upgrade_mode fails if the cluster is being built

[n-oden]

Terraform, Provider, Kubernetes and Helm Versions

Terraform version: 1.5.3
Provider version: 2.15.0
Kubernetes version: 1.30.4

Affected Resource(s)

• helm_release

Terraform Configuration Files

variable "region" {
  default = "us-east1"
}

provider "google" {
  region = var.region
}

resource "google_container_cluster" "default" {
  name               = "helm-test-cluster"
  location           = var.region
  initial_node_count = 1
  project            = "my-test-project"

  master_auth {
    client_certificate_config {
      issue_client_certificate = false
    }
  }

  node_config {
    oauth_scopes = [
      "https://www.googleapis.com/auth/logging.write",
      "https://www.googleapis.com/auth/monitoring",
    ]
    metadata = {
      disable-legacy-endpoints = "true"
    }
  }
}

data "google_client_config" "provider" {}

provider "helm" {
  kubernetes {
    host                   = "https://${google_container_cluster.default.endpoint}"
    token                  = data.google_client_config.provider.access_token
    cluster_ca_certificate = base64decode(google_container_cluster.default.master_auth[0].cluster_ca_certificate)
  }
}

resource "helm_release" "redis" {
  name            = "redis"
  repository      = "https://kubernetes-charts.storage.googleapis.com/"
  chart           = "redis"
  atomic          = true
  wait            = true
  namespace       = "default"
  upgrade_install = true
}

Debug Output

https://gist.github.com/n-oden/033ea29f1156c779df95556197b23287

Steps to Reproduce

1. terraform plan

Expected Behavior

A successful terraform plan. Since the cluster has not yet been created, the helm_resource release should be planned for creation.

Actual Behavior

Because the upgrade_install logic attempts to create a helm history client in order to determine the state of the release, it errors out trying to query a nonexistent cluster:

│ Error: Kubernetes cluster unreachable: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
│
│   with helm_release.redis,
│   on main.tf line 46, in resource "helm_release" "redis":
│   46: resource "helm_release" "redis" {

Important Factoids

References

• Enable "helm upgrade --install" equivalent behavior #1247
• Handle errors during diff stage when using upgrade_mode #1489

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[n-oden]

As the author of the upgrade_install feature, I'm happy to take a swing at fixing this, but some direction on what kind of fix would be acceptable would be appreciated. My understanding is that there's no way for the provider to know during the plan stage what the status of a resource managed by another provider is, so we may simply have to swallow and log errors encountered here?

[gabrielbull]

I'm in the same boat. We cannot have a terraform project start a new cluster and use a helm resource with the upgrade_install flag in the same project because it will simply fail.