Skip to content

regression error in tofu/kubernetes/talos/image.tf: "for_each" set includes values derived from resource attributes that cannot be determined until apply #106

@sebiklamar

Description

@sebiklamar

Hi Vegard, the recent commit 856cef4 on tofu/kubernetes/talos/image.tf (use new talos_image_factory_schematic resource) produces a tofu plan error when starting from fresh -- while with an existing cluster there's no error thrown by tofu.

Error message

│ Error: Invalid for_each argument
│
│   on talos/image.tf line 20, in resource "proxmox_virtual_environment_download_file" "this":
│   20:   for_each = toset(distinct([for k, v in var.nodes : "${v.host_node}_${v.update == true ? local.update_image_id : local.image_id}"]))
│     ├────────────────
│     │ local.image_id is a string, known only after apply
│     │ local.update_image_id is a string, known only after apply
│     │ var.nodes is map of object with 5 elements
│
│ The "for_each" set includes values derived from resource attributes that cannot be determined until apply, and so OpenTofu cannot determine the full set of keys that will identify the instances of this resource.
│
│ When working with unknown values in for_each, it's better to use a map value where the keys are defined statically in your configuration and where only the values contain apply-time results.
│
│ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a second time to fully converge.

How to reproduce:

  • git clone
  • provide credentials.auto.tfvars and openssl certs
  • tofu plan

Alternatively to creating copy of your repo without terraform state just move away TF state in an existing repo connected to a cluster ("mv terraform.tfstate terraform.tfstate.bak").

Unfortunately, I cannot propose you a fix as I'm still new to K8S and tofu.

That said, thank you sharing your knowledge and homelab! It helps me a lot for quick starting into IaC!

Kind regards -- Sebastian

Metadata

Metadata

Assignees

No one assigned

    Labels

    articleNeed blog article updatebugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions