rke_cluster.cluster network changes on all terraform apply without any change

[riveryc]

If I re-run "terraform apply" with no change, it keeps showing the network change below:

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  ~ rke_cluster.cluster
      network.0.options.%:                     "1" => "0"
      network.0.options.calico_cloud_provider: "none" => ""
      rke_cluster_yaml:                        <sensitive> => <computed> (attribute changed)

The whole rke cluster tf files as below:

locals {
  master_ip_list = "${aws_instance.k8smaster.*.private_ip}"
  worker_ip_list = "${aws_instance.k8sworker.*.private_ip}"
}

data rke_node_parameter "k8smaster" {
  count   = "${length(local.master_ip_list)}"
  address = "${local.master_ip_list[count.index]}"
  user    = "ec2-user"
  role    = ["controlplane", "etcd"]
  ssh_key = "${file("${var.key_name}.pem")}"
}
data rke_node_parameter "k8sworker" {
  count   = "${length(local.worker_ip_list)}"
  address = "${local.worker_ip_list[count.index]}"
  user    = "ec2-user"
  role    = ["worker"]
  ssh_key = "${file("${var.key_name}.pem")}"
}

resource "rke_cluster" "cluster" {

  nodes_conf = ["${data.rke_node_parameter.k8smaster.*.json}","${data.rke_node_parameter.k8sworker.*.json}"]

  # If set to true, RKE will not fail when unsupported Docker version are found
  ignore_docker_version = false

  ################################################
  # Private Registries
  ################################################
  # List of registry credentials, if you are using a Docker Hub registry,
  # you can omit the `url` or set it to `docker.io`
#   private_registries {
#     url      = "registry1.com"
#     user     = "Username"
#     password = "password1"
#   }
#   private_registries {
#     url      = "registry2.com"
#     user     = "Username"
#     password = "password1"
#   }

  ################################################
  # Versions
  ################################################
  # The kubernetes version used.
  # For now, this should match the version defined in rancher/types defaults map:
  #    https://github.com/rancher/types/blob/master/apis/management.cattle.io/v3/k8s_defaults.go#L14
  #
  # In case the kubernetes_version and kubernetes image in system_images are defined,
  # the system_images configuration will take precedence over kubernetes_version.
  kubernetes_version = "${var.k8s_version}"

  #########################################################
  # Network(CNI) - supported: flannel/calico/canal/weave
  #########################################################
  # There are several network plug-ins that work, but we default to canal
  network {
    plugin = "${var.k8s_network_plugin}"
  }

  ################################################
  # Ingress
  ################################################
  # Currently only nginx ingress provider is supported.
  # To disable ingress controller, set `provider: none`
  ingress {
    provider = "nginx"
  }

  ###############################################
  # Kubernetes services
  ###############################################
  services_etcd {
    # if external etcd used
    #path      = "/etcdcluster"
    #ca_cert   = file("ca_cert")
    #cert      = file("cert")
    #key       = file("key")

    # for etcd snapshots
    snapshot  = false
    #retention = "24h"
    #creation  = "5m0s"
  }
}

resource "local_file" "kube_cluster_yaml" {
  filename = "./kube_config_cluster.yml"
  content  = "${rke_cluster.cluster.kube_config_yaml}"
}

[yamamoto-febc]

Hi @riveryc , thank you for reporting.

I'm going to try reproduce this. Could you tell me the result of terraform version?

[yamamoto-febc]

I could reproduced this problem with following versions:

• Terraform: v0.11.11
• RKE provider: latest

I think rke_cluster.network.options should be Computed: true.
I'm going to fix this.

[yamamoto-febc]

We have released terraform-provider-rke v0.10.0.
https://github.com/yamamoto-febc/terraform-provider-rke/releases/tag/0.10.0

Please try it.

[riveryc]

We have released terraform-provider-rke v0.10.0.
https://github.com/yamamoto-febc/terraform-provider-rke/releases/tag/0.10.0

Please try it.

Thanks so much!

Another issue is we have to run this whole thing 2 times:

1. provision the EC2, etc...
2. copy the rke terraform file to the main dir & re-run it again as it couldn't calculate the IP, etc...

Any better suggestion?

Thanks!

[yamamoto-febc]

Perhaps this example(EC2+RKE provider) may be helpful.
https://github.com/yamamoto-febc/terraform-provider-rke/tree/master/examples/aws_ec2

If it still goes badly, please post new Issue with details.

[invidian]

@riveryc did v0.10.0 solve this issue for you? If yes, I think this issue can be closed.

[riveryc]

Thanks guys!