Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support_istio argument of huaweicloud_cce_cluster resource does not take effect #6119

Open
gutierrezps opened this issue Dec 30, 2024 · 2 comments
Open

support_istio argument of huaweicloud_cce_cluster resource does not take effect #6119

gutierrezps opened this issue Dec 30, 2024 · 2 comments
Assignees
@Jason-Zhang9309

Comments

@gutierrezps
Copy link

Terraform Configuration Files

terraform {
  required_providers {
    huaweicloud = {
      source  = "huaweicloud/huaweicloud"
      version = "1.71.2"
    }
  }
}

variable "ak" {}
variable "sk" {}

provider "huaweicloud" {
  region     = "sa-brazil-1"
  access_key = var.ak
  secret_key = var.sk
}

data "huaweicloud_enterprise_project" "main" {
  name = "default"
}

locals {
  enterprise_project_id = data.huaweicloud_enterprise_project.main.id
}

resource "huaweicloud_vpc" "main" {
  region                = "sa-brazil-1"
  name                  = "vpc-test"
  cidr                  = "10.0.0.0/16"
  enterprise_project_id = local.enterprise_project_id
}

resource "huaweicloud_vpc_subnet" "main" {
  availability_zone = "sa-brazil-1a"
  vpc_id            = huaweicloud_vpc.main.id
  name              = "subnet-test"
  cidr              = "10.0.0.0/24"
  gateway_ip        = "10.0.0.1"
}

resource "huaweicloud_cce_cluster" "main" {
  name                   = "cce-test"
  flavor_id              = "cce.s1.small"
  vpc_id                 = huaweicloud_vpc.main.id
  subnet_id              = huaweicloud_vpc_subnet.main.id
  container_network_type = "overlay_l2"
  support_istio          = false
}

Debug Output

2024-12-30T15:02:15.736-0300 [DEBUG] provider.terraform-provider-huaweicloud_v1.71.2: [1735581728384-5] API Request URL: POST https://cce.sa-brazil-1.myhuaweicloud.com/api/v3/projects/***project-id-redacted***/clusters
API Request Headers:
Accept: application/json
Authorization: ***
Content-Type: application/json
User-Agent: terraform-provider-iac golangsdk/2.0.0
X-Project-Id: ***project-id-redacted***
X-Sdk-Date: 20241230T180208Z: timestamp=2024-12-30T15:02:15.736-0300
2024-12-30T15:02:15.736-0300 [DEBUG] provider.terraform-provider-huaweicloud_v1.71.2: [1735581728384-5] API Request Body: {
  "apiversion": "v3",
  "kind": "Cluster",
  "metadata": {
    "name": "cce-test"
  },
  "spec": {
    "authentication": {
      "authenticatingProxy": {},
      "mode": "rbac"
    },
    "containerNetwork": {
      "mode": "overlay_l2"
    },
    "flavor": "cce.s1.small",
    "hostNetwork": {
      "subnet": "***subnet-id-redacted***",
      "vpc": "***vpc-id-redacted***"
    },
    "type": "VirtualMachine"
  }
}: timestamp=2024-12-30T15:02:15.736-0300
2024-12-30T15:02:15.736-0300 [DEBUG] provider.terraform-provider-huaweicloud_v1.71.2: [1735581728384-5] API Response Code: 201
API Response Headers:
***headers-redacted***
2024-12-30T15:02:15.736-0300 [DEBUG] provider.terraform-provider-huaweicloud_v1.71.2: [1735581728384-5] API Response Body: {
  "apiVersion": "v3",
  "kind": "Cluster",
  "metadata": {
    "annotations": {
      "jobid": "***job-id-redacted***",
      "resourceJobId": "***resource-job-id-redacted***"
    },
    "creationTimestamp": "2024-12-30 18:02:13.150142776 +0000 UTC",
    "name": "cce-test",
    "ownerReferences": {},
    "uid": "***cce-id-redacted***",
    "updateTimestamp": "2024-12-30 18:02:13.15014284 +0000 UTC"
  },
  "spec": {
    "authentication": {
      "authenticatingProxy": {},
      "mode": "rbac"
    },
    "billingMode": 0,
    "category": "CCE",
    "clusterOps": {},
    "containerNetwork": {
      "cidr": "172.16.0.0/16",
      "cidrs": [
        {
          "cidr": "172.16.0.0/16"
        }
      ],
      "mode": "overlay_l2"
    },
    "deletionProtection": false,
    "enableAutopilot": false,
    "encryptionConfig": {},
    "eniNetwork": {},
    "extendParam": {
      "orderID": ""
    },
    "flavor": "cce.s1.small",
    "hostNetwork": {
      "subnet": "***subnet-id-redacted***",
      "vpc": "***vpc-id-redacted***"
    },
    "kubeProxyMode": "iptables",
    "kubernetesSvcIpRange": "10.247.0.0/16",
    "maintenanceWindow": null,
    "platformVersion": "cce.4.4",
    "publicAccess": {},
    "serviceNetwork": {},
    "type": "VirtualMachine",
    "version": "v1.30"
  },
  "status": {
    "jobID": "***job-id-redacted***",
    "phase": "Creating"
  }
}: timestamp=2024-12-30T15:02:15.736-0300

Expected Behavior

When setting support_istio to false, API request body spec.supportIstio should be set to False (endpoint POST https://cce.sa-brazil-1.myhuaweicloud.com/api/v3/projects/***project-id-redacted***/clusters)

Actual Behavior

API request body does not have spec.supportIstio attribute (endpoint POST https://cce.sa-brazil-1.myhuaweicloud.com/api/v3/projects/***project-id-redacted***/clusters). Because of that, CCE Cluster is created with supportIstio attribute equal to true, which is the default value according to endpoint documentation.

This problem can be confirmed when running terraform plan after the cluster is created by Terraform. You can see that the cluster needs to be replaced because support_istio is set to true in the cluster created before.

$ terraform plan
data.huaweicloud_enterprise_project.main: Reading...
data.huaweicloud_enterprise_project.main: Read complete after 2s [id=0]
huaweicloud_vpc.main: Refreshing state... [id=***]
huaweicloud_vpc_subnet.main: Refreshing state... [id=***]
huaweicloud_cce_cluster.main: Refreshing state... [id=***]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # huaweicloud_cce_cluster.main must be replaced
-/+ resource "huaweicloud_cce_cluster" "main" {
      ~ alias                  = "cce-test" -> (known after apply)
      ~ billing_mode           = 0 -> (known after apply)
      ~ category               = "CCE" -> (known after apply)
      ...
        name                   = "cce-test"
      ~ region                 = "sa-brazil-1" -> (known after apply)
      ~ security_group_id      = "***" -> (known after apply)
      ~ service_network_cidr   = "10.247.0.0/16" -> (known after apply)
      ~ status                 = "Available" -> (known after apply)
      ~ support_istio          = true -> false # forces replacement
      - tags                   = {} -> null
        # (6 unchanged attributes hidden)

      ~ masters (known after apply)
      - masters {
          - availability_zone = "sa-brazil-1a" -> null
        }
    }

Plan: 1 to add, 0 to change, 1 to destroy.
@niuzhenguo
Copy link
Member

@Jason-Zhang9309 please take a look at this.

@Jason-Zhang9309
Copy link
Collaborator

@gutierrezps I've asked the CCE service team about this problem. This parameter is deprecated. support_istio is true for all cce clusters, and can not be changed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Jason-Zhang9309 Jason-Zhang9309

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@niuzhenguo @gutierrezps @Jason-Zhang9309