From 0e71f7e565ea665fc1367d0a3d138a841ba28db8 Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Sun, 28 Oct 2018 15:11:47 -0700
Subject: [PATCH] Ignore controller user_data changes to allow plugin updates

* Updating the `terraform-provider-ct` plugin is known to produce
a `user_data` diff in all pre-existing clusters. Applying the
diff to pre-existing cluster destroys controller nodes
* Ignore changes to controller `user_data`. Once all managed
clusters use a release containing this change, it is possible
to update the `terraform-provider-ct` plugin (worker `user_data`
will still be modified)
* Changing the module `ref` for an existing cluster and
re-applying is still NOT supported (although this PR
would protect controllers from being destroyed)
---
 CHANGES.md                                              | 4 +++-
 aws/container-linux/kubernetes/controllers.tf           | 5 ++++-
 aws/fedora-atomic/kubernetes/controllers.tf             | 5 ++++-
 azure/container-linux/kubernetes/controllers.tf         | 1 +
 digital-ocean/container-linux/kubernetes/controllers.tf | 6 ++++++
 digital-ocean/container-linux/kubernetes/workers.tf     | 4 ++++
 digital-ocean/fedora-atomic/kubernetes/controllers.tf   | 6 ++++++
 digital-ocean/fedora-atomic/kubernetes/workers.tf       | 4 ++++
 google-cloud/container-linux/kubernetes/controllers.tf  | 6 ++++++
 google-cloud/fedora-atomic/kubernetes/controllers.tf    | 6 ++++++
 10 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index f94154e9..2493eb87 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -11,6 +11,8 @@ Notable changes between versions.
 * Update Calico from v3.2.3 to [v3.3.0](https://docs.projectcalico.org/v3.3/releases/)
 * Disable Kubelet read-only port ([#324](https://github.com/poseidon/typhoon/pull/324))
 * Fix CoreDNS AntiAffinity spec to prefer spreading replicas
+* Ignore controller node user-data changes ([#335](https://github.com/poseidon/typhoon/pull/335))
+  * Once all managed clusters use v1.12.2, it is possible to update `terraform-provider-ct`
 
 #### AWS
 
@@ -29,7 +31,7 @@ Notable changes between versions.
 
 #### Google Cloud
 
-* Add an IPv6 address and IPv6 forwarding rules for load balancing IPv6 Ingress 
+* Add an IPv6 address and IPv6 forwarding rules for load balancing IPv6 Ingress ([#334](https://github.com/poseidon/typhoon/pull/334))
   * Add `ingress_static_ipv6` output variable for use in AAAA DNS records
   * Allow serving IPv6 applications via Kubernetes Ingress
 
diff --git a/aws/container-linux/kubernetes/controllers.tf b/aws/container-linux/kubernetes/controllers.tf
index 2cb0314a..471ff038 100644
--- a/aws/container-linux/kubernetes/controllers.tf
+++ b/aws/container-linux/kubernetes/controllers.tf
@@ -39,7 +39,10 @@ resource "aws_instance" "controllers" {
   vpc_security_group_ids      = ["${aws_security_group.controller.id}"]
 
   lifecycle {
-    ignore_changes = ["ami"]
+    ignore_changes = [
+      "ami",
+      "user_data",
+    ]
   }
 }
 
diff --git a/aws/fedora-atomic/kubernetes/controllers.tf b/aws/fedora-atomic/kubernetes/controllers.tf
index 0ed35e05..a62be46c 100644
--- a/aws/fedora-atomic/kubernetes/controllers.tf
+++ b/aws/fedora-atomic/kubernetes/controllers.tf
@@ -39,7 +39,10 @@ resource "aws_instance" "controllers" {
   vpc_security_group_ids      = ["${aws_security_group.controller.id}"]
 
   lifecycle {
-    ignore_changes = ["ami"]
+    ignore_changes = [
+      "ami",
+      "user_data",
+    ]
   }
 }
 
diff --git a/azure/container-linux/kubernetes/controllers.tf b/azure/container-linux/kubernetes/controllers.tf
index 3aa96b98..aa9d9fc0 100644
--- a/azure/container-linux/kubernetes/controllers.tf
+++ b/azure/container-linux/kubernetes/controllers.tf
@@ -85,6 +85,7 @@ resource "azurerm_virtual_machine" "controllers" {
   lifecycle {
     ignore_changes = [
       "storage_os_disk",
+      "os_profile",
     ]
   }
 }
diff --git a/digital-ocean/container-linux/kubernetes/controllers.tf b/digital-ocean/container-linux/kubernetes/controllers.tf
index afe85ba4..ea38ebfb 100644
--- a/digital-ocean/container-linux/kubernetes/controllers.tf
+++ b/digital-ocean/container-linux/kubernetes/controllers.tf
@@ -50,6 +50,12 @@ resource "digitalocean_droplet" "controllers" {
   tags = [
     "${digitalocean_tag.controllers.id}",
   ]
+
+  lifecycle {
+    ignore_changes = [
+      "user_data",
+    ]
+  }
 }
 
 # Tag to label controllers
diff --git a/digital-ocean/container-linux/kubernetes/workers.tf b/digital-ocean/container-linux/kubernetes/workers.tf
index 73559ca2..1542687c 100644
--- a/digital-ocean/container-linux/kubernetes/workers.tf
+++ b/digital-ocean/container-linux/kubernetes/workers.tf
@@ -43,6 +43,10 @@ resource "digitalocean_droplet" "workers" {
   tags = [
     "${digitalocean_tag.workers.id}",
   ]
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 # Tag to label workers
diff --git a/digital-ocean/fedora-atomic/kubernetes/controllers.tf b/digital-ocean/fedora-atomic/kubernetes/controllers.tf
index aa04043e..6fa15a09 100644
--- a/digital-ocean/fedora-atomic/kubernetes/controllers.tf
+++ b/digital-ocean/fedora-atomic/kubernetes/controllers.tf
@@ -50,6 +50,12 @@ resource "digitalocean_droplet" "controllers" {
   tags = [
     "${digitalocean_tag.controllers.id}",
   ]
+
+  lifecycle {
+    ignore_changes = [
+      "user_data",
+    ]
+  }
 }
 
 # Tag to label controllers
diff --git a/digital-ocean/fedora-atomic/kubernetes/workers.tf b/digital-ocean/fedora-atomic/kubernetes/workers.tf
index ee1efac1..3e2543d1 100644
--- a/digital-ocean/fedora-atomic/kubernetes/workers.tf
+++ b/digital-ocean/fedora-atomic/kubernetes/workers.tf
@@ -43,6 +43,10 @@ resource "digitalocean_droplet" "workers" {
   tags = [
     "${digitalocean_tag.workers.id}",
   ]
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 # Tag to label workers
diff --git a/google-cloud/container-linux/kubernetes/controllers.tf b/google-cloud/container-linux/kubernetes/controllers.tf
index aec7ad52..cf01c709 100644
--- a/google-cloud/container-linux/kubernetes/controllers.tf
+++ b/google-cloud/container-linux/kubernetes/controllers.tf
@@ -57,6 +57,12 @@ resource "google_compute_instance" "controllers" {
 
   can_ip_forward = true
   tags           = ["${var.cluster_name}-controller"]
+
+  lifecycle {
+    ignore_changes = [
+      "metadata",
+    ]
+  }
 }
 
 # Controller Ignition configs
diff --git a/google-cloud/fedora-atomic/kubernetes/controllers.tf b/google-cloud/fedora-atomic/kubernetes/controllers.tf
index ea49587d..9bc3c71a 100644
--- a/google-cloud/fedora-atomic/kubernetes/controllers.tf
+++ b/google-cloud/fedora-atomic/kubernetes/controllers.tf
@@ -57,6 +57,12 @@ resource "google_compute_instance" "controllers" {
 
   can_ip_forward = true
   tags           = ["${var.cluster_name}-controller"]
+
+  lifecycle {
+    ignore_changes = [
+      "metadata",
+    ]
+  }
 }
 
 # Controller Cloud-Init