-
Notifications
You must be signed in to change notification settings - Fork 989
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
changing resource name causes destroy/create conflict on terraform apply #1793
Comments
Hi @williamohara, Namespace + object name(in the case of namespace-scoped resources) and just an object name(in the case of cluster-scoped resources) act as unique resource identifiers within Kubernetes. When you have 2 Terraform resources with a different name but try to manage the same Kubernetes resource, it is expected that you get the observed error message. If your goal is to change a name of a Terraform resource, then do it and just fix the state file with terraform state mv, or use I hope it helps. |
It does, but you don't think it's a bug? Or at least a feature request. Changing resource names is a common use case - no? |
No, I don't think this is a bug. If we are talking about changing Terraform resource name, then Terraform will treat this as you deleted the resource and added a new one. Terraform relies on the state file:
Keeping that in mind, you can help Terraform and use Here is a quote about
This is exactly your case. |
Had been ranting about this a bit. Most of the existing Devops communities are in denial of this design issue, with a followup excuse of using terragrunt or terraspace instead to overcome it. This issue is very widespread and had affected many enterprises... and very similar to the multi-stage build design issue docker had long time ago (there were multiple spikes developed, like grammarly's rocker and rocker-compose) Terragrunt is not a silver bullet either and is not suitable for certain deployment scenarios. |
I can see that as a design choice for terraform @arybolovlev .. I would say that for a coding experience - just as a resource name is arbitrary it should be allowed to easily and arbitrarily changed. As a developer making a new infra, I may decide that I need to work on nomenclature to add some structure to my resource names. This feels like just one more step I would have to do. As a design choice I agree- it's important to know exactly what is happening as I deploy using terraform and that the deployment is consistent across all resources (including k8 resources) - rename = delete and then replace with a new resource. This makes sense because it is a process that can be consistently applied across all resource types and behavioral consistency is key! For this one - I actually did expect a complete destruction and replacement of my resource - but I was hoping that terraform would be smart enough to manage it all for me - maybe by completely destroying all resources that need to be destroyed before applying new ones. It may make apply time longer - but the snafu I found myself in would have been avoided. I was running terraform in a pipeline and it was a hassle to go in can cancel the run after I realized it was taking forever. I could see some logic that compares resource properties to ensure tidy destruction of old when the new looks similar. just an idea. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Terraform Version, Provider Version and Kubernetes Version
Affected Resource(s)
kubernetes_deploymnet and kubernetes_deployment_v1 - I am guessing that it happens to any rresource that relies on only using the / identifier for importing
Terraform Configuration Files
Debug Output
,,,
kubernetes_deployment_v1.tenant_auth_ui_deploy: Destroying... [id=default/tenant-auth-ui]
kubernetes_deployment_v1.tenant_auth_ui_deploy2: Creating...
kubernetes_manifest.secret_provider_class_kratos: Modifying...
kubernetes_deployment_v1.tenant_auth_ui_deploy2: Creation complete after 3s [id=default/tenant-auth-ui]
kubernetes_manifest.secret_provider_class_kratos: Modifications complete after 1s
kubernetes_deployment_v1.tenant_auth_ui_deploy: Still destroying... [id=default/tenant-auth-ui, 10s elapsed]
kubernetes_deployment_v1.tenant_auth_ui_deploy: Still destroying... [id=default/tenant-auth-ui, 20s elapsed]
kubernetes_deployment_v1.tenant_auth_ui_deploy: Still destroying... [id=default/tenant-auth-ui, 30s elapsed]
kubernetes_deployment_v1.tenant_auth_ui_deploy: Still destroying... [id=default/tenant-auth-ui, 40s elapsed]
...
kubernetes_deployment_v1.tenant_auth_ui_deploy: Still destroying... [id=default/tenant-auth-ui, 9m20s elapsed]
kubernetes_deployment_v1.tenant_auth_ui_deploy: Still destroying... [id=default/tenant-auth-ui, 9m30s elapsed]
kubernetes_deployment_v1.tenant_auth_ui_deploy: Still destroying... [id=default/tenant-auth-ui, 9m40s elapsed]
kubernetes_deployment_v1.tenant_auth_ui_deploy: Still destroying... [id=default/tenant-auth-ui, 9m50s elapsed]
╷
│ Error: Deployment (default/tenant-auth-ui) still exists
│
│
╵
Releasing state lock. This may take a few moments...
,,,
Steps to Reproduce
Expected Behavior
I would have expected my deployment to be deleted completely and a new one that looks exactly like the old one to be redeployed - once it is done - I expect terraform to complete
Actual Behavior
It looks like it sent the request to delete the resource and the request to create the new one at the same time. since the resource is the same name to kubernetes terraform never is able to see it get deleted - because the new deployment has the exact same name in kubernetes even though the resource name is different in terraform
Important Factoids
Running on Azure AKS
Community Note
the best thing to do is to destroy the resource completely using targeted destroy and then apply again after renaming it.
The text was updated successfully, but these errors were encountered: