I’m in a loop trying to destroy eks cluster using create = false instead of terraform destroy in “terraform-aws-eks” sample code:
I can run terraform apply without issues, but if I use create=false and terraform apply (instead of terraform destroy) to destroy eks cluster:
provider "kubernetes" {
host = module.eks.cluster_endpoint
cluster_ca_certificate = base64decode(module.eks.cluster_certificate_authority_data)
exec {
api_version = "client.authentication.k8s.io/v1beta1"
command = "aws"
args = ["eks", "get-token", "--cluster-name", local.name]
}
}
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "~> 19.12"
create = var.create ### => var.create = false
...
}
Terraform apply at provider evaluation probably notes module.eks destroy during resource using the kubernetes provider state check and returns:
│ Error: Get "http://localhost/api/v1/namespaces/kube-system/configmaps/aws-auth": dial tcp [::1]:80: connect: connection refused
│ with module.eks.kubernetes_config_map_v1_data.aws_auth[0],
│ on .terraform/modules/eks/main.tf line 553, in resource kubernetes_config_map_v1_data" "aws_auth":
│ 553: resource "kubernetes_config_map_v1_data" "aws_auth" {
I try to add data source to decouple provider from module.eks
data "aws_eks_cluster" "clus1" {
name = local.name
}
provider "kubernetes" {
host = try(data.aws_eks_cluster.clus1.endpoint, module.eks.cluster_endpoint, null)
cluster_ca_certificate = try(base64decode(data.aws_eks_cluster.clus1.certificate_authority[0].data), base64decode(module.eks.cluster_certificate_authority_data), null)
exec {
api_version = "client.authentication.k8s.io/v1beta1"
command = "aws"
args = ["eks", "get-token", "--cluster-name", local.name]
}
}
and this worked for destruction but on next apply data source cannot find eks cluster and so returns:
│ Error: reading EKS Cluster (...): couldn't find resource
│ with data.aws_eks_cluster.clus1,
│ on main_eks_mila.tf line 27, in data "aws_eks_cluster" "clus1":
│ 27: data "aws_eks_cluster" "clus1" {
And as far as I know, data source doesn’t allow empty result.
There is a viable solution to manage this ?