I have seen this in a few example and in the official documentation.
data "kubectl_path_documents" "karpenter_provisioners" {
pattern = "${path.module}/provisioners/*.yaml"
vars = {
azs = join(",", var.vpc_config.azs)
subnets = join(",", module.vpc_eks.private_subnets)
instance_types = join(",", var.ng_config.instance_types)
instance_profile = module.eks_bp.managed_node_group_iam_instance_profile_id[0]
eks_cluster_id = local.cluster_name
eks_vpc_name = module.vpc_eks.name
security_group = module.eks_bp.worker_node_security_group_id
ng_volume_size = var.ng_config.volume_size
}
}
resource "kubectl_manifest" "karpenter_provisioner" {
for_each = toset(data.kubectl_path_documents.karpenter_provisioners.documents)
yaml_body = each.value
depends_on = [module.eks_bp_k8s_addons]
}
Error
Error: Invalid for_each argument
│
│ on karpenter.tf line 57, in resource "kubectl_manifest" "karpenter_provisioner":
│ 57: for_each = toset(data.kubectl_path_documents.karpenter_provisioners.documents)
│ ├────────────────
│ │ data.kubectl_path_documents.karpenter_provisioners.documents is a list of string, known only after apply
│
│ The "for_each" set includes values derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource.
│
│ When working with unknown values in for_each, it's better to use a map value where the keys are defined statically in your configuration and where only the values contain apply-time results.
│
│ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a second time to fully converge.
Associated doc: Terraform Registry
Is there a work around that does include, commenting out the resource “kubectl_manifest” do an apply, then uncomment and do an apply again?