#cloudposse (2024-01)

<http://cloudposse.com/quizcloudposse.com/quiz>

Want to hire Cloud Posse? Take our quiz. <http://cloudposse.com/quizcloudposse.com/quiz>

2024-01-12

Sean Faria avatar
Sean Faria
04:50:46 PM

Hey everyone, I am running into an error when trying running module "eks_cluster" { source = "cloudposse/eks-cluster/aws" Does anyone have any idea about this?

╷
│ Error: Value Conversion Error
│ 
│   with module.eks_cluster.provider["registry.terraform.io/hashicorp/kubernetes"],
│   on .terraform/modules/eks_cluster/auth.tf line 96, in provider "kubernetes":
│   96: provider "kubernetes" {
│ 
│ An unexpected error was encountered trying to build a value. This is always an error in the provider. Please report the following to the provider developer:
│ 
│ Received unknown value, however the target type cannot handle unknown values. Use the corresponding `types` package type or a custom type that handles unknown values.
│ 
│ Path: exec
│ Target Type: []struct { APIVersion basetypes.StringValue "tfsdk:\"api_version\""; Command basetypes.StringValue "tfsdk:\"command\""; Env map[string]basetypes.StringValue "tfsdk:\"env\""; Args []basetypes.StringValue "tfsdk:\"args\"" }
│ Suggested Type: basetypes.ListValue
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
04:53:10 PM

pin the kubernetes provider to 2.24.0

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
04:54:10 PM

in 2.25.0 they changed a lot of things, switched to the newer TF plugins framework, and the module was broken (but only when creating new EKS cluster, it works on existing ones)

Sean Faria avatar
Sean Faria
05:01:54 PM

hmm i assumed it was because of the auth.tf since why would it try to authenticate before the cluster is created. Let me try you suggestion

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
05:03:31 PM

yes, it’s related to auth.tf only when creating new clusters using kubenetes provider 2.25.1 (all after 2.24.0)

Sean Faria avatar
Sean Faria
05:17:55 PM

it didn’t solve it, but i ran the following first and it resolved it: terragrunt apply -target=module.eks_cluster.aws_eks_cluster.default[0] So i think it may be a combination. I think i will create a bug report Thanks again

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
05:21:17 PM

you probably didn’t clear the tf cache and the lock file, so the cached provider was used

Sean Faria avatar
Sean Faria
05:28:53 PM

okay, I will let you know since i will be doing this about 5 times today

Jeremy G (Cloud Posse) avatar
Jeremy G (Cloud Posse)
12:08:12 PM

@Sean Faria You may want to try eks-cluster v4.0.0-rc1 (PR 206), which gets around this whole set of problems by ditching the ConfigMap for the new AWS API. Be sure to read the migration doc!

If you do try it, let us know what you think.

#206 Use AWS API for EKS authentication and authorization

Major Breaking Changes

Warning

This release has major breaking changes and requires significant manual intervention
to upgrade existing clusters. Read the migration document
for more details.

what

• Use the AWS API to manage EKS access controls instead of the aws-auth ConfigMap • Remove support for creating an extra security group, deprecated in v2 • Add IPv6 service CIDR output • Update test framework to go v1.21, Kubernetes 1.29, etc.

why

• Remove a large number of bugs, hacks, and flaky behaviors • Encourage separation of concerns (use another module to create a security group) • Requested and authored by @colinh6 • Stay current

references

New API for EKS access control • Obsoletes and closes #148 • Obsoletes and closes #155 • Obsoletes and closes #167 • Obsoletes and closes #168 • Obsoletes and closes #193 • Obsoletes and closes #202 • Fixes #203 • Supersedes and closes #173 • Supersedes and closes #194 • Supersedes and closes #195 • Supersedes and closes #196 • Supersedes and closes #197 • Supersedes and closes #198 • Supersedes and closes #199 • Supersedes and closes #200 • Supersedes and closes #201

    keyboard_arrow_up