Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EKS - need to enable lifecycle ignore changes on tags, or suppress tag actions #188

Closed
rpattcorner opened this issue Nov 25, 2018 · 10 comments
Closed

EKS - need to enable lifecycle ignore changes on tags, or suppress tag actions #188

rpattcorner opened this issue Nov 25, 2018 · 10 comments

Comments

@rpattcorner
Copy link

So ... EKS creates mandatory tags on vpc's and subnets on a per cluster basis to identify the artifacts it can provision to. Unfortunately the excellent VPC module has tons of ways to add tags, but no apparent way to ignore tags altogether (probably the easy route) or selectively (harder). Which means one can't (easily or at all) use the module for EKS VPCs.

There may be a technique that can be used until the new configuration language but this involves inserting a lifecycle stanza:

lifecycle {
ignore_changes = ["tags.ServiceVersion", "tags.%"]
}

Would it be possible to provide the 'easy way' quickly, e.g. ignore tags when directed, and a better way to ignore specific tags down the road?
@dpiddockcmp
Copy link

Hi @rpattcorner.

Adding ignore_changes for tags will break other users' work flows. ignore_changes does not accept interpolations so this is not something that can be turned off.

There is also no need for this change. Just add the necessary tags as documented by AWS here.

Alternatively see the example from the community EKS module: here

@rpattcorner
Copy link
Author

Thanks, I'll give it a go. There's a complication in that I'm trying to separate cluster creation deploy from the underlying VPC infrastructure deploy because of some security requirements so there is going to be some exchange of remote state across the two deploys, but probably doable.

@antonbabenko
Copy link
Member

Closing this issue. Thanks, @dpiddockcmp for pointing to the right directions!

@fubar fubar mentioned this issue Feb 9, 2019
Closed
4 tasks
@davi5e
Copy link

davi5e commented Jul 10, 2019

I've deployed a VPC with this module and went on to create an EKS cluster using terraform-aws-modules/eks/aws.

Now terraform plan always want to delete the subnets and VPC tags, specifically "kubernetes.io/cluster/*" = "shared"...

If I ware to make any meaningful change to the VPC module, I'd lose the private subnet tags, which is not ideal.

Isn't there any way to get this to work? Not even a hard coded lifecycle for EKS usage?

@dpiddockcmp
Copy link

Per the answer above, add the tags in the VPC module call:

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"
  ...
  tags   = {
    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
  }
}

Use the private_subnet_tags, public_subnet_tags and vpc_tags arguments if you want to target specific sets of resources for the tag instead of everything.

@davi5e
Copy link

davi5e commented Jul 11, 2019
edited
Loading

So, I've used a for to accomplish this:

variable "eks_cluster_names" {
  description = "A list of every EKS cluster present in the VPC"
  type        = list(string)
  default = [
    "cluster1",
    "cluster2",
  ]
}

locals {
  tags = {
    for name in var.eks_cluster_names:
      "kubernetes.io/cluster/${name}" => "shared"
  }
}

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "2.7.0"

  # ...

  private_subnet_tags = merge(
    local.eks_tags,
    var.tags
  )

  vpc_tags = merge(
    local.eks_tags,
    var.tags
  )
  
}

Thank you for pointing out a solution @dpiddockcmp :)

@DamaniN
Copy link

DamaniN commented Nov 21, 2019

I have the same issue as @davi5e, however, it is an external application that is creating the EKS clusters. As such I do not know the cluster names without looking them up to implement the workaround. Can we have the option to conditinally ignore specific tags?

Alternatively, is there a way to programmatically have Terraform discover the names of EKS clusters that it is not managing and put them in a list for the workaround that is described above? I looked at the aws_eks_cluster data source, but you have to know the name of the cluster to use it.

@davi5e
Copy link

davi5e commented Nov 21, 2019
edited
Loading

You can make a Bash script (actually you can use any interpreter you need) to get the names using local-exec in null_resource.

I never used it to fill in data for other resources, as the locals needs in the workaround. Maybe there is something about that somewhere?

@dpiddockcmp
Copy link

AWS provider 2.35.0 added a preview functionality to the provider to ignore certain tags and tag prefixes. Sounds like exactly what you need. And no changes are needed to this module. See the docs:
https://www.terraform.io/docs/providers/aws/#ignore_tag_prefixes

@github-actions
Copy link

github-actions bot commented Nov 3, 2022

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 3, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@antonbabenko @rpattcorner @davi5e @dpiddockcmp @DamaniN