terraform-provider-kubernetes: kubernetes_secret produces inconsistent final plan

When creating a kubernetes_secret with mutltiple file on the first run then Terraform throws the following error:

Error: Provider produced inconsistent final plan

When expanding the plan for kubernetes_secret.tls_secret to include new values
learned so far during apply, provider "registry.terraform.io/-/kubernetes"
produced an invalid new value for .data: inconsistent values for sensitive
attribute.

This is a bug in the provider, which should be reported in the provider's own
issue tracker.

Terraform Version

Terraform: v0.12.20 K8s provider version: v1.11.1

Affected Resource(s)

  • kubernetes_secret

Terraform Configuration Files

resource "kubernetes_secret" "tls_secret" {
  type = "kubernetes.io/tls"

  metadata {
    name = var.tls_secret_name
  }

  data = {
    "tls.crt" = file("${path.module}/resources/gcp.crt")
    "tls.key" = file("${path.module}/resources/gcp.key")
  }
}

Expected Behavior

Resource should create without throwing an error

Actual Behavior

First run produces the following error:

Error: Provider produced inconsistent final plan

When expanding the plan for kubernetes_secret.tls_secret to include new values
learned so far during apply, provider "registry.terraform.io/-/kubernetes"
produced an invalid new value for .data: inconsistent values for sensitive
attribute.

This is a bug in the provider, which should be reported in the provider's own
issue tracker.

This issue goes away on the second run

Steps to Reproduce

  1. terraform init
  2. terraform plan -out=test.plan
  3. terraform apply

About this issue

  • Original URL
  • State: open
  • Created 4 years ago
  • Reactions: 16
  • Comments: 19

Most upvoted comments

Running into the same issue w/ following simple secret creation

resource "kubernetes_secret" "rabbitmq" {
  metadata {
    name      = "rabbitmq-admin-credentials"
    namespace = "rabbitmq"
    labels = {
      "app.kubernetes.io/managed-by" = "terraform"
    }
  }

  data = {
    username              = data.cloudamqp_credentials.credentials.username
    password              = data.cloudamqp_credentials.credentials.password
    host                  = "${replace(cloudamqp_instance.instance.host, ".rmq.", ".in.")}"
    external_host         = cloudamqp_instance.instance.host
    vhost                 = cloudamqp_instance.instance.vhost
    apikey                = cloudamqp_instance.instance.apikey
  }
}

First time, it got made fine, and having this error on subsequent runs.

+2
yashbhutwala on Oct 30, 2020
Read more comments on GitHub
← terraform-provider-kubernetes: kubernetes_resource_quota variable interpolation does not work with terraform v0.12.0
terraform-provider-kubernetes: Name validation regex is invalid →