0

It seems there is an issue with order of deletion, the aws-auth configmap used for accessing the cluster is getting destroyed before the deletion of other resources, even after that EBS volumes are left behind, need help on that also. Any option to ignore this particular resource during the terraform destroy?

I tried prevent_destroy as below to skip the resource during terraform destroy.

resource "kubernetes_config_map" "aws_auth" {
  metadata {
    name      = "aws-auth"
    namespace = "kube-system"
  }

  data = {
    mapRoles = yamlencode(local.map_roles)
    mapUsers = yamlencode(local.map_users)
  }
  lifecycle {
    prevent_destroy = true
  }
}

But got error as below.

╷
│ Error: Instance cannot be destroyed
│ 
│   on aws-auth.tf line 20:
│   20: resource "kubernetes_config_map" "aws_auth" {
│ 
│ Resource kubernetes_config_map.aws_auth has lifecycle.prevent_destroy set,
│ but the plan calls for this resource to be destroyed. To avoid this error
│ and continue with the plan, either disable lifecycle.prevent_destroy or
│ reduce the scope of the plan using the -target flag.
╵
Uday Kiran Reddy
  • 56
  • 6
  • Have you tried `terraform state rm kubernetes_config_map.aws_auth`? – mdaniel Jun 29 '22 at 04:35
  • No there are multiple resources like this, can't add individual commands like this. Setting it within terraform file is more feasible so that direct terraform destroy should skip those, is more feasible – Uday Kiran Reddy Jun 29 '22 at 06:37
  • what I observed, we have statefulset which creates some pods and they have linked pvcs. Those uses a configmap for authorization, all are part of terraform files, kubernetes provider. When ran terraform destroy, statefulsets are deleted and that triggers the pods to delete but terraform deletes immediately the configmap and the pods are still in terminating state even though the statefulset is removed, which caused the authorization issue and creating issue with pvc. So, if there any ignore option, that would be more feasible. Can't have a separate terraform project just for this one entry. – Uday Kiran Reddy Jun 29 '22 at 07:25

0 Answers0