Azurerm_container_app seems to ignore my lifecycle ignore_changes

kristianschneider · September 3, 2024, 2:20pm

I have the following azurerm_container_app :

resource "azurerm_container_app"  "inboundservice" {
  name = "${module.naming.container_app.name}-${local.inbound_service_name}"
 
  container_app_environment_id  = module.managed_environment.id
  resource_group_name = module.rg_object.resource_group_name
  revision_mode = "Single"
  lifecycle {
    ignore_changes = [template[0]]
  }
  secret {
      name  = "rabbitpassword"
      value = module.rabbitmquser.rabbitmq_password
  }

  template {
  min_replicas = 1
  max_replicas = 1
  container  {
      name   = local.inbound_service_name
      memory = "0.5Gi"
      cpu    = 0.25
      image  = "myacr.azurecr.io/myimage:latest"
      env  {
        name  = "rabbitMq__userName"
        value = module.rabbitmquser.rabbitmq_username
      }
      env {
        name  = "rabbitMq__password"
        secret_name   = "rabbitpassword"
      }
      env {
        name  = "rabbitMq__vHost"
        value = local.vHost
      }
      env {
        name  = "rabbitMq__host__name"
        value = data.azurerm_key_vault_secret.rabbithost.value
      }
      env {
        name  = "rabbitMq__domainName"
        value = "XXXX"
      }
      env {
        name  = "rabbitMq__env"
        value = var.ENVIRONMENTNAME
      }
      env {
        name = "debug"
        value = azurerm_user_assigned_identity.inbound.id
      }
      
  }
  }

  identity {
    type = "UserAssigned"
    identity_ids = [azurerm_user_assigned_identity.inbound.id]
  }

  registry {
    server   = data.azurerm_container_registry.sharedacr.login_server
    identity = azurerm_user_assigned_identity.inbound.id
  }
}

Everytime I run my plan TF detects changes. For example:

      ~ id                            = "xxx" -> (known after apply)
      + latest_revision_fqdn          = (known after apply)
      ~ latest_revision_name          = "xxxx--ninjmas" -> (known after apply)
      ~ location                      = "westeurope" -> (known after apply)
        name                          = "xxxx"
      ~ outbound_ip_addresses         = [
          - "xxxxx",
        ] -> (known after apply)
      - tags                          = {} -> null
        # (3 unchanged attributes hidden)

      ~ identity {
          + principal_id = (known after apply)
          + tenant_id    = (known after apply)
            # (2 unchanged attributes hidden)
        }

      ~ template {
          + revision_suffix = (known after apply)
            # (2 unchanged attributes hidden)

          ~ container {
              - args              = [] -> null
              - command           = [] -> null
              ~ ephemeral_storage = "1Gi" -> (known after apply)
                name              = "xxxxx"
                # (3 unchanged attributes hidden)

                # (7 unchanged blocks hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

I’ve tried all sorts of permutations of trying to ignore the template for example:

lifecycle {
    ignore_changes = [template]
  }

template[0].container[0]

template[0]

It allways detects a change.

Ultimatly I want TF to ignore if I update the revision externally with az containerapp revision copy

What am I doing wrong?

Topic		Replies	Views
Lifecycle and ARM template deployment Azure	0	589	July 2, 2021
Terraform lifecycle ignore_changes applies to all keys for azurerm_linux_web_app.site_config, although only one key is selected Azure	3	1521	June 20, 2023
Bug updating Environment variable in azurerm container app Azure	0	150	January 31, 2024
Azure app service health check with swap Azure	0	1462	April 5, 2021
Help with setting the Registry managed user identity on a Container App Azure	2	702	March 28, 2023

Azurerm_container_app seems to ignore my lifecycle ignore_changes

Related topics