Terraform-provider-aws: aws_eks_cluster and create_before_destroy

Created on 7 Jun 2018  路  8Comments  路  Source: hashicorp/terraform-provider-aws

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.7
+ provider.aws v1.22.0

Affected Resource(s)

  • aws_eks_cluster

Description

Amazon requires EKS clusters to have a unique name. This means create_before_destroy cannot be used on an EKS cluster, because you will get a ResourceInUseException: Cluster already exists with name whenever there are changes to the cluster.

This is unfortunate, since in order to configure an ASG for worker nodes, you need to reference aws_eks_cluster.endpoint in the user data of the launch configuration. In order to use launch configurations effectively, you have to use create_before_destroy = true on them.

And since the launch configuration depends on the EKS cluster, that forces the EKS cluster to also create_before_destroy. If you have changes to both launch configuration and cluster, then terraform apply will fail without a clear fix.

I'm not sure what solution there is or if there is any, but I wanted to open this to have a discussion about the issue.

enhancement serviceks
Source
picture tristanpemble
👍25

Most helpful comment

Now that the userdata no longer needs a reference to the cluster endpoint URL, do you still get this problem?

See the launch configuration in the new CloudFormation template: https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2018-08-30/amazon-eks-nodegroup.yaml

For reference, the bootstrap script that is now baked in to the AMIs is here: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh

picture jamesdobson on 5 Oct 2018
👍2

All 8 comments

Yep, I've run into this too. The only way I can find to change an EKS that uses ASG's with terraform is to rip the whole thing down with destroy.

SpamapS picture SpamapS on 19 Aug 2018

I've run into this too...I finally remove manually the cluster then refresh and apply.

nhuray picture nhuray on 6 Sep 2018

Now that the userdata no longer needs a reference to the cluster endpoint URL, do you still get this problem?

See the launch configuration in the new CloudFormation template: https://amazon-eks.s3-us-west-2.amazonaws.com/cloudformation/2018-08-30/amazon-eks-nodegroup.yaml

For reference, the bootstrap script that is now baked in to the AMIs is here: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh

jamesdobson picture jamesdobson on 5 Oct 2018
👍2

Oh man, thanks so much for this! I never would have figured it out! 馃槅

Yeah, this is pretty annoying! What is more annoying though is the massive inconsistency in AWS where some resources have name as a first class citizen and some do not, and for some it must be unique... and some not. WTF Amazon!?

aaron-trout picture aaron-trout on 27 Feb 2019

Thinking out loud here... would a possible workaround be interpolating a random UUID in to the cluster name? See https://www.terraform.io/docs/providers/random/r/uuid.html

tdmalone picture tdmalone on 27 Mar 2019

Oh man, thanks so much for this! I never would have figured it out! 馃槅

Yeah, this is pretty annoying! What is more annoying though is the massive inconsistency in AWS where some resources have named as a first-class citizen and some do not, and for some, it must be unique... and some not. WTF Amazon!?

Those operations and developer silos are the main cause of this. This could also be an onboarding problem but I was going to blame terraform but turns out is an Amazon thing. I was going to suggest to just use cloud formation but that is not an option in this scenario. I can see where data issues start to happen, how.

Thinking out loud here... would a possible workaround be interpolating a random UUID into the cluster name? See https://www.terraform.io/docs/providers/random/r/uuid.html

You can do, add a prefix to the cluster name. The only problem is that may create a new cluster for each randomly generated URL.

The plugin.terraform-provider-aws_v2.11.0_x4: X-Amzn-Errortype: ResourceInUseException issue is the worst one to be fair.

th31nitiate picture th31nitiate on 22 May 2019

Seems like aws_eks_cluster and aws_eks_node_group should add support for name_prefix.

jamesongithub picture jamesongithub on 29 Jan 2020

There are now instructions about how to add naming generation to resources in the Contributing Guide.

bflad picture bflad on 20 Feb 2020
1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

andywirv picture andywirv  路  3Comments
hashibot picture hashibot  路  3Comments
ghost picture ghost  路  3Comments
carmas picture carmas  路  3Comments
dvishniakov picture dvishniakov  路  3Comments