Terraform-provider-kubernetes: Changes to affinity label / values in Deployment / StatefulSet force a new resource.
Terraform Version
tf: 0.12.12
kubernetes-provider: 1.9.0 and 1.10.0
Affected Resource(s)
kubernetes_deployment
kubernetes_statefulset
Terraform Configuration Files
template {
metadata {
namespace = var.namespace
labels = {
app = var.name
app-ver = "${var.name}-${var.image_tag}"
}
}
affinity {
pod_anti_affinity {
required_during_scheduling_ignored_during_execution {
label_selector {
match_expressions {
key = "app-ver"
operator = "In"
values = ["${var.name}-${var.image_tag}"]
}
}
topology_key = "kubernetes.io/hostname"
}
}
}
}
Expected Behavior
A change to pod affinity label or value should do an in-place replacement and resource should NOT be recreated.
In fact any update to pod template defined as part of deployment / statefulset should be a in-place update and should not force a recreation of deployment / statefulset.
Actual Behavior
Resource will get replaced:
~ affinity {
~ pod_anti_affinity {
~ required_during_scheduling_ignored_during_execution {
- namespaces = [] -> null
topology_key = "kubernetes.io/hostname"
~ label_selector {
- match_labels = {} -> null
~ match_expressions {
key = "app-ver"
operator = "In"
~ values = [ # forces replacement
- "app1-v1",
+ "app1-v2",
]
}
}
}
}
}
Steps to Reproduce
1.Define a deployment or statefulset with affinity rules
- change label OR value
jaceq
All 9 comments
we are also experiencing same issue (just migrating from kubernetes provider 1.3...)
@jaceq have you found a solution?
shlomimatichin
on 5 Feb 2020
fix in PR #755, compiled release for linux x64 here: https://github.com/shlomimatichin/terraform-provider-kubernetes/releases/tag/v1.10.0-custom
shlomimatichin
on 5 Feb 2020
@shlomimatichin I just don't change it for now, but your PR will help a lot, let's hope it will get merged soon.
jaceq
on 5 Feb 2020
A workaround I've found is to manually edit the resource with the new affinity rules. Then a terraform apply won't try to change it and does not cause a recreate. Definitely not ideal though.
bpoland
on 25 Mar 2020
@bpoland While this works, it's not possible to do that in CI pipelines (and on my side this is the case)
jaceq
on 26 Mar 2020
@bpoland if you please +1 the PR, it might helpto increase the chance someone might merge it.
shlomimatichin
on 26 Mar 2020
Hello @jaceq
i found this workaround to work.
add this to the end of you deployment
lifecycle {
ignore_changes = [
# There's a bug with declaring a pod affinity rule in terraform
# which causes the resources to be force replaced regardless of changes
spec[0].template[0].spec[0].affinity
]
after testing this, these are the results for my particular deployment
before:
# kubernetes_deployment.ipintelsvc_deployment[0] must be replaced
after:
# kubernetes_deployment.ipintelsvc_deployment[0] will be updated in-place
of course your mileage may vary depending on whether you have other updates to your resource or not.
dchi-sa
on 31 Jul 2020
This seems to be long resolved.
jaceq
on 18 Jan 2021
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!
![hashibot[bot] picture](https://avatars.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 18 Feb 2021
Related issues
aareet
·
3Comments
dmitry-mightydevops
·
3Comments
joe-a-t
·
3Comments
pdecat
·
4Comments
yaman
·
4Comments
Most helpful comment
fix in PR #755, compiled release for linux x64 here: https://github.com/shlomimatichin/terraform-provider-kubernetes/releases/tag/v1.10.0-custom