cli: prevent terraform apply drift when patching and re-applying existing terraform deployment (#1873)

The implementation would recreate the gcp instance template (including all instances and state disks) whenever the image tfvar changes. Fixed by ignoring lifecycle changes on the instance templates. Fixes 8c3b963
2024-10-01 01:36:09 -04:00 · 2023-06-05 14:52:39 +02:00 · 2023-06-05 14:52:39 +02:00 · 439359ffbc
commit 439359ffbc
parent 900d51d49f
1 changed files with 14 additions and 1 deletions
--- a/cli/internal/terraform/terraform/gcp/modules/instance_group/main.tf
+++ b/cli/internal/terraform/terraform/gcp/modules/instance_group/main.tf
@ -16,7 +16,7 @@ locals {
 resource "google_compute_instance_template" "template" {
  name         = local.name
  machine_type = var.instance_type
-  tags         = ["constellation-${var.uid}"] // Note that this is also applied as a label 
+  tags         = ["constellation-${var.uid}"] // Note that this is also applied as a label
  labels       = merge(var.labels, { constellation-role = local.role_dashed })

  confidential_instance_config {
@ -78,6 +78,19 @@ resource "google_compute_instance_template" "template" {
    enable_vtpm                 = true
    enable_integrity_monitoring = true
  }
+
+  lifecycle {
+    ignore_changes = [
+      tags,
+      labels,
+      disk, # required. update procedure modifies the instance template externally
+      metadata,
+      network_interface,
+      scheduling,
+      service_account,
+      shielded_instance_config,
+    ]
+  }
 }

 resource "google_compute_instance_group_manager" "instance_group_manager" {