Skip to content
This repository has been archived by the owner on Aug 11, 2021. It is now read-only.

Unable to create from manifest if a namespace does not exist #244

Open
ryanfaircloth opened this issue Jun 27, 2021 · 1 comment
Open

Unable to create from manifest if a namespace does not exist #244

ryanfaircloth opened this issue Jun 27, 2021 · 1 comment
Labels
bug Something isn't working

Comments

@ryanfaircloth
Copy link

Terraform, Provider, Kubernetes versions

Terraform version: 1.0.1
Provider version: 0.5.0
Kubernetes version: 1.20.0

Affected Resource(s)

kubernetes_manifest
namespace

Terraform Configuration Files

resource "kubernetes_namespace" "istio_system" {
  metadata {
    name = "istio-system"
  }
}

resource "helm_release" "istio_operator" {
  name  = "istio-operator"
  chart = "istio/manifests/charts/istio-operator"

  depends_on = [module.eks]

  set {
    name  = "operatorNamespace"
    value = "istio-operator"
  }
}

resource "kubernetes_manifest" "istio" {
  provider = kubernetes-alpha

  depends_on = [helm_release.istio_operator]

  manifest = {
    "apiVersion" = "install.istio.io/v1alpha1"
    "kind"       = "IstioOperator"
    "metadata" = {
      "name"      = "istiocontrolplane"
      "namespace" = "istio-system"
    }
    "spec" = {
      "components" = {
        "cni" = {
          "enabled" = true
        }
        "ingressGateways" = [
          {
            "enabled" = true
            "k8s" = {
              "service" = {
                "ports" = [
                  {
                    "name"       = "https"
                    "nodePort"   = 31923
                    "port"       = 443
                    "protocol"   = "TCP"
                    "targetPort" = 8443
                  },
                  {
                    "name"       = "http2"
                    "nodePort"   = 31115
                    "port"       = 80
                    "protocol"   = "TCP"
                    "targetPort" = 8080
                  },
                  {
                    "name"       = "https-mgmt"
                    "nodePort"   = 30071
                    "port"       = 8089
                    "protocol"   = "TCP"
                    "targetPort" = 15444
                  },
                  {
                    "name"       = "https-hec"
                    "nodePort"   = 30072
                    "port"       = 8088
                    "protocol"   = "TCP"
                    "targetPort" = 15445
                  },
                  {
                    "name"       = "tcp-s2s"
                    "nodePort"   = 30073
                    "port"       = 9997
                    "protocol"   = "TCP"
                    "targetPort" = 15446
                  },
                  {
                    "name"       = "tls-s2s"
                    "nodePort"   = 30074
                    "port"       = 9998
                    "protocol"   = "TCP"
                    "targetPort" = 15447
                  },
                ]
              }
              "serviceAnnotations" = {
                "external-dns.alpha.kubernetes.io/hostname"                                = "*.spl.guru"
                "external-dns.alpha.kubernetes.io/ttl"                                     = "300"
                "service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled" = "false"
                "service.beta.kubernetes.io/aws-load-balancer-internal"                    = "false"
                "service.beta.kubernetes.io/aws-load-balancer-ip-address-type"             = "ipv4"
                "service.beta.kubernetes.io/aws-load-balancer-name"                        = "${local.cluster_name}"
                "service.beta.kubernetes.io/aws-load-balancer-nlb-target-type"             = "instance"
                "service.beta.kubernetes.io/aws-load-balancer-proxy-protocol"              = "*"
                "service.beta.kubernetes.io/aws-load-balancer-ssl-cert"                    = "arn:aws:acm:us-east-1:174701313045:certificate/4a5ddad9-b3f1-4cd1-ae14-1987acfee279"
                "service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy"      = "ELBSecurityPolicy-FS-1-2-Res-2020-10"
                "service.beta.kubernetes.io/aws-load-balancer-ssl-ports"                   = "443,8089,8088,9997"
                "service.beta.kubernetes.io/aws-load-balancer-target-group-attributes"     = "proxy_protocol_v2.enabled=true"
                "service.beta.kubernetes.io/aws-load-balancer-type"                        = "external"
              }
            }
            "name" = "istio-ingressgateway"
          },
        ]
      }
      "meshConfig" = {
        "accessLogFile" = "/dev/stdout"
        "defaultConfig" = {
          "gatewayTopology" = {
            "numTrustedProxies" = 1
          }
        }
        "enableTracing" = true
      }
      "profile" = "demo"
      "values" = {
        "cni" = {
          "excludeNamespaces" = [
            "istio-system",
            "kube-system",
          ]
          "logLevel" = "info"
        }
      }
    }
  }
}

Debug Output

Panic Output

  1. terraform apply -->

Expected Behavior

What should have happened?
Support creation of namespace followed by creation of resources

Actual Behavior

What actually happened?
failure due to nonexistant namespace
@ryanfaircloth ryanfaircloth added the bug Something isn't working label Jun 27, 2021
@jamiegwatkin
Copy link

I'm having the same issue:

provider "kubernetes-alpha" {
  config_path = "./kubeconfig_refinery-staging"
}

resource "kubernetes_manifest" "nginx" {
  provider = kubernetes-alpha

  depends_on = [helm_release.consul]

  manifest = {
    apiVersion = "consul.hashicorp.com/v1alpha1"
    kind       = "ServiceDefaults"
    metadata = {
      name = "nginx"
    }
    spec = {
      protocol = "http"
    }
  }
}

The yaml I've used to create this when using kubectl (which works fine):

 ---
apiVersion: consul.hashicorp.com/v1alpha1
kind: ServiceDefaults
metadata:
  name: nginx
spec:
  protocol: http

Error output:

╷
│ Error: Namespace required
│ 
│   with kubernetes_manifest.nginx,
│   on k8s-nginx.tf line 13, in resource "kubernetes_manifest" "nginx":
│   13: resource "kubernetes_manifest" "nginx" {
│ 
│ Resources of type 'consul.hashicorp.com/v1alpha1, Kind=ServiceDefaults' require a namespace
╵

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jamiegwatkin @ryanfaircloth