-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
regression error in tofu/kubernetes/talos/image.tf: "for_each" set includes values derived from resource attributes that cannot be determined until apply #106
Comments
Hi @sebiklamar, I unfortunately never tested the change with a fresh plan and you're not the first to get the error. Jacob Melton was able to solve the issue by running tofu apply -target=module.talos.talos_image_factory_schematic.this before a full apply. I haven't had the time to update the article and readme with the fix yet. |
Hi @vehagn, thank you for the quick response and the quick fix. That helped. Do you welcome PRs for the readme or do you want to handle it on your own because you need to update the article anyway? I've stripped off the "tofu output" commands and added the commands for creating sealed secrets openssl key, credentials.auto.tfvars as well as config merges for talosconfig and kubeconfig in my version. |
PRs of any kind are very welcome, I only ask that you try to adhere to the conventional commits specification and add a descriptive commit message. Signed commits are also appreciated, but I won't require it. |
Hi, am still onto it... I'm still struggling with the PR as I'm new to git and I already made changes in my fork in main branch, so I cannot, AFAIK, use the typical fork-branch workflow. To my understanding I either
I prefer approach no. 2. For no. 4 I don't have any clue. What do you think? By the way, I've created a workaround for the So, TLDR, will take some time as I'm still newbie. And expect 2 PRs -- for the README PR I will create another dedicated issue, if you prefer. |
I have a habit of force pushing and rebasing to keep a tidy history which makes it easier for me to go back in time to review when I did what and how I did it. This unfortunately makes it more complicated to create PRs as you have to rebase your commits on top of the new history. I'm contemplating reverting this commit to not use the new I don't mind you opening a PR with merge conflicts as long as you don't mind me editing the PR to fix the conflicts, though if you want to try fixing it yourself Thank you again for taking the time to contribute back <3 |
…_environment_download_file this commit implements solution option #4 for circumventing vehagn/homelab#106
…ual_environment_download_file this commit implements solution option #4 for circumventing vehagn/homelab#106
Hi, TLDR: My initial approach by removing the
What are your reasons for (maybe) getting away from the new I see benefits of using the new Root Cause AnalysisRe.
The issue is that NB: This dependency was there already since months, also for your custom implementation using Solution optionsI currently see 4 solution options -- the "map" approach mentioned by tofu being similar to option [4] and the
In the following let me elaborate on the 4th option (remove schematic id from resource ID) a bit more. Option 4 -- challenges of a (dynamic) idThe approach of option 4 is removing the dynamic part of Though, there's a drawback with this approach: We would lose possibility of evolving the schematic id by adding or removing talos extensions: As your logic is also that flexible in supporting the change of the schematic ( I didn't manage to find a solution for keeping the 'possibility to change schematic' feature because that would bring a dynamic part into the ID again. Even when using some schematic information in the ID, e.g. using Another challenge -- a showstopper for users with a running cluster -- is the change of the resource id format at all. Once option 4 is getting implemented, tofu would knock down all nodes in order to change their image due to the VM
Looks like we have to find a way which keeps the Closing... still WIP: option 4 ruled out, exploring option 3 (depend on
|
I love your enthusiasm! There's a lot of text here which makes it difficult to address everything in one reply, but I'll try.
The motivation is to remove the dependency to run with
No offence taken, I like my ideas challenged! I think we agree that using the provider resource is the better long term solution. I think the difference lies in my more "pragmatic" solution of not caring too much.
You're rediscovering the main issue I had in getting this to work. That's my fault for leaving it as an implicit "the proof is left as an exercise for the reader" task. It all boils down to this
I haven't had much time to coddle with my homelab lately, but I'll try to take a look at your work when I have the time. |
Hi Vegard, the recent commit 856cef4 on tofu/kubernetes/talos/image.tf (use new talos_image_factory_schematic resource) produces a tofu plan error when starting from fresh -- while with an existing cluster there's no error thrown by tofu.
Error message
How to reproduce:
Alternatively to creating copy of your repo without terraform state just move away TF state in an existing repo connected to a cluster ("mv terraform.tfstate terraform.tfstate.bak").
Unfortunately, I cannot propose you a fix as I'm still new to K8S and tofu.
That said, thank you sharing your knowledge and homelab! It helps me a lot for quick starting into IaC!
Kind regards -- Sebastian
The text was updated successfully, but these errors were encountered: