TL;DR
Opening a new issue, as #2515 has been closed as stale by a bot. Though the issue still persists:
We are seeing a diff on each plan for node_kubelet_config, even if there are no changes at all. We use the module beta-private-cluster-update-variant
Expected behavior
If there are no changes to the resource, I would expect the plan to show no diff.
Observed behavior
Every plan shows the following diff:
~ resource "google_container_cluster" "primary" {
id = "[REDACTED]"
name = "[REDACTED]"
# (34 unchanged attributes hidden)
+ node_pool_auto_config {
+ node_kubelet_config (known after apply)
}
# (46 unchanged blocks hidden)
}
Terraform Configuration
module "gke_cluster" {
source = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster-update-variant"
version = "43.0.0"
project_id = [REDACTED]
name = [REDACTED]
regional = false
ip_range_pods = [REDACTED]
ip_range_services = [REDACTED]
additional_ip_range_pods = [REDACTED]
maintenance_start_time = "02:00"
remove_default_node_pool = true
[REDACTED values that are not relevant]
master_authorized_networks = [REDACTED]
node_pools_oauth_scopes = {
"all" = [
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/devstorage.read_only"
]
}
cluster_autoscaling = {
enabled = true
[REDACTED]
gpu_resources = [REDACTED]
}
node_pools = [
{
[REDACTED]
},
{
[REDACTED]
},
{
[REDACTED]
},
]
node_pools_taints = [REDACTED]
node_pools_labels = [REDACTED]
timeouts = {
create = "45m"
update = "45m"
delete = "45m"
}
cluster_resource_labels = {
managed-by-terraform = true
}
}Terraform Version
Terraform Provider Versions
Providers required by configuration:
.
├── provider[registry.opentofu.org/hashicorp/google-beta] ~> 7.0
├── provider[registry.opentofu.org/hashicorp/random]
├── provider[terraform.io/builtin/terraform]
├── provider[registry.opentofu.org/hashicorp/google] ~> 7.0
├── module.secret_manager_secrets
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 4.83.0, < 8.0.0
│ └── provider[registry.opentofu.org/hashicorp/google-beta] >= 4.83.0, < 8.0.0
├── module.wiggle-workflows
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 6.37.0, < 8.0.0
│ └── module.encryption_key
│ └── provider[registry.opentofu.org/hashicorp/google] >= 5.31.0, < 8.0.0
├── module.[REDACTED]
│ └── provider[registry.opentofu.org/hashicorp/google]
├── module.[REDACTED]
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 7.0.0, < 8.0.0
│ ├── provider[registry.opentofu.org/hashicorp/google-beta] >= 7.0.0, < 8.0.0
│ ├── provider[registry.opentofu.org/hashicorp/kubernetes] >= 2.10.0, < 4.0.0
│ └── provider[registry.opentofu.org/hashicorp/random] >= 2.1.0
├── module.[REDACTED]
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 7.0.0, < 8.0.0
│ ├── provider[registry.opentofu.org/hashicorp/google-beta] >= 7.0.0, < 8.0.0
│ ├── provider[registry.opentofu.org/hashicorp/kubernetes] ~> 2.10
│ └── provider[registry.opentofu.org/hashicorp/random] >= 2.1.0
├── module.storage_bucket-iam-bindings
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 3.53.0, < 8.0.0
│ └── module.helper
├── module.labtools_postgresql
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 7.2.0, < 8.0.0
│ ├── provider[registry.opentofu.org/hashicorp/google-beta] >= 7.2.0, < 8.0.0
│ ├── provider[registry.opentofu.org/hashicorp/null] ~> 3.1
│ └── provider[registry.opentofu.org/hashicorp/random] ~> 3.1
├── module.iap_tunneling_personal_workstations
│ └── provider[registry.opentofu.org/hashicorp/google] >= 3.53.0, < 8.0.0
├── module.infra_tools_postgresql
│ ├── provider[registry.opentofu.org/hashicorp/google-beta] >= 7.2.0, < 8.0.0
│ ├── provider[registry.opentofu.org/hashicorp/null] ~> 3.1
│ ├── provider[registry.opentofu.org/hashicorp/random] ~> 3.1
│ └── provider[registry.opentofu.org/hashicorp/google] >= 7.2.0, < 8.0.0
├── module.mlflow_gcs_bucket
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 6.37.0, < 8.0.0
│ └── module.encryption_key
│ └── provider[registry.opentofu.org/hashicorp/google] >= 5.31.0, < 8.0.0
├── module.platform_gcs_bucket
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 6.37.0, < 8.0.0
│ └── module.encryption_key
│ └── provider[registry.opentofu.org/hashicorp/google] >= 5.31.0, < 8.0.0
├── module.project_services
│ ├── provider[registry.opentofu.org/hashicorp/google-beta] >= 3.43.0, < 8.0.0
│ └── provider[registry.opentofu.org/hashicorp/google] >= 3.43.0, < 8.0.0
├── module.[REDACTED]
│ └── provider[registry.opentofu.org/hashicorp/google]
├── module.custom_predictors_bucket
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 6.37.0, < 8.0.0
│ └── module.encryption_key
│ └── provider[registry.opentofu.org/hashicorp/google] >= 5.31.0, < 8.0.0
├── module.gcs_bucket_tfstate
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 6.37.0, < 8.0.0
│ └── module.encryption_key
│ └── provider[registry.opentofu.org/hashicorp/google] >= 5.31.0, < 8.0.0
├── module.iap_tunneling_bastions
│ └── provider[registry.opentofu.org/hashicorp/google] >= 3.53.0, < 8.0.0
├── module.internal_static_webcontent_bucket
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 6.37.0, < 8.0.0
│ └── module.encryption_key
│ └── provider[registry.opentofu.org/hashicorp/google] >= 5.31.0, < 8.0.0
├── module.mlmock_gcs_bucket
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 6.37.0, < 8.0.0
│ └── module.encryption_key
│ └── provider[registry.opentofu.org/hashicorp/google] >= 5.31.0, < 8.0.0
├── module.flyteadmin_postgresql
│ ├── provider[registry.opentofu.org/hashicorp/null] ~> 3.1
│ ├── provider[registry.opentofu.org/hashicorp/random] ~> 3.1
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 7.2.0, < 8.0.0
│ └── provider[registry.opentofu.org/hashicorp/google-beta] >= 7.2.0, < 8.0.0
├── module.mldata_gcs_bucket
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 6.37.0, < 8.0.0
│ └── module.encryption_key
│ └── provider[registry.opentofu.org/hashicorp/google] >= 5.31.0, < 8.0.0
├── module.platform_postgresql
│ ├── provider[registry.opentofu.org/hashicorp/random] ~> 3.1
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 7.2.0, < 8.0.0
│ ├── provider[registry.opentofu.org/hashicorp/google-beta] >= 7.2.0, < 8.0.0
│ └── provider[registry.opentofu.org/hashicorp/null] ~> 3.1
├── module.flyteadmin_gcs_bucket
│ ├── provider[registry.opentofu.org/hashicorp/google] >= 6.37.0, < 8.0.0
│ └── module.encryption_key
│ └── provider[registry.opentofu.org/hashicorp/google] >= 5.31.0, < 8.0.0
├── module.[REDACTED]
│ └── provider[registry.opentofu.org/hashicorp/google]
└── module.audit_logs_bucket
├── provider[registry.opentofu.org/hashicorp/google] >= 6.37.0, < 8.0.0
└── module.encryption_key
└── provider[registry.opentofu.org/hashicorp/google] >= 5.31.0, < 8.0.0
Providers required by state:
provider[registry.opentofu.org/hashicorp/google]
provider[registry.opentofu.org/hashicorp/google-beta]
provider[registry.opentofu.org/hashicorp/null]
provider[registry.opentofu.org/hashicorp/random]
provider[terraform.io/builtin/terraform]Additional information
No response
TL;DR
Opening a new issue, as #2515 has been closed as stale by a bot. Though the issue still persists:
We are seeing a diff on each plan for node_kubelet_config, even if there are no changes at all. We use the module beta-private-cluster-update-variant
Expected behavior
If there are no changes to the resource, I would expect the plan to show no diff.
Observed behavior
Every plan shows the following diff:
Terraform Configuration
Terraform Version
Terraform Provider Versions
Additional information
No response