-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Terraform resource names to be 0.12 compatible. #7957
Conversation
Looking for feedback on how to best approach this... This PR implements one option which adds the name prefix in the RenderTerraform function. This only affects the terraform output but it does affect all routes including private routes which arent actually impacted by the Terraform 0.12 limitation (as seen by the test failures). Alternatively we could add an if statement to only prefix the name if it is the default route, but that feels very hacky. Another option is to update the name for the entire Route task: Lines 180 to 186 in 64f3eaa
and have it more closely match the private route task: Lines 415 to 421 in 64f3eaa
but this will affect CloudFormation as well, and I don't believe CF can handle resource renaming the same way that terraform can. Thoughts? |
dae6a54
to
109d013
Compare
/test pull-kops-verify-staticcheck |
This LGTM. Two questions:
|
Making this change required for all terraform users even if they're still on 0.11 is fine because:
Therefor I think it's best that we roll this out first so that users have the opportunity to prepare for the upgrade. I'm thinking we could cherry-pick this back to 1.16 and have #8145 cherry-picked back to 1.17, unless you think #8145 is safe enough to be in 1.16 given that its behind a feature flag. We can adjust the release notes and terraform instructions to handle either case. Thoughts? |
Thanks @rifelpet - that plan (and this change) sounds great based on your explanation. Let's get this in and see how bad those state commands are (and what happens if we don't run them!) to decide on the cherry-pick. My inclination would be to go to 1.17 but not 1.16, so we can release 1.16 sooner, but let's discuss in office hours? /approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: justinsb, rifelpet The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sorry - of course you wrote the commands in your initial message - the impact seems very reasonable - one |
According to the upgrade guide [0] resource names cannot start with digits. Currently both routes and VPC CIDR associations start with digits, so this adds prefixes to them so that they are valid resource identifiers in 0.12. This is a significant change because on its own, terraform will destroy and recreate the route which impact the cluster networking. To avoid this, existing clusters this will require moving the resources within the terraform state prior to the next `apply`. ``` kops update cluster --target terraform --out ./ terraform state mv aws_route.0-0-0-0--0 aws_route.route-0-0-0-0--0 # repeat for all aws_route resources terraform plan terraform apply ``` The exact terraform state command may vary depending on how Kops' terraform output is used. See the command documentation [1] for more details. Always run a terraform plan first to ensure the `aws_route` and `aws_vpc_ipv4_cidr_block_association` resources are not getting recreated. Due to the potential impact, this notice should be very prominant in the Kops release notes [0] https://www.terraform.io/upgrade-guides/0-12.html [1] https://www.terraform.io/docs/commands/state/mv.html
109d013
to
e0cebf3
Compare
/lgtm |
…-origin-release-1.17 Automated cherry pick of #7957: Update terraform resource names to be 0.12 compatible.
See #7052 for additional details.
According to the Terraform 0.12 upgrade guide resource names cannot start with digits. Currently both routes and VPC CIDR associations start with digits, so this adds prefixes to them so that they are valid resource identifiers in 0.12.
This is a significant change because on its own, terraform will destroy and recreate the route which impact the cluster networking. To avoid this, existing clusters this will require moving the resources within the terraform state prior to the next
apply
.The exact terraform state command may vary depending on how Kops' terraform output is used.
See the command documentation for more details. Always run a terraform plan first to ensure the
aws_route
andaws_vpc_ipv4_cidr_block_association
resources are not getting recreated.Due to the potential impact, this notice should be very prominent in the Kops release notes.
I decided to break this out into a separate PR since it can be independent of the actual Terraform HCL syntax changes. This
state mv
will need to be performed regardless, and can be done independent of the actual Terraform 0.12 upgrade itself.I confirmed that our GCE terraform output does not have any resources with this issue. I noticed that alicloud, spotinst, and digitalocean also support targeting terraform but we dont have integration tests setup for those and I'm not able to run them locally, so I'm not sure whether they have any resources that require updating.