I provision digitalocean_loadbalancer first because I need to provide ip to creating new Cloudflare record.
In the parallel, I also provision nginx_ingress_chart with Helm as well which is attached the config service.annotations.kubernetes\\.digitalocean\\.com/load-balancer-id: digitalocean_loadbalancer.ingress_load_balancer.id as well.
Then I provision kubernetes_ingress right after the nginx_ingress_chart.
The problem is when I run the terraform destroy, Terraform will destroy from the latest first which is kubernetes_ingress And this step, I GUESS DigitalOcean automatically delete the load balancer. That cause the digitalocean_loadbalancer destroy error on the console.
It’s totally working fine as expected but only the error message make me feel that something doesn’t correct.
Does anyone can help on this or ran in the same situation before. Guidances, or answers will be appreciate.
Thanks!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi there,
When using Terraform to manage resources in DigitalOcean, especially with complex dependencies like Kubernetes, load balancers, and DNS records, it’s crucial to understand how Terraform determines the order of resource creation and destruction. Terraform constructs a dependency graph from your configuration files and uses it to decide the order in which resources should be created, updated, or destroyed. However, explicit dependencies can sometimes lead to challenges during the destruction phase, as you’ve encountered.
Understanding the Issue
Your setup involves a DigitalOcean load balancer, an Nginx ingress controller managed through Helm, and Kubernetes ingress resources. The load balancer is provisioned first to obtain an IP address for the Cloudflare DNS record, and its ID is used to annotate the Nginx service to ensure they are linked.
The issue arises during terraform destroy, where Terraform attempts to destroy resources in reverse order of their creation. Since the Kubernetes ingress is likely the last created resource, it gets destroyed first. However, if DigitalOcean automatically deletes the load balancer when the ingress is removed (because it’s no longer needed), Terraform will encounter an error trying to destroy the load balancer explicitly later on, as it no longer exists.
Possible Solutions
1. Explicit Dependencies
Ensure that your Terraform configuration accurately reflects the dependencies between resources. You can use the depends_on attribute to explicitly define resource dependencies, although it’s generally used as a last resort. This might not solve the automatic deletion problem but can help ensure resources are destroyed in the correct order.
resource "digitalocean_loadbalancer" "ingress_load_balancer" {
# Configuration
}
resource "helm_release" "nginx_ingress_chart" {
# Configuration
depends_on = [digitalocean_loadbalancer.ingress_load_balancer]
}
resource "kubernetes_ingress" "example" {
# Configuration
depends_on = [helm_release.nginx_ingress_chart]
}
2. Lifecycle Policies
Consider using the lifecycle block within your Terraform resource definitions to ignore changes to the load balancer once it’s created, or to prevent Terraform from destroying it. This approach requires manual cleanup but can avoid errors during automated processes.
resource "digitalocean_loadbalancer" "ingress_load_balancer" {
# Configuration
lifecycle {
ignore_changes = [
# list of attributes to ignore
]
prevent_destroy = true
}
}
Sometimes, a mixed approach of Terraform automation and manual steps can be more reliable. For example, you might choose to manually delete certain resources before running terraform destroy to ensure a smoother cleanup process. This can be automated with scripts that use the DigitalOcean API or doctl, the DigitalOcean command-line tool, to check and delete resources in the correct order.
As a last resort, you can use Terraform’s state manipulation commands to remove the load balancer from the Terraform state before destruction. This tells Terraform that the resource is no longer managed and avoids errors when it can’t find the resource.
terraform state rm 'digitalocean_loadbalancer.ingress_load_balancer'
Conclusion
The challenge you’re facing is a common one when managing cloud resources with Terraform, especially in dynamic environments like Kubernetes with cloud-managed services. Each of the solutions above has its trade-offs in terms of automation, manual intervention, and error handling. You may need to experiment with these strategies to find the one that best fits your workflow and minimizes disruption during infrastructure teardowns.
Best,
Bobby
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Start building today
From GPU-powered inference and Kubernetes to managed databases and storage, get everything you need to build, scale, and deploy intelligent applications.
