Dynamically creation of K8s manifests

Terraform
1

Hi, I’m trying to create some K8s manifest based on subnets with the following code:

module "pods_subnet_addrs" {
  source = "hashicorp/subnets/cidr"
  version = "1.0.0"

  base_cidr_block = var.pods_cidr
  networks = [
    {
      name     = "${var.aws_region}a"
      new_bits = 1
    },
    {
      name     = "${var.aws_region}b"
      new_bits = 2
    },
    {
      name     = "${var.aws_region}c"
      new_bits = 2
    },        
  ]
}
resource "aws_subnet" "pod_subnets" {
  for_each = module.pods_subnet_addrs.network_cidr_blocks
  depends_on = [
    aws_vpc_ipv4_cidr_block_association.pod_cidr
  ]

  vpc_id            = data.terraform_remote_state.vpc.outputs.vpc_id
  availability_zone = each.key
  cidr_block        = each.value

  tags = merge(
    local.common_tags,
    {
      "Name" = format(
        "${var.environment_name}-pods-network-%s",
        each.key)
    } )  
}
resource "kubernetes_manifest" "ENIconfig" {
  for_each = module.pods_subnet_addrs.network_cidr_blocks
  manifest = {
    "apiVersion" = "crd.k8s.amazonaws.com/v1alpha1"
    "kind" = "ENIConfig"
    "metadata" = {
      "name" = each.key
    }
    "spec" = {
      "securityGroups" = [
        aws_security_group.worker_node.id,
      ]
      "subnet" = aws_subnet.pod_subnets[each.key].id
    }        
  }
}

However, running this code fails with the following error:

Provider "registry.terraform.io/hashicorp/kubernetes" planned an invalid value for kubernetes_manifest.ENIconfig["eu-west-3a"].manifest: planned value cty.ObjectVal(map[string]cty.Value{"apiVersion":cty.StringVal("crd.k8s.amazonaws.com/v1alpha1"), "kind":cty.StringVal("ENIConfig"),"metadata":cty.ObjectVal(map[string]cty.Value{"name":cty.StringVal("eu-west-3a")}), "spec":cty.ObjectVal(map[string]cty.Value{"securityGroups":cty.TupleVal([]cty.Value{cty.StringVal("sg-07e264400925e9a4a")}),"subnet":cty.NullVal(cty.String)})}) does not match config value cty.ObjectVal(map[string]cty.Value{"apiVersion":cty.StringVal("crd.k8s.amazonaws.com/v1alpha1"),"kind":cty.StringVal("ENIConfig"),"metadata":cty.ObjectVal(map[string]cty.Value{"name":cty.StringVal("eu-west-3a")}), "spec":cty.ObjectVal(map[string]cty.Value{"securityGroups":cty.TupleVal([]cty.Value{cty.StringVal("sg-07e264400925e9a4a")}),"subnet":cty.UnknownVal(cty.String)})}).

Any idea why?