failed to create APIService with kubernetes_manifest

[qxmips]

Terraform, Provider, Kubernetes versions

Terraform version:  v0.15.1
Provider version: 0.3.3
Kubernetes version:  v1.19.6-eks-49a6c0

Affected Resource(s)

• APIService

Terraform Configuration Files

# https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
resource "kubernetes_manifest" "apiservice_v1beta1_metrics_k8s_io" {
  provider = kubernetes-alpha
  manifest = {
    "apiVersion" = "apiregistration.k8s.io/v1"
    "kind" = "APIService"
    "metadata" = {
      "labels" = {
        "k8s-app" = "metrics-server"
      }
      "name" = "v1beta1.metrics.k8s.io"
    }
    "spec" = {
      "group" = "metrics.k8s.io"
      "groupPriorityMinimum" = 100
      "insecureSkipTLSVerify" = true
      "service" = {
        "name" = "metrics-server"
        "namespace" = "kube-system"
      }
      "version" = "v1beta1"
      "versionPriority" = 100
    }
  }
}

all resources:

 data "http" "metrics_server_yaml" {
  url = "https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml"
}



 resource "kubernetes_manifest" "top" {
   provider = kubernetes-alpha
   for_each = {for yml in split("---","${data.http.metrics_server_yaml.body}") : yml => yamldecode(yml)}
  manifest = each.value
 }

Debug Output

Panic Output

Steps to Reproduce

trying to apply manifest this https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml

 data "http" "metrics_server_yaml" {
  url = "https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml"
}



 resource "kubernetes_manifest" "top" {
   provider = kubernetes-alpha
   for_each = {for yml in split("---","${data.http.metrics_server_yaml.body}") : yml => yamldecode(yml)}
  manifest = each.value
 }

Expected Behavior

APIService object created

Actual Behavior

a provider fails to create APIService "v1beta1.metrics.k8s.io" with error:

╷
│ Error: PATCH for resource "/v1beta1.metrics.k8s.io" failed to apply
│ 
│   with kubernetes_manifest.apiservice_v1beta1_metrics_k8s_io,
│   on k8s.tf line 352, in resource "kubernetes_manifest" "apiservice_v1beta1_metrics_k8s_io":
│  352: resource "kubernetes_manifest" "apiservice_v1beta1_metrics_k8s_io" {
│ 
│ Patch
│ "https://***********************.sk1.us-west-1.eks.amazonaws.com/apis/apiregistration.k8s.io/v1/apiservices/v1beta1.metrics.k8s.io?fieldManager=Terraform":
│ stream error: stream ID 5; INTERNAL_ERROR

Important Factoids

References

• GH-1234

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[alexsomesan]

This is actually caused by an upstream bug in the Kubernetes API server (details here: kubernetes/kubernetes#89264)

It was fixed upstream and released in Kubernetes versions:

• 1.18.18
• 1.19.10
• 1.20.6
• 1.21.0

Please make sure you are using a cluster version at or newer than above mentioned releases.

Tested successfully on Kubernetes v1.21.1:

~/test-alpha-204 » terraform apply -auto-approve                                                                                                                                                 alex@Alexs-MBP

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # kubernetes_manifest.apiservice_v1beta1_metrics_k8s_io will be created
  + resource "kubernetes_manifest" "apiservice_v1beta1_metrics_k8s_io" {
      + manifest = {
          + apiVersion = "apiregistration.k8s.io/v1"
          + kind       = "APIService"
          + metadata   = {
              + labels = {
                  + k8s-app = "metrics-server"
                }
              + name   = "v1beta1.metrics.k8s.io"
            }
          + spec       = {
              + group                 = "metrics.k8s.io"
              + groupPriorityMinimum  = 100
              + insecureSkipTLSVerify = true
              + service               = {
                  + name      = "metrics-server"
                  + namespace = "kube-system"
                }
              + version               = "v1beta1"
              + versionPriority       = 100
            }
        }
      + object   = {
          + apiVersion = "apiregistration.k8s.io/v1"
          + kind       = "APIService"
          + metadata   = {
              + annotations                = (known after apply)
              + clusterName                = (known after apply)
              + creationTimestamp          = (known after apply)
              + deletionGracePeriodSeconds = (known after apply)
              + deletionTimestamp          = (known after apply)
              + finalizers                 = (known after apply)
              + generateName               = (known after apply)
              + generation                 = (known after apply)
              + labels                     = {
                  + "k8s-app" = "metrics-server"
                }
              + managedFields              = (known after apply)
              + name                       = "v1beta1.metrics.k8s.io"
              + namespace                  = (known after apply)
              + ownerReferences            = (known after apply)
              + resourceVersion            = (known after apply)
              + selfLink                   = (known after apply)
              + uid                        = (known after apply)
            }
          + spec       = {
              + caBundle              = (known after apply)
              + group                 = "metrics.k8s.io"
              + groupPriorityMinimum  = 100
              + insecureSkipTLSVerify = true
              + service               = {
                  + name      = "metrics-server"
                  + namespace = "kube-system"
                  + port      = (known after apply)
                }
              + version               = "v1beta1"
              + versionPriority       = 100
            }
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.
kubernetes_manifest.apiservice_v1beta1_metrics_k8s_io: Creating...
kubernetes_manifest.apiservice_v1beta1_metrics_k8s_io: Creation complete after 0s

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.