08T22:39:41.236-0300
2020-07-08T22:39:41.237-0300 [DEBUG] plugin: using plugin: version=5
2020-07-08T22:39:41.294-0300 [INFO]  plugin: configuring client automatic mTLS
2020-07-08T22:39:41.294-0300 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unimplemented desc = unknown service plugin.GRPCStdio"
2020-07-08T22:39:41.322-0300 [DEBUG] plugin: starting plugin: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-google-beta_v3.26.0_x5 args=[/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-google-beta_v3.26.0_x5]
2020-07-08T22:39:41.332-0300 [DEBUG] plugin: plugin started: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-google-beta_v3.26.0_x5 pid=25715
2020-07-08T22:39:41.332-0300 [DEBUG] plugin: waiting for RPC address: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-google-beta_v3.26.0_x5
2020-07-08T22:39:41.364-0300 [INFO]  plugin.terraform-provider-google-beta_v3.26.0_x5: configuring server automatic mTLS: timestamp=2020-07-08T22:39:41.363-0300
2020-07-08T22:39:41.398-0300 [DEBUG] plugin: using plugin: version=5
2020-07-08T22:39:41.398-0300 [DEBUG] plugin.terraform-provider-google-beta_v3.26.0_x5: plugin address: address=/var/folders/86/fvyvb0694jn0_xf6f42dsp1c0000gn/T/plugin580578030 network=unix timestamp=2020-07-08T22:39:41.398-0300
2020-07-08T22:39:41.462-0300 [INFO]  plugin: configuring client automatic mTLS
2020-07-08T22:39:41.462-0300 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unimplemented desc = unknown service plugin.GRPCStdio"
2020-07-08T22:39:41.491-0300 [DEBUG] plugin: starting plugin: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-google_v3.26.0_x5 args=[/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-google_v3.26.0_x5]
2020-07-08T22:39:41.500-0300 [DEBUG] plugin: plugin started: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-google_v3.26.0_x5 pid=25716
2020-07-08T22:39:41.500-0300 [DEBUG] plugin: waiting for RPC address: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-google_v3.26.0_x5
2020-07-08T22:39:41.585-0300 [INFO]  plugin.terraform-provider-google_v3.26.0_x5: configuring server automatic mTLS: timestamp=2020-07-08T22:39:41.585-0300
2020-07-08T22:39:41.620-0300 [DEBUG] plugin.terraform-provider-google_v3.26.0_x5: plugin address: address=/var/folders/86/fvyvb0694jn0_xf6f42dsp1c0000gn/T/plugin071495603 network=unix timestamp=2020-07-08T22:39:41.620-0300
2020-07-08T22:39:41.620-0300 [DEBUG] plugin: using plugin: version=5
2020-07-08T22:39:41.687-0300 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unimplemented desc = unknown service plugin.GRPCStdio"
2020-07-08T22:39:42.199-0300 [DEBUG] plugin: plugin process exited: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-random_v2.2.1_x4 pid=25713
2020-07-08T22:39:42.199-0300 [DEBUG] plugin: plugin exited
2020-07-08T22:39:42.451-0300 [INFO]  plugin: configuring client automatic mTLS
2020-07-08T22:39:42.483-0300 [DEBUG] plugin: starting plugin: path=/Users/manobi/.terraform.d/plugins/terraform-provider-kubernetes-alpha args=[/Users/manobi/.terraform.d/plugins/terraform-provider-kubernetes-alpha]
2020-07-08T22:39:42.489-0300 [DEBUG] plugin: plugin started: path=/Users/manobi/.terraform.d/plugins/terraform-provider-kubernetes-alpha pid=25725
2020-07-08T22:39:42.489-0300 [DEBUG] plugin: waiting for RPC address: path=/Users/manobi/.terraform.d/plugins/terraform-provider-kubernetes-alpha
2020-07-08T22:39:42.499-0300 [INFO]  plugin.terraform-provider-kubernetes-alpha: configuring server automatic mTLS: timestamp=2020-07-08T22:39:42.499-0300
2020-07-08T22:39:42.533-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha: plugin address: address=/var/folders/86/fvyvb0694jn0_xf6f42dsp1c0000gn/T/plugin135680960 network=unix timestamp=2020-07-08T22:39:42.533-0300
2020-07-08T22:39:42.533-0300 [DEBUG] plugin: using plugin: version=5
2020-07-08T22:39:42.605-0300 [INFO]  plugin: configuring client automatic mTLS
2020-07-08T22:39:42.606-0300 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unimplemented desc = unknown service plugin.GRPCStdio"
2020-07-08T22:39:42.609-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha: 
2020-07-08T22:39:42.609-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha: goroutine 34 [running]:
2020-07-08T22:39:42.609-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha: github.com/hashicorp/go-cty/cty.Value.AsString(0x24619a0, 0xc0000b4f0b, 0x206a400, 0x2f68580, 0x2228900, 0x4)
2020-07-08T22:39:42.609-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha:        /home/runner/work/terraform-provider-kubernetes-alpha/terraform-provider-kubernetes-alpha/vendor/github.com/hashicorp/go-cty/cty/value_ops.go:1179 +0x16b
2020-07-08T22:39:42.609-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha: github.com/hashicorp/terraform-provider-kubernetes-alpha/provider.(*RawProviderServer).PrepareProviderConfig(0x2f688a8, 0x24614e0, 0xc0001bb6b0, 0xc0001bb7d0, 0x2f688a8, 0xc0001bb6b0, 0xc000487b78)
2020-07-08T22:39:42.609-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha:        /home/runner/work/terraform-provider-kubernetes-alpha/terraform-provider-kubernetes-alpha/provider/server.go:105 +0xd96
2020-07-08T22:39:42.609-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha: github.com/hashicorp/terraform-provider-kubernetes-alpha/tfplugin5._Provider_PrepareProviderConfig_Handler(0x2165940, 0x2f688a8, 0x24614e0, 0xc0001bb6b0, 0xc0000b0cc0, 0x0, 0x24614e0, 0xc0001bb6b0, 0xc0005922a0, 0xda)
2020-07-08T22:39:42.609-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha:        /home/runner/work/terraform-provider-kubernetes-alpha/terraform-provider-kubernetes-alpha/tfplugin5/tfplugin5.pb.go:3064 +0x217
2020-07-08T22:39:42.609-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha: google.golang.org/grpc.(*Server).processUnaryRPC(0xc000083200, 0x2472e60, 0xc000272a80, 0xc000190000, 0xc0001baf90, 0x2f27198, 0x0, 0x0, 0x0)
2020-07-08T22:39:42.609-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha:        /home/runner/work/terraform-provider-kubernetes-alpha/terraform-provider-kubernetes-alpha/vendor/google.golang.org/grpc/server.go:1024 +0x501
2020-07-08T22:39:42.609-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha: google.golang.org/grpc.(*Server).handleStream(0xc000083200, 0x2472e60, 0xc000272a80, 0xc000190000, 0x0)
2020-07-08T22:39:42.609-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha:        /home/runner/work/terraform-provider-kubernetes-alpha/terraform-provider-kubernetes-alpha/vendor/google.golang.org/grpc/server.go:1313 +0xd3d
2020-07-08T22:39:42.610-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha: google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc0002f4240, 0xc000083200, 0x2472e60, 0xc000272a80, 0xc000190000)
2020-07-08T22:39:42.610-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha:        /home/runner/work/terraform-provider-kubernetes-alpha/terraform-provider-kubernetes-alpha/vendor/google.golang.org/grpc/server.go:722 +0xa1
2020-07-08T22:39:42.610-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha: created by google.golang.org/grpc.(*Server).serveStreams.func1
2020-07-08T22:39:42.610-0300 [DEBUG] plugin.terraform-provider-kubernetes-alpha:        /home/runner/work/terraform-provider-kubernetes-alpha/terraform-provider-kubernetes-alpha/vendor/google.golang.org/grpc/server.go:720 +0xa1
2020-07-08T22:39:42.611-0300 [DEBUG] plugin: plugin process exited: path=/Users/manobi/.terraform.d/plugins/terraform-provider-kubernetes-alpha pid=25725 error="exit status 2"
2020/07/08 22:39:42 [WARN] module.biz_pro: eval: *terraform.EvalValidateProvider, non-fatal err: rpc error: code = Unavailable desc = transport is closing
2020/07/08 22:39:42 [ERROR] module.biz_pro: eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
2020/07/08 22:39:42 [ERROR] module.biz_pro: eval: *terraform.EvalOpFilter, err: rpc error: code = Unavailable desc = transport is closing
2020/07/08 22:39:42 [ERROR] module.biz_pro: eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
2020-07-08T22:39:42.642-0300 [DEBUG] plugin: starting plugin: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-helm_v1.2.3_x4 args=[/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-helm_v1.2.3_x4]
2020-07-08T22:39:42.652-0300 [DEBUG] plugin: plugin started: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-helm_v1.2.3_x4 pid=25726
2020-07-08T22:39:42.652-0300 [DEBUG] plugin: waiting for RPC address: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-helm_v1.2.3_x4
2020-07-08T22:39:42.692-0300 [INFO]  plugin.terraform-provider-helm_v1.2.3_x4: configuring server automatic mTLS: timestamp=2020-07-08T22:39:42.692-0300
2020-07-08T22:39:42.723-0300 [DEBUG] plugin.terraform-provider-helm_v1.2.3_x4: plugin address: address=/var/folders/86/fvyvb0694jn0_xf6f42dsp1c0000gn/T/plugin046410413 network=unix timestamp=2020-07-08T22:39:42.723-0300
2020-07-08T22:39:42.723-0300 [DEBUG] plugin: using plugin: version=5
2020-07-08T22:39:42.784-0300 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unimplemented desc = unknown service plugin.GRPCStdio"
2020-07-08T22:39:42.784-0300 [INFO]  plugin: configuring client automatic mTLS
2020-07-08T22:39:42.816-0300 [DEBUG] plugin: starting plugin: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-cloudflare_v2.8.0_x4 args=[/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-cloudflare_v2.8.0_x4]
2020-07-08T22:39:42.821-0300 [DEBUG] plugin: plugin started: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-cloudflare_v2.8.0_x4 pid=25727
2020-07-08T22:39:42.821-0300 [DEBUG] plugin: waiting for RPC address: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-cloudflare_v2.8.0_x4
2020-07-08T22:39:42.834-0300 [INFO]  plugin.terraform-provider-cloudflare_v2.8.0_x4: configuring server automatic mTLS: timestamp=2020-07-08T22:39:42.833-0300
2020-07-08T22:39:42.861-0300 [DEBUG] plugin.terraform-provider-cloudflare_v2.8.0_x4: plugin address: address=/var/folders/86/fvyvb0694jn0_xf6f42dsp1c0000gn/T/plugin539795306 network=unix timestamp=2020-07-08T22:39:42.861-0300
2020-07-08T22:39:42.861-0300 [DEBUG] plugin: using plugin: version=5
2020-07-08T22:39:42.922-0300 [INFO]  plugin: configuring client automatic mTLS
2020-07-08T22:39:42.951-0300 [DEBUG] plugin: starting plugin: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-kubernetes_v1.11.3_x4 args=[/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-kubernetes_v1.11.3_x4]
2020-07-08T22:39:42.960-0300 [DEBUG] plugin: plugin started: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-kubernetes_v1.11.3_x4 pid=25728
2020-07-08T22:39:42.960-0300 [DEBUG] plugin: waiting for RPC address: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-kubernetes_v1.11.3_x4
2020-07-08T22:39:42.981-0300 [INFO]  plugin.terraform-provider-kubernetes_v1.11.3_x4: configuring server automatic mTLS: timestamp=2020-07-08T22:39:42.980-0300
2020-07-08T22:39:43.014-0300 [DEBUG] plugin: using plugin: version=5
2020-07-08T22:39:43.015-0300 [DEBUG] plugin.terraform-provider-kubernetes_v1.11.3_x4: plugin address: address=/var/folders/86/fvyvb0694jn0_xf6f42dsp1c0000gn/T/plugin069411071 network=unix timestamp=2020-07-08T22:39:43.014-0300
2020-07-08T22:39:43.080-0300 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unimplemented desc = unknown service plugin.GRPCStdio"
2020-07-08T22:39:43.082-0300 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2020-07-08T22:39:43.082-0300 [DEBUG] plugin: plugin process exited: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-template_v2.1.2_x4 pid=25709
2020-07-08T22:39:43.082-0300 [DEBUG] plugin: plugin exited
2020-07-08T22:39:43.086-0300 [DEBUG] plugin: plugin process exited: path=/usr/local/bin/terraform pid=25708
2020-07-08T22:39:43.087-0300 [DEBUG] plugin: plugin exited
2020-07-08T22:39:43.088-0300 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2020-07-08T22:39:43.091-0300 [DEBUG] plugin: plugin process exited: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-helm_v1.2.3_x4 pid=25726
2020-07-08T22:39:43.091-0300 [DEBUG] plugin: plugin exited
2020-07-08T22:39:43.092-0300 [DEBUG] plugin: plugin process exited: path=/usr/local/bin/terraform pid=25712
2020-07-08T22:39:43.092-0300 [DEBUG] plugin: plugin exited
2020-07-08T22:39:43.098-0300 [DEBUG] plugin: plugin process exited: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-google-beta_v3.26.0_x5 pid=25715
2020-07-08T22:39:43.098-0300 [DEBUG] plugin: plugin exited
2020-07-08T22:39:43.137-0300 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2020-07-08T22:39:43.138-0300 [DEBUG] plugin: plugin process exited: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-cloudflare_v2.8.0_x4 pid=25727
2020-07-08T22:39:43.138-0300 [DEBUG] plugin: plugin exited
2020-07-08T22:39:43.191-0300 [DEBUG] plugin: plugin process exited: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-google_v3.26.0_x5 pid=25716
2020-07-08T22:39:43.191-0300 [DEBUG] plugin: plugin exited
2020-07-08T22:39:43.302-0300 [DEBUG] plugin: plugin process exited: path=/Users/manobi/Documents/biz-cloud/.terraform/plugins/darwin_amd64/terraform-provider-kubernetes_v1.11.3_x4 pid=25728
2020-07-08T22:39:43.302-0300 [DEBUG] plugin: plugin exited

@TrevorPace
Copy link

This happens because custom resource (ClusterIssuer) takes some time to properly register in API server. In case when CRD ClusterIssuer was just created and then immediately one tries to create custom resource — this error will happen.

During the plan stage it isn't actually actually applying the helm chart though, so the resource will never be there. I'm seeing the exact same problem, but with a different helm chart/crd combination. My guess is when it checks with kubernetes for the current state of the custom resource it's getting an error back (because it's not there). I would assume in such cases (where a dependency is known) that we shouldn't be erroring out, but simply reporting that we will be adding that object with a predicted resultant manifest equivalent to what we are applying.

@cloud-rocket
Copy link

Happening to me on Terraform 0.13 as well

@morgoved
Copy link

morgoved commented Oct 6, 2020

Very important for me also....
Terraform v0.13.3

  • provider registry.terraform.io/hashicorp/aws v3.8.0
  • provider registry.terraform.io/hashicorp/consul v2.10.0
  • provider registry.terraform.io/hashicorp/helm v1.3.1
  • provider registry.terraform.io/hashicorp/kubernetes v1.13.2
  • provider registry.terraform.io/hashicorp/kubernetes-alpha v0.2.1

@ulm0
Copy link

ulm0 commented Oct 19, 2020

I'm facing this exact same issue when terraform apply, it doesn't even wait for helm_release to apply first

provider "kubernetes-alpha" {
  config_path          = "~/.kube/config"
  server_side_planning = false
}

resource helm_release cert_manager {
  count      = local.enable_cert_manager ? 1 : 0
  atomic     = true
  chart      = "cert-manager"
  name       = "cert-manager"
  namespace  = "kube-system"
  repository = "https://charts.jetstack.io"
  version    = local.cert_manager_version
  values = [
    yamlencode(
      {
        installCRDs = true
      }
    )
  ]
}

resource kubernetes_secret route53_cert_manager_credentials {
  count = local.enable_cert_manager ? 1 : 0
  metadata {
    name      = "route53-cert-manager-credentials"
    namespace = "kube-system"
  }
  data = {
    secret_key = var.cert_manager_secret_key
  }
}

resource kubernetes_manifest cluster_issuer {
  depends_on = [helm_release.cert_manager, kubernetes_secret.route53_cert_manager_credentials]
  count      = local.enable_cert_manager ? 1 : 0
  provider   = kubernetes-alpha
  manifest = {
    apiVersion = "cert-manager.io/v1alpha2"
    kind       = "ClusterIssuer"
    metadata = {
      name = "letsencrypt"
    }
    spec = {
      acme = {
        email  = var.acme_email
        server = local.acme_server
        privateKeySecretRef = {
          name = "acme-cluster-issuer"
        }
        solvers = [
          {
            dns01 = {
              route53 = {
                hostedZoneID = var.zone_id
                region       = var.cert_manager_aws_region
                accessKeyID  = var.cert_manager_access_key
                secretAccessKeySecretRef = {
                  name = local.cert_manager_secret_name
                  key  = "secret_key"
                }
              }
            }
            selector = {
              dnsZones = [
                var.dns_zone
              ]
            }
          }
        ]
      }
    }
  }
}

resource kubernetes_manifest default_cert {
  depends_on = [helm_release.cert_manager, kubernetes_secret.route53_cert_manager_credentials,kubernetes_manifest.cluster_issuer]
  count      = local.enable_cert_manager ? 1 : 0
  provider   = kubernetes-alpha
  manifest = {
    apiVersion = "cert-manager.io/v1alpha2"
    kind       = "Certificate"
    metadata = {
      name      = "default-cert"
      namespace = "kube-system"
    }
    spec = {
      secretName  = "default-cert"
      duration    = "2160h"
      renewBefore = "360h"
      issuerRef = {
        name = "letsencrypt"
        kind = "ClusterIssuer"
      }
      dnsNames = [
        local.dns_name
      ]
    }
  }
  wait_for = {
    fields = {
      "status.conditions[0].status" = "True",
    }
  }
}
$ terraform apply

Error: rpc error: code = Unknown desc = failed to determine resource GVR: no matches for cert-manager.io/v1alpha2, Resource=ClusterIssuer

@aareet
Copy link
Contributor

aareet commented Nov 5, 2020

@dbalymvz can you try adding the wait attribute to your config to see if that helps with this issue?

@dbaur
Copy link

dbaur commented Nov 18, 2020

I have the same issue using a helm chart (which provides a custom resource) and a kubernetes-alpha manifest consuming the custom resource that should/would be provided by the helm chart.

Similar to @TrevorPace I get the error during the terraform plan step, as the logic of the kubernetes-alpha provider seems to validate for the custom resource before it can actually exist (i.e. the helm chart was created/applied).

As a workaround it is possible to pre-create the helm chart (by commenting out the kubernetes-alpha manifest), running terraform apply, and then adding the kubernetes-alpha manifest in a second run of terraform apply. However, this has to be used with caution, as it will cause a similar error during terraform destroy.

I tried to add a wait time as well as an explicit depends_on between the resources, but as expected it will fail directly during plan.
In my option, the kubernetes-alpha provider should ignore errors of this type during the plan phase and only fail on them during apply.

@ghost ghost removed the waiting-response label Nov 18, 2020
@ge-alexis
Copy link

Same issue when using CRD, with kubernetes-alpha. A workaround is to first create CRD resources, run terraform apply, and then add the code related to the kubernetes-alpha provider and run terraform apply once again.

As the error is detected at the plan step, there is no way to use dependencies between both resources. We need to run 2 different plan.

@morgoved
Copy link

Same issue when using CRD, with kubernetes-alpha. A workaround is to first create CRD resources, run terraform apply, and then add the code related to the kubernetes-alpha provider and run terraform apply once again.

As the error is detected at the plan step, there is no way to use dependencies between both resources. We need to run 2 different plan.

i use bash script and -target=module. for all modules in main.tf and it's works)

@modevops
Copy link

modevops commented Dec 10, 2020

I get similar error tying to apply a istio crd

Error: rpc error: code = Unknown desc = no matches for install.istio.io/v1alpha1, Resource=IstioOperator

A major use case for kube_manifest is crds and if we cannot do crds then what is the use for it? Can we add a flag for crds so that it does not try to validate kind in the manifest during terraform plan? We need this provider to be more dynamic. I really need this for crds.

The major issue I am seeing is when terraform does an plan or apply it cannot validate because the crd is not installed yet

We need hasicorp to provide a fix for this. I hate using local-exec and kube_manifest and tfk8s are perfect for this. Fixing this would solve a lot issues in building kubernetes cluster. Please fix this asap we really need a solution for this whether it be a flag or another solution we needs this fixed. Having to use local exec or a script really sucks to do when kube_manifest was created to solve this exact problem.

This needs some resolution this has been opened since June. The community really needs this functionality please fix this issue.


resource "kubernetes_manifest" "namespace_istio_system" {
  provider = kubernetes-alpha
  manifest = {
    "apiVersion" = "v1"
    "kind" = "Namespace"
    "metadata" = {
      "name" = "istio-system"
    }
  }
}


resource "helm_release" "helm_istio-operator" {
  name       = "istio-operator"
  repository = "${path.module}/charts/manifests/charts"
  chart      = "istio-operator"
  version    = var.chart_version
  #create_namespace = true
  #namespace  = "istio-operator"
  timeout    = 1200
  wait = true
  #values =  [file("${path.module}/templates/values.yaml")]


  set {
    name  = "tag"
    value = "1.8.1"
  }

  set {
    name =  "operatorNamespace"
    value = "istio-operator"
  }

  set {
    name =  "watchedNamespaces"
    value = "istio-system"
  }

  set {
    name = "hub"
    value = "docker.io/istio"
  }




  dynamic "set" {
    iterator = item
    for_each = var.set == null ? [] : var.set

    content {
      name  = item.value.name
      value = item.value.value
    }
  }

  dynamic "set_sensitive" {
    iterator = item
    for_each = var.set_sensitive == null ? [] : var.set_sensitive

    content {
      name = item.value.path
      value = item.value.value
    }
  }



}


resource "kubernetes_manifest" "istiooperator__istiocontrolplane" {
  provider = kubernetes-alpha
  manifest = {
    "apiVersion" = "install.istio.io/v1alpha1"
    "kind" = "IstioOperator"
    "metadata" = {
      "name" = "-istiocontrolplane"
      "namespace" = "istio-system"
    }
    "spec" = {
      "profile" = "demo"
    }
  }
  depends_on = [kubernetes_manifest.namespace_istio_system, helm_release.helm_istio-operator]
}

Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.0", GitCommit:"0ed33881dc4355495f623c6f22e7dd0b7632b7c0", GitTreeState:"clean", BuildDate:"2018-09-27T17:05:32Z", GoVersion:"go1.10.4", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"18+", GitVersion:"v1.18.9-eks-d1db3c", GitCommit:"d1db3c46e55f95d6a7d3e5578689371318f95ff9", GitTreeState:"clean", BuildDate:"2020-10-20T22:18:07Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}

Terraform version: + provider.kubernetes-alpha v0.2.1
Provider version:

+ provider.aws v3.20.0
+ provider.helm v1.3.2
+ provider.kubernetes v1.13.3
+ provider.kubernetes-alpha v0.2.1
+ provider.local v1.4.0
+ provider.null v2.1.2
+ provider.random v3.0.0
+ provider.template v2.2.0
Kubernetes version: 18.1

@dhirschfeld
Copy link

Same problem with traefik

Error: rpc error: code = Unknown desc = no matches for traefik.containo.us/v1alpha1, Resource=IngressRoute

...the depends_on = [helm_release.traefik] is apparently being ignored:

resource "kubernetes_manifest" "traefik_dashboard" {
  depends_on = [helm_release.traefik]
  provider = kubernetes-alpha
  manifest = {
    "apiVersion" = "traefik.containo.us/v1alpha1"
    "kind" = "IngressRoute"
    "metadata" = {
      "name" = "dashboard"
      "namespace" = "traefik"
    }
    "spec" = {
      "entryPoints" = ["websecure"]
      "routes" = [
        {
          "kind" = "Rule"
          "match" = "Host(`traefik.mydomain.com`)"
          "services" = [
            {
              "kind" = "TraefikService"
              "name" = "api@internal"
            },
          ]
        },
      ]
      "tls" = {
        "certResolver" = "le"
      }
    }
  }
}

As it is, we can't plug this into our CI with the need for multiple runs. It doesn't stop me playing around with it but it's definitely a blocker for any future production usage. As such, I hope this gets prioritised for future releases...

@logicbomb421
Copy link

Running into this as well with cert-manager. Any chance we could get an update of where a fix for this sits in priorities, at least? Thanks!

@txomon
Copy link

txomon commented Feb 11, 2021

From the issue in upstream kubernetes provider, seems like something is on the works hashicorp/terraform-provider-kubernetes#215 (comment)

@TrevorPace
Copy link

For anyone that is looking for a temporary fix that allows them to deploy CRDs within a terraform module that another helm chart relies on, I would recommend using the helm provider and setting the chart to a local relative path (leave "repository" undefined). Then, just define the CRDs in there and they will be installed (you can naturally use the helm chart to fill in variables). It's not great, but it saves having to deploy some helm chart to a private repo...Then you can use this provider when this issue has been addressed.

@SimonDreher
Copy link

I fear, that the issue mentioned by the reporter is still not fixed. Even with the newest version

$ tf version
Terraform v0.14.8
+ provider registry.terraform.io/hashicorp/aws v3.32.0
+ provider registry.terraform.io/hashicorp/helm v2.0.3
+ provider registry.terraform.io/hashicorp/kubernetes v1.13.3
+ provider registry.terraform.io/hashicorp/kubernetes-alpha v0.3.1
+ provider registry.terraform.io/hashicorp/local v2.1.0
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/hashicorp/random v3.1.0
+ provider registry.terraform.io/hashicorp/template v2.2.0

it fails with

...
kubernetes_secret.aws_ebs_csi_driver: Refreshing state... [id=kube-system/aws-secret]

Error: Failed to determine GroupVersionResource for manifest

  on cert-manager.tf line 28, in resource "kubernetes_manifest" "cluster_issuer_letsencrypt_prod":
  28: resource "kubernetes_manifest" "cluster_issuer_letsencrypt_prod" {

no matches for kind "ClusterIssuer" in group "cert-manager.io"

(config file is nearly exactly the same as reporters, only that we don't include the yaml from file and some names differ)

What I would like is, if there would be something similar to some AWS resources, where the plan shows "known after apply", or "could not fetch CRD ClusterIssuer, doing my best to apply manifest cluster_issuer_letsencrypt_prod, but it may fail" if that's possible.

@a0s
Copy link

a0s commented Mar 19, 2021

@SimonDreher have same issue. Did you try to make a check with raw kubectl ? I ve got this

cat <<EOF | kubectl apply -f -
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
  name: letsencrypt-staging
  namespace: istio-system
spec:
  acme:
    email: [email protected]
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      # Secret resource used to store the account's private key.
      name: example-issuer-account-key
    http01: {}
---
EOF
error: unable to recognize "STDIN": no matches for kind "Issuer" in version "certmanager.k8s.io/v1alpha1"

But it seems that i have cert-manager:

> kubectl get pods --namespace cert-manager
NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-6588898cb4-cxtw8              1/1     Running   0          38m
cert-manager-cainjector-7bcbdbd99f-dc22m   1/1     Running   0          37m
cert-manager-webhook-5fd9f9dd86-mjr57      1/1     Running   0          38m

I tried both approaches

kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml

and

data "kubectl_file_documents" "cert_manager" {
  content = file("${path.root}/src/cert-manager/v1.2.0/cert-manager.yml")
}

resource "kubectl_manifest" "cert_manager" {
  count = length(data.kubectl_file_documents.cert_manager.documents)
  yaml_body = element(data.kubectl_file_documents.cert_manager.documents, count.index)
}

resource "kubernetes_secret" "cert_manager_issuer" {
  metadata {
    name = "example-issuer-account-key"
    namespace = "istio-system"
  }
}

@SimonDreher
Copy link

@a0s I think your problem is that the API group is not correct. cert-manager uses "cert-manager.io/v1" since version 1.0. "certmanager.k8s.io/v1alpha1" was removed with 0.10/0.11: https://cert-manager.io/docs/release-notes/release-notes-0.11/

I've now come to the following solution by using the kubectl-provider and a bit ugly workaround with a provisioner, which lets Kubernetes enough time to recognize the CRD and start up cert-managers validating webhook. If someone has a better idea for the local exec, I would appreciate it very much.

resource "helm_release" "cert_manager" {
  name       = "cert-manager"
  namespace  = "cert-manager"

  repository = "https://charts.jetstack.io"
  chart      = "cert-manager"
  version    = "v1.2.0"

  create_namespace = true

  values = [
    file("values/cert-manager.yaml")
  ]

  provisioner "local-exec" {
    command = "echo 'Waiting for cert-manager validating webhook to get its CA injected, so we can start to apply custom resources ...' && sleep 60"
  }
}

resource "kubectl_manifest" "cluster_issuer_letsencrypt_prod" {
  depends_on = [ helm_release.cert_manager ]
  yaml_body  = <<YAML
apiVersion: "cert-manager.io/v1"}
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    ...
YAML
}

@aristosvo
Copy link

Maybe the wait option may be the easier solution: https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release#wait

I haven't tested it myself though :)

@ghost
Copy link

ghost commented Apr 8, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Apr 8, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Something isn't working needs-investigation
Projects
None yet