terraform apply error alreadyExists on untouched resources

terraform google-compute-engine google-cloud-platform google-kubernetes-engine

I am starting a new terraform project, following the official guide:

https://learn.hashicorp.com/tutorials/terraform/gke?in=terraform/kubernetes&utm_source=WEBSITE&utm_medium=WEB_IO&utm_offer=ARTICLE_PAGE&utm_content=DOCS&_ga=2.91746777.2118895439.1637849824-960084622.1637849824

I have managed to get it to run. (I am running it as part of a google cloud build task triggered on commit)

However, if i change something in a resource (eg i replaced "gke_num_nodes" default from 2 to 1), when i run terraform apply again this is what I get:


Plan: 4 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + kubernetes_cluster_host = (known after apply)
  + kubernetes_cluster_name = "workspace-auto-gke"
  + project_id              = "workspace-auto"
  + region                  = "europe-west4"
google_compute_network.vpc: Creating...
╷
│ Error: Error creating Network: googleapi: Error 409: The resource 'projects/workspace-auto/global/networks/workspace-auto-vpc' already exists, alreadyExists
│ 
│   with google_compute_network.vpc,
│   on vpc.tf line 15, in resource "google_compute_network" "vpc":
│   15: resource "google_compute_network" "vpc" {
│ 
╵

Is there a way to get it to not try to recreate existing untouched resources?

My cloudbuild.json is as follows:

{
  "steps": [
    {
      "name": "hashicorp/terraform",
      "entrypoint": "/bin/sh",
      "args": [
        "./cloudbuild/prepare-terraform.sh"
      ]
    }
  ],
  "logsBucket": "gs://my-bucket/logdir",
  "serviceAccount": "projects/my-proj/serviceAccounts/[email protected]"
}

with prepare-terraform.sh being simply

terraform init
terraform plan
terraform apply -auto-approve

If you are using Terraform to create resources, do NOT modify them outside of Terraform.

If you change something manually, Terraform will attempt to put it back the way the HCL declares it and the way that Terraform saved it.

This is called declarative. You are trying to make Terraform dynamic which defeats using Terraform in the first place.


The terraform state needs to be stored where it's accessible by all the builds. For example in a google cloud bucket as seen here: https://www.terraform.io/docs/language/settings/backends/gcs.html

Related

How do I fix net::ERR_SSL_PROTOCOL_ERROR error when I put nginx in front of Tomcat?
Running mysqldump via SSH on separate mysql server
Postfix NOQUEUE: reject: RCPT from unknown
Linux Software RAID10: Mysterious renaming /dev/md0 to /dev/md127: Why?
Connection refused HTTPS on Apache
AWS EKS update-kubeconfig does not respect --role-arn flag
Create NTFS symbolic links from within Linux
Why does unpartitioned Hitachi HDS5C3020 drive start consuming 50% more power 15 minutes after boot?
What's the importance of the email address in the DNS SOA lookup?
Restore a versioned S3 bucket to a particular point in time
Why CPU spent time on IO(wa)?
How to find out yum package names