Helm release cert manager issue

nesa · March 20, 2022, 10:31am

Hi,
does anybody knows why all of a sudden I have this error message when trying to apply cert-manager?
│ Error: Plugin error
│
│ The plugin returned an unexpected error from
│ plugin.(*GRPCProvider).ReadResource: rpc error: code = Unknown desc = no
│ matches for kind “ClusterIssuer” in version “cert-manager.io/v1”
I’m trying to configure aks ingress controller, and it’s strange because same script worked fine on friday (and also before).
Application was configured but I had issues with accessing it so I destroyed everything and tried from scratch but now I can’t continue because of this issue.
Here is the log:
2022-03-20T13:10:10.138+0100 [INFO] provider: configuring client automatic mTLS
2022-03-20T13:10:10.394+0100 [INFO] provider.terraform-provider-kubectl_v1.13.1.exe: configuring server automatic mTLS: timestamp=2022-03-20T13:10:10.289+0100
2022-03-20T13:10:10.483+0100 [INFO] provider: configuring client automatic mTLS
2022-03-20T13:10:10.494+0100 [WARN] ValidateProviderConfig from "provider["Terraform Registry changed the config value, but that value is unused
2022-03-20T13:10:10.739+0100 [INFO] provider.terraform-provider-kubernetes_v2.5.1_x5.exe: configuring server automatic mTLS: timestamp=2022-03-20T13:10:10.638+0100
2022-03-20T13:10:10.857+0100 [INFO] provider: configuring client automatic mTLS
2022-03-20T13:10:10.935+0100 [WARN] ValidateProviderConfig from "provider["Terraform Registry changed the config value, but that value is unused
2022-03-20T13:10:14.239+0100 [INFO] provider.terraform-provider-helm_v2.3.0_x5.exe: configuring server automatic mTLS: timestamp=2022-03-20T13:10:14.110+0100
2022-03-20T13:10:14.328+0100 [INFO] ReferenceTransformer: reference not found: “var.name”
2022-03-20T13:10:14.328+0100 [INFO] ReferenceTransformer: reference not found: “var.namespace”
module.devops-service-account.kubernetes_service_account.account: Refreshing state… [id=default/at.salzburg-ag.ds.cognigy-service-account]
2022-03-20T13:10:14.336+0100 [WARN] ValidateProviderConfig from "provider["Terraform Registry changed the config value, but that value is unused
2022-03-20T13:10:14.337+0100 [INFO] provider.terraform-provider-helm_v2.3.0_x5.exe: 2022/03/20 13:10:14 [DEBUG] Experiments enabled: : timestamp=2022-03-20T13:10:14.337+0100
2022-03-20T13:10:14.339+0100 [INFO] provider.terraform-provider-helm_v2.3.0_x5.exe: 2022/03/20 13:10:14 [WARN] Truncating attribute path of
0 diagnostics for TypeSet: timestamp=2022-03-20T13:10:14.339+0100
2022-03-20T13:10:14.343+0100 [INFO] provider.terraform-provider-helm_v2.3.0_x5.exe: 2022/03/20 13:10:14 [DEBUG] [resourceDiff: cert-manager] Start: timestamp=2022-03-20T13:10:14.343+0100
2022-03-20T13:10:14.669+0100 [WARN] Provider “Terraform Registry” produced an unexpected new value for module.devops-service-account.kubernetes_service_account.account during refresh.
- Root resource was present, but now absent
2022-03-20T13:10:14.675+0100 [WARN] Provider “Terraform Registry” produced an invalid plan for module.devops-service-account.kubernetes_service_account.account, but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .automount_service_account_token: planned value cty.True for a non-computed attribute
- .metadata[0].annotations: planned value cty.NullVal(cty.Map(cty.String)) does not match config value cty.MapValEmpty(cty.String)
- .metadata[0].labels: planned value cty.NullVal(cty.Map(cty.String)) does not match config value cty.MapValEmpty(cty.String)
2022-03-20T13:10:14.678+0100 [INFO] ReferenceTransformer: reference not found: “var.namespace”
2022-03-20T13:10:14.678+0100 [INFO] ReferenceTransformer: reference not found: “var.name”
2022-03-20T13:10:14.678+0100 [INFO] ReferenceTransformer: reference not found: “var.namespace”
2022-03-20T13:10:14.680+0100 [INFO] ReferenceTransformer: reference not found: “var.kubernetes-namespace”
module.devops-service-account.kubernetes_role_binding.bind: Refreshing state… [id=default/at.salzburg-ag.ds.cognigy-service-account-admin-role-binding]
kubernetes_cluster_role_binding.bind-cluster-admin: Refreshing state… [id=at.salzburg-ag.ds.cognigy-service-account-cluster-admin-cluster-role-binding]
2022-03-20T13:10:14.773+0100 [WARN] Provider “Terraform Registry” produced an unexpected new value for kubernetes_cluster_role_binding.bind-cluster-admin during refresh.
- Root resource was present, but now absent
2022-03-20T13:10:14.773+0100 [WARN] Provider “Terraform Registry” produced an unexpected new value for module.devops-service-account.kubernetes_role_binding.bind during refresh.
- Root resource was present, but now absent
2022-03-20T13:10:14.776+0100 [WARN] Provider “Terraform Registry” produced an invalid plan for module.devops-service-account.kubernetes_role_binding.bind, but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .metadata[0].annotations: planned value cty.NullVal(cty.Map(cty.String)) does not match config value cty.MapValEmpty(cty.String)
- .metadata[0].labels: planned value cty.NullVal(cty.Map(cty.String)) does not match config value cty.MapValEmpty(cty.String)
2022-03-20T13:10:14.776+0100 [WARN] Provider “Terraform Registry” produced an invalid plan for kubernetes_cluster_role_binding.bind-cluster-admin, but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .metadata[0].annotations: planned value cty.NullVal(cty.Map(cty.String)) does not match config value cty.MapValEmpty(cty.String)
- .metadata[0].labels: planned value cty.NullVal(cty.Map(cty.String)) does not match config value cty.MapValEmpty(cty.String)
2022-03-20T13:10:17.038+0100 [INFO] provider.terraform-provider-helm_v2.3.0_x5.exe: 2022/03/20 13:10:17 [DEBUG] [resourceDiff: cert-manager] Got chart: timestamp=2022-03-20T13:10:17.038+0100
2022-03-20T13:10:17.038+0100 [INFO] provider.terraform-provider-helm_v2.3.0_x5.exe: 2022/03/20 13:10:17 [DEBUG] [resourceDiff: cert-manager] Release validated: timestamp=2022-03-20T13:10:17.038+0100
2022-03-20T13:10:17.038+0100 [INFO] provider.terraform-provider-helm_v2.3.0_x5.exe: 2022/03/20 13:10:17 [DEBUG] [resourceDiff: cert-manager] Done: timestamp=2022-03-20T13:10:17.038+0100
2022-03-20T13:10:17.041+0100 [WARN] Provider “Terraform Registry” produced an invalid plan for helm_release.cert-manager,
but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .wait: planned value cty.True for a non-computed attribute
- .wait_for_jobs: planned value cty.False for a non-computed attribute
- .disable_webhooks: planned value cty.False for a non-computed attribute
- .recreate_pods: planned value cty.False for a non-computed attribute
- .dependency_update: planned value cty.False for a non-computed attribute
- .version: planned value cty.StringVal(“v1.7.0”) does not match config value cty.StringVal(“1.7.0”)
- .lint: planned value cty.False for a non-computed attribute
- .replace: planned value cty.False for a non-computed attribute
- .disable_crd_hooks: planned value cty.False for a non-computed attribute
- .timeout: planned value cty.NumberIntVal(300) for a non-computed attribute
- .atomic: planned value cty.False for a non-computed attribute
- .force_update: planned value cty.False for a non-computed attribute
- .render_subchart_notes: planned value cty.True for a non-computed attribute
- .reset_values: planned value cty.False for a non-computed attribute
- .disable_openapi_validation: planned value cty.False for a non-computed attribute
- .max_history: planned value cty.NumberIntVal(0) for a non-computed attribute
- .skip_crds: planned value cty.False for a non-computed attribute
- .verify: planned value cty.False for a non-computed attribute
- .reuse_values: planned value cty.False for a non-computed attribute
2022-03-20T13:10:17.046+0100 [INFO] ReferenceTransformer: reference not found: “helm_release.cert-manager”
2022-03-20T13:10:17.048+0100 [INFO] ReferenceTransformer: reference not found: “helm_release.cert-manager”
2022-03-20T13:10:17.049+0100 [INFO] ReferenceTransformer: reference not found: “helm_release.cert-manager”
2022-03-20T13:10:17.050+0100 [INFO] ReferenceTransformer: reference not found: “helm_release.cert-manager”
2022-03-20T13:10:17.102+0100 [WARN] Provider “Terraform Registry” produced an invalid plan for kubectl_manifest.issuer-prod, but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .force_new: planned value cty.False for a non-computed attribute
- .wait_for_rollout: planned value cty.True for a non-computed attribute
- .server_side_apply: planned value cty.False for a non-computed attribute
- .validate_schema: planned value cty.True for a non-computed attribute
2022-03-20T13:10:17.103+0100 [WARN] Provider “Terraform Registry” produced an invalid plan for kubectl_manifest.issuer-staging, but we are tolerating it because it is using the legacy plugin SDK.
The following problems may be the cause of any confusing errors from downstream operations:
- .server_side_apply: planned value cty.False for a non-computed attribute
- .validate_schema: planned value cty.True for a non-computed attribute
- .force_new: planned value cty.False for a non-computed attribute
- .wait_for_rollout: planned value cty.True for a non-computed attribute
kubernetes_manifest.issuer-staging: Refreshing state…
kubernetes_manifest.issuer-prod: Refreshing state…
2022-03-20T13:10:17.720+0100 [ERROR] plugin.(*GRPCProvider).ReadResource: error="rpc error: code = Unknown desc = no matches for kind “ClusterIssuer” in version “cert-manager.io/v1"”
2022-03-20T13:10:17.720+0100 [ERROR] plugin.(*GRPCProvider).ReadResource: error="rpc error: code = Unknown desc = no matches for kind “ClusterIssuer” in version “cert-manager.io/v1"”

Thanks a lot!

ppanyukov · March 21, 2022, 10:32am

Not exactly a terraform issue, but looks like you deleted CRDs? Try reinstalling them manually see if it helps, eg

# Kubernetes 1.15+
$ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.4/cert-manager.crds.yaml

# Kubernetes <1.15
$ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.4/cert-manager-legacy.crds.yaml

See more here: Kubernetes | cert-manager

nesa · March 21, 2022, 7:40pm

It worked! Thanks a lot!

Topic		Replies	Views
Terraform Errors and How to Debug Them Kubernetes helm	3	1742	September 8, 2023
The plugin returned an unexpected error from plugin.(*GRPCProvider).UpgradeResourceState Kubernetes	8	3593	September 26, 2023
Errors while upgrading. Getting the right replace-provider command Terraform	3	1810	November 12, 2021
Terraform init error in terraform 11 HCP Terraform	1	301	September 7, 2023
Boundary provider error Terraform Providers k8s , vault , boundary	0	455	January 6, 2023

Helm release cert manager issue

Related topics