-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Module is forcing cluster creation when updating cluster with secret encryption key #1249
Comments
@barryib @babilen5 @dpiddockcmp Any thoughts on this ? |
We also just got hit by the same issue. We had our cluster setup without the encryption config and now that we have added the config to use AWS KMS, but the module forces the replacement of the cluster and can not apply the Terraform configuration as it struggles with creating a new cluster with the same name as the old one. |
Checking in the provider code looks like https://github.com/hashicorp/terraform-provider-aws/blob/master/aws/resource_aws_eks_cluster.go#L60 is causing the issue!!! May be it's for the aws provider to fix it |
This is a limitation of the EKS platform. You must enable the customer managed key at cluster creation:
https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/ |
|
So shall this be re-opened? |
We hit this aswell now, works fine to modify the cluster in AWS Console after creation, but terraform wants to re-create the cluster |
so looks like it should be addressed with aws provider changes: |
It has already been fixed in https://github.com/hashicorp/terraform-provider-aws/blob/v3.47.0/CHANGELOG.md#3470-june-24-2021. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
I have issues while updating the current cluster to use an Encryption key for secrets
I'm submitting a...
What is the current behavior?
Currently, if supplying
Encryption key for secrets
module is forcing to recreate the cluster which is obviously causing the issue as a cluster with same name existsTerraform Error:
If this is a bug, how to reproduce? Please include a code sample if relevant.
Create eks cluster without encryption key for secrets and then try to update same cluster using module with passing encryption key and module will try to create new cluster instead of updating same cluster
What's the expected behavior?
Module should be able to update same cluster without forcing creation of new cluster
Are you able to fix this problem and submit a PR? Link here if you have already.
Environment details
Any other relevant info
The text was updated successfully, but these errors were encountered: