Creating CRD object return error output, but are created successfully

[LennartTimmers]

Terraform, Provider, Kubernetes versions

Terraform version: 0.15.4
Provider version: 0.5.4
Kubernetes version: 1.19.11

Affected Resource(s)

Kyverno CRD objects

Terraform Configuration Files

Created the manifest with the following command, policy is a default example from kyverno see here

echo 'yamldecode(file("kyverno.yaml"))' | terraform console

resource "kubernetes_manifest" "label-policy" {
  # depends_on = [helm_release.cert-manager]
  provider = kubernetes-alpha
  manifest = {
    "apiVersion" = "kyverno.io/v1"
    "kind"       = "ClusterPolicy"
    "metadata" = {
      "annotations" = {
        "policies.kyverno.io/category"    = "Sample"
        "policies.kyverno.io/description" = "Simple mutation which adds a label `foo=bar` to different resource kinds."
        "policies.kyverno.io/severity"    = "medium"
        "policies.kyverno.io/subject"     = "Label"
        "policies.kyverno.io/title"       = "Add Labels"
      }
      "name" = "add-labels"
    }
    "spec" = {
      "rules" = [
        {
          "match" = {
            "resources" = {
              "kinds" = [
                "Pod",
                "Service",
                "ConfigMap",
                "Secret",
              ]
            }
          }
          "mutate" = {
            "patchStrategicMerge" = {
              "metadata" = {
                "labels" = {
                  "foo" = "bar"
                }
              }
            }
          }
          "name" = "add-labels"
        },
      ]
    }
  }
}

Debug Output

Gist

Panic Output

Steps to Reproduce

1. Install kyverno through their helm chart, version 1.3.6
2. Run terraform apply on the provided config file

Expected Behavior

CRD object should've been created without any error occuring in the apply step.

Actual Behavior

CRD object was created successfully, but the apply command returns the error as seen in the Gist above.

Important Factoids

Azure AKS

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[so0k]

getting this a lot, usually untainting it helps, but now I also got this

Error: Failed to update proposed state from prior state

  on generated_networking.k8s.io_v1_networkpolicy_argocd-application-controller-network-policy.tf line 1, in resource "kubernetes_manifest" "networkpolicy_argocd_application_controller_network_policy":
   1: resource "kubernetes_manifest" "networkpolicy_argocd_application_controller_network_policy" {

AttributeName("spec").AttributeName("ingress").ElementKeyInt(0).AttributeName("from").ElementKeyInt(0).AttributeName("ipBlock").AttributeName("except"):
step cannot be applied to this value


Error: Failed to update proposed state from prior state

  on generated_networking.k8s.io_v1_networkpolicy_argocd-repo-server-network-policy.tf line 1, in resource "kubernetes_manifest" "networkpolicy_argocd_repo_server_network_policy":
   1: resource "kubernetes_manifest" "networkpolicy_argocd_repo_server_network_policy" {

AttributeName("spec").AttributeName("ingress").ElementKeyInt(1).AttributeName("from").ElementKeyInt(0).AttributeName("namespaceSelector").AttributeName("matchLabels"):
step cannot be applied to this value


Error: Failed to update proposed state from prior state

  on generated_networking.k8s.io_v1_networkpolicy_argocd-server-network-policy.tf line 1, in resource "kubernetes_manifest" "networkpolicy_argocd_server_network_policy":
   1: resource "kubernetes_manifest" "networkpolicy_argocd_server_network_policy" {

AttributeName("spec").AttributeName("ingress").ElementKeyInt(0).AttributeName("from"):
step cannot be applied to this value