Kubernetes (envbox) template: Unexpected Identity Change #565
Description
I am using the Coder Kubernetes (envbox) template to deploy my Coder workspaces. Recently, I encountered the following error when applying Terraform:
Error: Unexpected Identity Change: During the read operation, the Terraform Provider unexpectedly returned a different identity than the previously stored one. This is always a problem with the provider and should be reported to the provider developer. Current Identity: cty.ObjectVal(map[string]cty.Value{"api_version":cty.NullVal(cty.String), "kind":cty.NullVal(cty.String), "name":cty.NullVal(cty.String), "namespace":cty.NullVal(cty.String)}) New Identity: cty.ObjectVal(map[string]cty.Value{"api_version":cty.StringVal("v1"), "kind":cty.StringVal("Pod"), "name":cty.StringVal("coderws-peter-minikube"), "namespace":cty.StringVal("coder-workspace")})
on modules/kubernetes-workspace/main.tf line 17, in resource "kubernetes_pod" "main": 17: resource "kubernetes_pod" "main" {
Steps to Reproduce
- Deploy Coder workspaces using the envbox Kubernetes template via Terraform.
- Trigger a restart of the workspace, or perform a rolling update / move the pod to another node.
- Apply Terraform again.
Observed Behavior
Terraform fails with the Unexpected Identity Change error and cannot recognize the existing pod, preventing the workspace from starting.
Hypothesis
It seems that when a pod is rescheduled to another node or after a rolling update, its metadata changes. Terraform then sees a “new” pod identity and fails to reconcile it with the previously stored state.
Environment
Kubernetes (envbox) template Provider:
- hashicorp/kubernetes Version: 2.38.0
- coder/coder Version: 2.12.0
Kubernetes version: 1.33.2
Coder Version: 2.26.3
Is the following a possible workaround?
Use kubernetes_deployment instead of kubernetes_pod for workspaces. Deployments manage pods automatically, and Terraform tracks the deployment resource rather than the ephemeral pods, which avoids identity change issues.