Knowledge Base

Kubernetes_namespace module and terragrunt recreate

View full discussion in GitHub

Answer

## Terraform version, Kubernetes provider version and Kubernetes version ``` Terraform version: v1.0.5 Kubernetes Provider version: v2.8.0 Kubernetes version: v1.23.9 Terragtunt version: v0.37.1 ``` ## Terraform configuration main.tf ``` resource "kubernetes_namespace" "namespace" { metadata { name = var.name labels = var.labels annotations = { name = var.name } } } ``` namespace.hcl ``` terraform { source = "${dirname(find_in_parent_folders())}/modules//namespace" } locals { domain_vars = read_terragrunt_config(find_in_parent_folders("domain_var.hcl")) domain = local.domain_vars.locals.domain } inputs = { domain = local.domain } ``` terragrunt.hcl ``` include "root"{ path = find_in_parent_folders() } include "envcommon"{ path = "${dirname(find_in_parent_folders())}/_envcommon//namespace.hcl" } locals { domain_vars = read_terragrunt_config(find_in_parent_folders("domain_var.hcl")) domain = local.domain_vars.locals.domain domain_labels = local.domain_vars.locals.labels type = "application" labels = merge( local.domain_labels, {type = local.type} ) } inputs = { name = "${local.domain}-${local.type}" labels = local.labels } ``` ## Question ``` Hi, I use the kubernetes_namespace in my terragrunt structure. I created an namespace module to be as flexible as I can and create the namespace properties out of variables, which will be filled by terragrunt.hcl files and variables. Now I have the problem, that only the 1 namespace will be created, the second one will destroy the first one and create the second one as well as the third. I have different names, different lables and different annotations for every namespace but it doesn't work. Have somebody an idea why this is the case? ``` ----------------------------------------------------------------------------------------------------------------------------------------------- Don't know why but figured out, that it seems to be a problem with remote_state If I User Kubernetes Backend, I have the problem above. If I use Local Backend I cannot reproduce this problem anymore ``` remote_state {   backend = "kubernetes"   generate = {     path      = "backend.tf"     if_exists = "overwrite_terragrunt"   }   config = {     config_path      = "~/.kube/config"     secret_suffix    = "state"   } } ``` ``` remote_state {   backend = "local"   generate = {     path      = "backend.tf"     if_exists = "overwrite_terragrunt"   }   config = {     path = "${get_original_terragrunt_dir()}/terraform.tfstate"   } } ``` Any ideas? --- <ins datetime="2022-08-24T09:10:26Z"> <p><a href="https://support.gruntwork.io/hc/requests/109162">Tracked in ticket #109162</a></p> </ins>

When using the `kubernetes` backend, you aren't dynamically adjusting the `secret_suffix` based on the module, which is causing all the terragrunt configurations to write to the same state object. Because they are all sharing the state file, Terraform is viewing the differences across the modules as a diff in the deployment. You should set `secret_suffix` to dynamically change based on the importing config, which you should be able to accomplish with: ```hcl remote_state { backend = "kubernetes" generate = { path = "backend.tf" if_exists = "overwrite_terragrunt" } config = { config_path = "~/.kube/config" secret_suffix = "${replace(path_relative_to_include(), "/", "-")}-state" } } ```