[FIX] Workaround terraform provider bug with 1.24 K8s

Service account can not be created for 1.24 cluster. Bug details and discussion could be foud [in this thread](hashicorp/terraform-provider-kubernetes#1724)
magiclabs · Jul 25, 2022 · 5883811 · 5883811
1 parent 21e015b
commit 5883811
Showing 1 changed file with 24 additions and 20 deletions.
diff --git a/DevOps/state-metrics.tf b/DevOps/state-metrics.tf
@@ -1,34 +1,38 @@
-resource "kubernetes_secret" "state_metrics_local_sa_token" {
+/*
+  NOTE: Using `kubernetes_manifest` resource due to a bug in the terraform provider. Details can be found here:
+  https://github.com/hashicorp/terraform-provider-kubernetes/issues/1724#issuecomment-1139450178
+*/
+resource "kubernetes_manifest" "state_metrics_local_sa" {
   provider = kubernetes.local
 
-  metadata {
-    name      = "state-metrics-token"
-    namespace = kubernetes_namespace.mon_local.metadata[0].name
-    annotations = {
-      "kubernetes.io/service-account.name" = "state-metrics"
+  manifest = {
+    apiVersion = "v1"
+    kind       = "ServiceAccount"
+    metadata = {
+      namespace = kubernetes_namespace.mon_local.metadata[0].name
+      name      = "state-metrics"
+
+      labels = {
+        app = "state-metrics"
+      }
     }
-  }
 
-  type = "kubernetes.io/service-account-token"
+    automountServiceAccountToken = false
+  }
 }
 
-resource "kubernetes_service_account" "state_metrics_local" {
+resource "kubernetes_secret" "state_metrics_local_sa_token" {
   provider = kubernetes.local
 
-  automount_service_account_token = false
-
   metadata {
-    name      = "state-metrics"
+    name      = "state-metrics-token"
     namespace = kubernetes_namespace.mon_local.metadata[0].name
-
-    labels = {
-      app = "state-metrics"
+    annotations = {
+      "kubernetes.io/service-account.name" = kubernetes_manifest.state_metrics_local_sa.manifest.metadata.name
     }
   }
 
-  depends_on = [
-    kubernetes_secret.state_metrics_local_sa_token
-  ]
+  type = "kubernetes.io/service-account-token"
 }
 
 resource "kubernetes_cluster_role" "state_metrics_local" {
@@ -153,7 +157,7 @@ resource "kubernetes_cluster_role_binding" "state_metrics_local" {
 
   subject {
     kind      = "ServiceAccount"
-    name      = kubernetes_service_account.state_metrics_local.metadata[0].name
+    name      = kubernetes_manifest.state_metrics_local_sa.manifest.metadata.name
     namespace = kubernetes_namespace.mon_local.metadata[0].name
     api_group = ""
   }
@@ -226,7 +230,7 @@ resource "kubernetes_deployment" "state_metrics_local" {
 
       spec {
         enable_service_links            = false
-        service_account_name            = kubernetes_service_account.state_metrics_local.metadata[0].name
+        service_account_name            = kubernetes_manifest.state_metrics_local_sa.manifest.metadata.name
         automount_service_account_token = true
 
         host_network = true