Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Complete-k8s output & add try to prometheus policy element index #1195

Merged
merged 5 commits into from
Nov 19, 2022

Conversation

Zvikan
Copy link
Contributor

@Zvikan Zvikan commented Nov 18, 2022

What does this PR do?

  • adds try to complete-k8s output with default null option
  • adds try to prometheus element index with default empty string
  • disables terraform creating cw log group for fluentbit in complete-k8s example

🛑 Please open an issue first to discuss any significant work and flesh out details/direction - we would hate for your time to be wasted.
Consult the CONTRIBUTING guide for submitting pull-requests.

Motivation

  • Following failures e2e cleanup where we can see the following failures:
Error: Attempt to index null value

  on outputs.tf line 18, in output "kyverno_values":
  18:   value       = jsondecode(module.eks_blueprints_kubernetes_addons.kyverno.release_metadata[0].values)
    ├────────────────
    │ module.eks_blueprints_kubernetes_addons.kyverno.release_metadata is null

This value is null, so it does not have any indices.

Error: Invalid index

  on ../../modules/kubernetes-addons/prometheus/main.tf line 112, in module "irsa_amp_ingest":
 112:   irsa_iam_policies             = [aws_iam_policy.ingest[0].arn]
    ├────────────────
    │ aws_iam_policy.ingest is empty tuple

Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists:  The CloudWatch Log Group '/complete-kubernetes-addons/worker-fluentbit-logs' already exists.

  with module.eks_blueprints_kubernetes_addons.module.aws_for_fluent_bit[0].aws_cloudwatch_log_group.aws_for_fluent_bit[0],
  on ../../modules/kubernetes-addons/aws-for-fluentbit/main.tf line 10, in resource "aws_cloudwatch_log_group" "aws_for_fluent_bit":
  10: resource "aws_cloudwatch_log_group" "aws_for_fluent_bit" {

Even after cleaning up the log group manually it seems the workload itself is creating the log group again, therefore for the example disabling Terraform from managing the CW log group

More

  • Yes, I have tested the PR using my local account setup (Provide any test evidence report under Additional Notes)
  • Yes, I have added a new example under examples to support my PR
  • Yes, I have created another PR for add-ons under add-ons repo (if applicable)
  • Yes, I have updated the docs for this feature
  • Yes, I ran pre-commit run -a with this PR

Note: Not all the PRs require a new example and/or doc page. In general:

  • Use an existing example when possible to demonstrate a new addons usage
  • A new docs page under docs/add-ons/* is required for new a new addon

For Moderators

  • E2E Test successfully complete before merge?

Additional Notes

@askulkarni2 askulkarni2 temporarily deployed to EKS Blueprints Test November 19, 2022 00:01 Inactive
@@ -109,7 +109,7 @@ module "irsa_amp_ingest" {
kubernetes_namespace = local.namespace

kubernetes_service_account = local.ingest_service_account
irsa_iam_policies = [aws_iam_policy.ingest[0].arn]
irsa_iam_policies = [try(aws_iam_policy.ingest[0].arn, "")]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure I understand this one.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if this is the best solution, but right now if you are trying to cleanup the complete-k8s addon for example, you'll face the failure explained in the details of the PR where aws_iam_policy.ingest is empty tuple , when you try to the delete the resource (that was already deleted), because it's under a condition (if mng prometheus is enabled), this was the cleanest workaround I found. Terraform is trying to use the resource because it's also being used in the rest of the prometheus module and because it has that count condition

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it fixes an error so for now we'll go with it - we can revisit later to see if there is a better or more idiomatic way to resolve this

@bryantbiggs bryantbiggs merged commit 93cd543 into main Nov 19, 2022
@bryantbiggs bryantbiggs deleted the complete-k8s-addons branch November 19, 2022 01:10
allamand pushed a commit to allamand/terraform-aws-eks-blueprints that referenced this pull request Dec 15, 2022
allamand pushed a commit to allamand/terraform-aws-eks-blueprints that referenced this pull request Jan 10, 2023
@that-kampe-steak
Copy link

fyi: This still happens in 4.22

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants