Skip to content

osdc/hf-cache: terraform — per-cluster S3 bucket + read-only IRSA role#811

Merged
huydhn merged 19 commits into
mainfrom
gh/huydhn/39/head
Jul 1, 2026
Merged

osdc/hf-cache: terraform — per-cluster S3 bucket + read-only IRSA role#811
huydhn merged 19 commits into
mainfrom
gh/huydhn/39/head

Conversation

@huydhn

@huydhn huydhn commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Stack from ghstack (oldest at bottom):

First commit of the hf-cache stack. AWS infrastructure only, in the module's own
per-cluster terraform root so just deploy-module <cluster> hf-cache provisions
it (no separate bucket step):

  • a private S3 bucket per cluster, pytorch-hf-model-cache-<cluster_id>, in the
    cluster's region. SSE; no public access; force_destroy=false so module
    removal won't wipe a populated cache.
  • a read-only IRSA role for the hf-cache-mount service account (the rclone
    mount reads the cache). Writes are NOT done here — they go through a
    GitHub-OIDC role in pytorch-gha-infra, so untrusted job pods can't write.

No Kubernetes resources and no runner changes yet — see the commits above.

huydhn added 2 commits June 23, 2026 16:16
[ghstack-poisoned]
[ghstack-poisoned]
@github-actions

github-actions Bot commented Jun 23, 2026

Copy link
Copy Markdown

tofu plan — arc-cbr-production

✅ Plan succeeded · commit 26a68820 · run log

Plan output
Installed 1 package in 2ms
{
    "BucketArn": "arn:aws:s3:::ciforge-tfstate-arc-cbr-prod",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (arc-cbr-production) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


data.aws_availability_zones.available: Reading...
module.eks.data.aws_caller_identity.current: Reading...
module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=pytorch-arc-cbr-production-harbor-s3]
module.eks.aws_iam_role.cluster: Refreshing state... [id=pytorch-arc-cbr-production-cluster-role]
module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=527854a4-e335-4f95-bc89-1321cff7a478]
module.eks.aws_iam_role.node: Refreshing state... [id=pytorch-arc-cbr-production-node-role]
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-0e712dc7e743bbcf7]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-harbor-registry]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=308535385114]
data.aws_availability_zones.available: Read complete after 0s [id=us-east-2]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAUPVRELQNOLQFN6MU]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/pytorch-arc-cbr-production-eks-secrets]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=pytorch-arc-cbr-production-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=pytorch-arc-cbr-production-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=pytorch-arc-cbr-production-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=pytorch-arc-cbr-production-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=pytorch-arc-cbr-production-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=pytorch-arc-cbr-production-node-role:pytorch-arc-cbr-production-node-cni-ipv6]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=pytorch-arc-cbr-production-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 1s [id=ami-009f1fe7d56695348]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-032d4401e63f0c9b9]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-05e96ee7cb818e5c0]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-01e479dcb5aedf696]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-0a583bbbcac436ebd]
module.vpc.aws_eip.nat[2]: Refreshing state... [id=eipalloc-01187bfaa68514400]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-0577a02acde719bff]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0d26e280575e8aaf4]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0709abbcafa23aec0]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0992f582e9bf2836e]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-0fddf2f74e7e978c7]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ab11fcdb8d4ea113]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0d34063a19f4b07b4]
module.vpc.aws_eip.nat_secondary["us-east-2b-2"]: Refreshing state... [id=eipalloc-063bee447616351f9]
module.vpc.aws_eip.nat_secondary["us-east-2c-6"]: Refreshing state... [id=eipalloc-0aede78edc69cf695]
module.vpc.aws_eip.nat_secondary["us-east-2b-0"]: Refreshing state... [id=eipalloc-0cead990d60ce181e]
module.vpc.aws_eip.nat_secondary["us-east-2b-1"]: Refreshing state... [id=eipalloc-0e67c0a8cd8c990da]
module.vpc.aws_eip.nat_secondary["us-east-2a-1"]: Refreshing state... [id=eipalloc-0f2b00a9ac31df215]
module.vpc.aws_eip.nat_secondary["us-east-2a-6"]: Refreshing state... [id=eipalloc-0113c95dbdec2f879]
module.vpc.aws_eip.nat_secondary["us-east-2a-0"]: Refreshing state... [id=eipalloc-086a011b3c26c0dd7]
module.vpc.aws_eip.nat_secondary["us-east-2c-1"]: Refreshing state... [id=eipalloc-06a980076e99cda81]
module.vpc.aws_eip.nat_secondary["us-east-2b-3"]: Refreshing state... [id=eipalloc-021ee6c9f1d20b71a]
module.vpc.aws_eip.nat_secondary["us-east-2a-2"]: Refreshing state... [id=eipalloc-09b15a770e0c6d552]
module.vpc.aws_eip.nat_secondary["us-east-2c-5"]: Refreshing state... [id=eipalloc-02825435a2786b3d8]
module.vpc.aws_eip.nat_secondary["us-east-2c-0"]: Refreshing state... [id=eipalloc-03542e74755fc105b]
module.vpc.aws_eip.nat_secondary["us-east-2c-3"]: Refreshing state... [id=eipalloc-0d3a71569b2f687be]
module.vpc.aws_eip.nat_secondary["us-east-2a-3"]: Refreshing state... [id=eipalloc-034d5e1f5a2fcb795]
module.vpc.aws_eip.nat_secondary["us-east-2b-4"]: Refreshing state... [id=eipalloc-0de33181548ac2e5a]
module.vpc.aws_eip.nat_secondary["us-east-2b-6"]: Refreshing state... [id=eipalloc-06b7b88826199a232]
module.vpc.aws_eip.nat_secondary["us-east-2a-5"]: Refreshing state... [id=eipalloc-0bd9bf54bd6010323]
module.vpc.aws_eip.nat_secondary["us-east-2c-4"]: Refreshing state... [id=eipalloc-0cc3dadec18bbb3f3]
module.vpc.aws_eip.nat_secondary["us-east-2a-4"]: Refreshing state... [id=eipalloc-067d535102a61d1a8]
module.vpc.aws_eip.nat_secondary["us-east-2b-5"]: Refreshing state... [id=eipalloc-0cde9a6463901f1e1]
module.vpc.aws_eip.nat_secondary["us-east-2c-2"]: Refreshing state... [id=eipalloc-07cfdb2fd5dc07459]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-harbor-registry]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-harbor-registry]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-harbor-registry]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-07d5cd4c479c827ab]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-0ce4fba002d90e7d5]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-084975a7f7af2696e]
module.eks.aws_eks_cluster.this: Refreshing state... [id=pytorch-arc-cbr-production]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-0ad75b2f5282877db]
module.vpc.aws_nat_gateway.this[2]: Refreshing state... [id=nat-0f7b8f4473e5790df]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-08e264cbbd47be1ee]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=pytorch-arc-cbr-production-harbor-s3/arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-harbor-registry]
module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-0cb3785c433ed7718]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-01d38d41a7ca82a08]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-0c7ecd4166a01e5f0]
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=pytorch-arc-cbr-production:kube-proxy]
module.eks.aws_eks_access_entry.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=pytorch-arc-cbr-production:arn:aws:iam::308535385114:role/osdc_gha_prod]
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=pytorch-arc-cbr-production:vpc-cni]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.eks.aws_launch_template.base: Refreshing state... [id=lt-0b820cd15307b6d57]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0beb143017359bda1]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0b6e08b4b0dc968c0]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-097abe4676c74f71b]
module.eks.aws_eks_node_group.base: Refreshing state... [id=pytorch-arc-cbr-production:pytorch-arc-cbr-production-base-nodes]
module.eks.data.tls_certificate.cluster[0]: Read complete after 0s [id=033a163afb2babc26f7883e642621ac361c93d61]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::308535385114:oidc-provider/oidc.eks.us-east-2.amazonaws.com/id/0A621339248958D6D5F2FF084BD185B5]
module.eks.aws_eks_access_policy_association.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=pytorch-arc-cbr-production#arn:aws:iam::308535385114:role/osdc_gha_prod#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=2879363015]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=pytorch-arc-cbr-production-ebs-csi-driver-role]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=pytorch-arc-cbr-production:coredns]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-harbor-registry/arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-harbor-registry]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=pytorch-arc-cbr-production-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=pytorch-arc-cbr-production:aws-ebs-csi-driver]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module karpenter (arc-cbr-production) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-rebalance]
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-instance-state-change]
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-spot-interruption]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/308535385114/pytorch-arc-cbr-production-karpenter]
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-scheduled-change]
data.terraform_remote_state.base: Read complete after 0s
aws_ec2_tag.subnet_karpenter_discovery["subnet-0992f582e9bf2836e"]: Refreshing state... [id=subnet-0992f582e9bf2836e,karpenter.sh/discovery]
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-01ec5f742ae028981,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0709abbcafa23aec0"]: Refreshing state... [id=subnet-0709abbcafa23aec0,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0577a02acde719bff"]: Refreshing state... [id=subnet-0577a02acde719bff,karpenter.sh/discovery]
aws_iam_role.karpenter_controller: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-controller]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-scheduled-change-KarpenterScheduledChange]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-instance-state-change-KarpenterInstanceStateChange]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/308535385114/pytorch-arc-cbr-production-karpenter]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-rebalance-KarpenterRebalance]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-spot-interruption-KarpenterSpotInterruption]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-karpenter-controller]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-controller-20260518021844404100000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module pypi-cache (arc-cbr-production) ━━━
data.terraform_remote_state.base: Reading...
aws_iam_policy.wheel_syncer: Refreshing state... [id=arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-pypi-wheel-syncer-s3]
aws_iam_policy.wants_collector: Refreshing state... [id=arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-pypi-wants-collector-s3]
aws_efs_file_system.pypi_cache: Refreshing state... [id=fs-0deb818bbf18764de]
data.terraform_remote_state.base: Read complete after 0s
aws_iam_role.efs_csi_driver: Refreshing state... [id=pytorch-arc-cbr-production-efs-csi-driver-role]
aws_iam_role.wheel_syncer: Refreshing state... [id=pytorch-arc-cbr-production-pypi-wheel-syncer-role]
aws_security_group.efs: Refreshing state... [id=sg-0979eb5e3d9d3db9f]
aws_iam_role.wants_collector: Refreshing state... [id=pytorch-arc-cbr-production-pypi-wants-collector-role]
aws_efs_mount_target.pypi_cache["subnet-0709abbcafa23aec0"]: Refreshing state... [id=fsmt-08cd5108febbacef9]
aws_efs_mount_target.pypi_cache["subnet-0577a02acde719bff"]: Refreshing state... [id=fsmt-07d7b111b9cd6684e]
aws_efs_mount_target.pypi_cache["subnet-0992f582e9bf2836e"]: Refreshing state... [id=fsmt-03523586bb4ff0c46]
aws_iam_role_policy_attachment.efs_csi_driver: Refreshing state... [id=pytorch-arc-cbr-production-efs-csi-driver-role-20260518023249955700000005]
aws_iam_role_policy_attachment.wheel_syncer: Refreshing state... [id=pytorch-arc-cbr-production-pypi-wheel-syncer-role-20260518023249929400000004]
aws_iam_role_policy_attachment.wants_collector: Refreshing state... [id=pytorch-arc-cbr-production-pypi-wants-collector-role-20260518023249903900000003]
aws_eks_addon.efs_csi_driver: Refreshing state... [id=pytorch-arc-cbr-production:aws-efs-csi-driver]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

@github-actions

github-actions Bot commented Jun 23, 2026

Copy link
Copy Markdown

tofu plan — arc-cbr-production-uw1

❌ Plan failed · commit 4e1704eb · run log

Plan output
Installed 1 package in 1ms
{
    "BucketArn": "arn:aws:s3:::ciforge-tfstate-arc-cbr-prod-uw1",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (arc-cbr-production-uw1) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


data.aws_availability_zones.available: Reading...
module.eks.data.aws_caller_identity.current: Reading...
module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-0121d1038d393182a]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-uw1-harbor-registry]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=308535385114]
data.aws_availability_zones.available: Read complete after 0s [id=us-west-1]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 1s [id=ami-07fd8394a1d58b614]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-0b3b22b995e71d8d9]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0a13e7b49c841e497]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-08861bee27120b994]

OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

OpenTofu will perform the following actions:

  # module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "ebs_csi_assume_role" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRoleWithWebIdentity",
            ]
          + effect  = "Allow"

          + condition {
              + test     = "StringEquals"
              + values   = [
                  + "sts.amazonaws.com",
                ]
              + variable = (known after apply)
            }
          + condition {
              + test     = "StringEquals"
              + values   = [
                  + "system:serviceaccount:kube-system:ebs-csi-controller-sa",
                ]
              + variable = (known after apply)
            }

          + principals {
              + identifiers = [
                  + (known after apply),
                ]
              + type        = "Federated"
            }
        }
    }

  # module.eks.data.tls_certificate.cluster[0] will be read during apply
  # (config refers to values not yet known)
 <= data "tls_certificate" "cluster" {
      + certificates = (known after apply)
      + id           = (known after apply)
      + url          = (known after apply)
    }

  # module.eks.aws_eks_access_entry.cluster_admin["osdc_gha_prod"] will be created
  + resource "aws_eks_access_entry" "cluster_admin" {
      + access_entry_arn  = (known after apply)
      + cluster_name      = "pytorch-arc-cbr-production-uw1"
      + created_at        = (known after apply)
      + id                = (known after apply)
      + kubernetes_groups = (known after apply)
      + modified_at       = (known after apply)
      + principal_arn     = "arn:aws:iam::308535385114:role/osdc_gha_prod"
      + region            = "us-west-1"
      + tags              = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all          = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + type              = "STANDARD"
      + user_name         = (known after apply)
    }

  # module.eks.aws_eks_access_policy_association.cluster_admin["osdc_gha_prod"] will be created
  + resource "aws_eks_access_policy_association" "cluster_admin" {
      + associated_at = (known after apply)
      + cluster_name  = "pytorch-arc-cbr-production-uw1"
      + id            = (known after apply)
      + modified_at   = (known after apply)
      + policy_arn    = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
      + principal_arn = "arn:aws:iam::308535385114:role/osdc_gha_prod"
      + region        = "us-west-1"

      + access_scope {
          + type = "cluster"
        }
    }

  # module.eks.aws_eks_addon.coredns will be created
  + resource "aws_eks_addon" "coredns" {
      + addon_name                  = "coredns"
      + addon_version               = "v1.13.2-eksbuild.1"
      + arn                         = (known after apply)
      + cluster_name                = "pytorch-arc-cbr-production-uw1"
      + configuration_values        = jsonencode(
            {
              + autoScaling               = {
                  + enabled = false
                }
              + podDisruptionBudget       = {
                  + maxUnavailable = 1
                }
              + replicaCount              = 6
              + tolerations               = [
                  + {
                      + effect   = "NoSchedule"
                      + key      = "CriticalAddonsOnly"
                      + operator = "Equal"
                      + value    = "true"
                    },
                ]
              + topologySpreadConstraints = [
                  + {
                      + labelSelector     = {
                          + matchLabels = {
                              + k8s-app = "kube-dns"
                            }
                        }
                      + maxSkew           = 2
                      + topologyKey       = "topology.kubernetes.io/zone"
                      + whenUnsatisfiable = "DoNotSchedule"
                    },
                  + {
                      + labelSelector     = {
                          + matchLabels = {
                              + k8s-app = "kube-dns"
                            }
                        }
                      + maxSkew           = 1
                      + topologyKey       = "kubernetes.io/hostname"
                      + whenUnsatisfiable = "ScheduleAnyway"
                    },
                ]
            }
        )
      + created_at                  = (known after apply)
      + id                          = (known after apply)
      + modified_at                 = (known after apply)
      + region                      = "us-west-1"
      + resolve_conflicts_on_update = "PRESERVE"
      + tags                        = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all                    = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
    }

  # module.eks.aws_eks_addon.ebs_csi_driver will be created
  + resource "aws_eks_addon" "ebs_csi_driver" {
      + addon_name                  = "aws-ebs-csi-driver"
      + addon_version               = (known after apply)
      + arn                         = (known after apply)
      + cluster_name                = "pytorch-arc-cbr-production-uw1"
      + configuration_values        = (known after apply)
      + created_at                  = (known after apply)
      + id                          = (known after apply)
      + modified_at                 = (known after apply)
      + region                      = "us-west-1"
      + resolve_conflicts_on_create = "OVERWRITE"
      + resolve_conflicts_on_update = "PRESERVE"
      + service_account_role_arn    = (known after apply)
      + tags                        = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all                    = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
    }

  # module.eks.aws_eks_addon.kube_proxy will be created
  + resource "aws_eks_addon" "kube_proxy" {
      + addon_name                  = "kube-proxy"
      + addon_version               = "v1.35.0-eksbuild.2"
      + arn                         = (known after apply)
      + cluster_name                = "pytorch-arc-cbr-production-uw1"
      + configuration_values        = (known after apply)
      + created_at                  = (known after apply)
      + id                          = (known after apply)
      + modified_at                 = (known after apply)
      + region                      = "us-west-1"
      + resolve_conflicts_on_update = "PRESERVE"
      + tags                        = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all                    = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
    }

  # module.eks.aws_eks_addon.vpc_cni will be created
  + resource "aws_eks_addon" "vpc_cni" {
      + addon_name                  = "vpc-cni"
      + addon_version               = "v1.21.1-eksbuild.3"
      + arn                         = (known after apply)
      + cluster_name                = "pytorch-arc-cbr-production-uw1"
      + configuration_values        = jsonencode(
            {
              + env = {
                  + ENABLE_PREFIX_DELEGATION = "true"
                  + ENABLE_V4_EGRESS         = "true"
                  + WARM_PREFIX_TARGET       = "1"
                }
            }
        )
      + created_at                  = (known after apply)
      + id                          = (known after apply)
      + modified_at                 = (known after apply)
      + region                      = "us-west-1"
      + resolve_conflicts_on_update = "PRESERVE"
      + tags                        = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all                    = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
    }

  # module.eks.aws_eks_cluster.this will be created
  + resource "aws_eks_cluster" "this" {
      + arn                           = (known after apply)
      + bootstrap_self_managed_addons = true
      + certificate_authority         = (known after apply)
      + cluster_id                    = (known after apply)
      + created_at                    = (known after apply)
      + deletion_protection           = (known after apply)
      + enabled_cluster_log_types     = [
          + "api",
          + "audit",
          + "authenticator",
          + "controllerManager",
          + "scheduler",
        ]
      + endpoint                      = (known after apply)
      + id                            = (known after apply)
      + identity                      = (known after apply)
      + name                          = "pytorch-arc-cbr-production-uw1"
      + platform_version              = (known after apply)
      + region                        = "us-west-1"
      + role_arn                      = (known after apply)
      + status                        = (known after apply)
      + tags                          = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Name"    = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all                      = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Name"      = "pytorch-arc-cbr-production-uw1"
          + "Project"   = "ciforge"
        }
      + version                       = "1.35"

      + access_config {
          + authentication_mode                         = "API_AND_CONFIG_MAP"
          + bootstrap_cluster_creator_admin_permissions = true
        }

      + encryption_config {
          + resources = [
              + "secrets",
            ]

          + provider {
              + key_arn = (known after apply)
            }
        }

      + kubernetes_network_config {
          + ip_family         = "ipv6"
          + service_ipv4_cidr = (known after apply)
          + service_ipv6_cidr = (known after apply)
        }

      + vpc_config {
          + cluster_security_group_id = (known after apply)
          + control_plane_egress_mode = (known after apply)
          + endpoint_private_access   = true
          + endpoint_public_access    = true
          + public_access_cidrs       = [
              + "0.0.0.0/0",
            ]
          + subnet_ids                = [
              + "subnet-08861bee27120b994",
              + "subnet-0a13e7b49c841e497",
            ]
          + vpc_id                    = (known after apply)
        }
    }

  # module.eks.aws_eks_node_group.base will be created
  + resource "aws_eks_node_group" "base" {
      + ami_type               = (known after apply)
      + arn                    = (known after apply)
      + capacity_type          = "ON_DEMAND"
      + cluster_name           = "pytorch-arc-cbr-production-uw1"
      + disk_size              = (known after apply)
      + force_update_version   = true
      + id                     = (known after apply)
      + instance_types         = [
          + "m7i.12xlarge",
        ]
      + labels                 = {
          + "node.kubernetes.io/lifecycle" = "on-demand"
          + "role"                         = "base-infrastructure"
        }
      + node_group_name        = "pytorch-arc-cbr-production-uw1-base-nodes"
      + node_group_name_prefix = (known after apply)
      + node_role_arn          = (known after apply)
      + region                 = "us-west-1"
      + release_version        = (known after apply)
      + resources              = (known after apply)
      + status                 = (known after apply)
      + subnet_ids             = [
          + "subnet-08861bee27120b994",
          + "subnet-0a13e7b49c841e497",
        ]
      + tags                   = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Name"    = "pytorch-arc-cbr-production-uw1-base-nodes"
          + "Project" = "ciforge"
          + "Type"    = "base-infrastructure"
        }
      + tags_all               = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Name"      = "pytorch-arc-cbr-production-uw1-base-nodes"
          + "Project"   = "ciforge"
          + "Type"      = "base-infrastructure"
        }
      + version                = (known after apply)

      + launch_template {
          + id      = (known after apply)
          + name    = (known after apply)
          + version = (known after apply)
        }

      + scaling_config {
          + desired_size = 6
          + max_size     = 6
          + min_size     = 6
        }

      + taint {
          + effect = "NO_SCHEDULE"
          + key    = "CriticalAddonsOnly"
          + value  = "true"
        }

      + timeouts {
          + create = "15m"
          + delete = "10m"
          + update = "15m"
        }

      + update_config {
          + max_unavailable_percentage = 33
        }
    }

  # module.eks.aws_iam_openid_connect_provider.cluster[0] will be created
  + resource "aws_iam_openid_connect_provider" "cluster" {
      + arn             = (known after apply)
      + client_id_list  = [
          + "sts.amazonaws.com",
        ]
      + id              = (known after apply)
      + tags            = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all        = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + thumbprint_list = (known after apply)
      + url             = (known after apply)
    }

  # module.eks.aws_iam_role.cluster will be created
  + resource "aws_iam_role" "cluster" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "eks.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "pytorch-arc-cbr-production-uw1-cluster-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all              = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + unique_id             = (known after apply)
    }

  # module.eks.aws_iam_role.ebs_csi_driver[0] will be created
  + resource "aws_iam_role" "ebs_csi_driver" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "pytorch-arc-cbr-production-uw1-ebs-csi-driver-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all              = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + unique_id             = (known after apply)
    }

  # module.eks.aws_iam_role.node will be created
  + resource "aws_iam_role" "node" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ec2.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "pytorch-arc-cbr-production-uw1-node-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all              = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + unique_id             = (known after apply)
    }

  # module.eks.aws_iam_role_policy.node_cni_ipv6 will be created
  + resource "aws_iam_role_policy" "node_cni_ipv6" {
      + id          = (known after apply)
      + name        = "pytorch-arc-cbr-production-uw1-node-cni-ipv6"
      + name_prefix = (known after apply)
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "ec2:AssignIpv6Addresses",
                          + "ec2:DescribeNetworkInterfaces",
                          + "ec2:DescribeInstances",
                          + "ec2:DescribeInstanceTypes",
                          + "ec2:DescribeTags",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                    },
                  + {
                      + Action   = "ec2:CreateTags"
                      + Effect   = "Allow"
                      + Resource = "arn:aws:ec2:*:*:network-interface/*"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + role        = (known after apply)
    }

  # module.eks.aws_iam_role_policy_attachment.cluster_policy will be created
  + resource "aws_iam_role_policy_attachment" "cluster_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
      + role       = "pytorch-arc-cbr-production-uw1-cluster-role"
    }

  # module.eks.aws_iam_role_policy_attachment.cni_policy will be created
  + resource "aws_iam_role_policy_attachment" "cni_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
      + role       = "pytorch-arc-cbr-production-uw1-node-role"
    }

  # module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0] will be created
  + resource "aws_iam_role_policy_attachment" "ebs_csi_driver" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
      + role       = "pytorch-arc-cbr-production-uw1-ebs-csi-driver-role"
    }

  # module.eks.aws_iam_role_policy_attachment.ecr_policy will be created
  + resource "aws_iam_role_policy_attachment" "ecr_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
      + role       = "pytorch-arc-cbr-production-uw1-node-role"
    }

  # module.eks.aws_iam_role_policy_attachment.node_policy will be created
  + resource "aws_iam_role_policy_attachment" "node_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
      + role       = "pytorch-arc-cbr-production-uw1-node-role"
    }

  # module.eks.aws_iam_role_policy_attachment.ssm_policy will be created
  + resource "aws_iam_role_policy_attachment" "ssm_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
      + role       = "pytorch-arc-cbr-production-uw1-node-role"
    }

  # module.eks.aws_iam_role_policy_attachment.vpc_resource_controller will be created
  + resource "aws_iam_role_policy_attachment" "vpc_resource_controller" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
      + role       = "pytorch-arc-cbr-production-uw1-cluster-role"
    }

  # module.eks.aws_kms_alias.eks_secrets[0] will be created
  + resource "aws_kms_alias" "eks_secrets" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/pytorch-arc-cbr-production-uw1-eks-secrets"
      + name_prefix    = (known after apply)
      + region         = "us-west-1"
      + target_key_arn = (known after apply)
      + target_key_id  = (known after apply)
    }

  # module.eks.aws_kms_key.eks_secrets[0] will be created
  + resource "aws_kms_key" "eks_secrets" {
      + arn                                = (known after apply)
      + bypass_policy_lockout_safety_check = false
      + customer_master_key_spec           = "SYMMETRIC_DEFAULT"
      + deletion_window_in_days            = 30
      + description                        = "KMS key for EKS secrets encryption - pytorch-arc-cbr-production-uw1"
      + enable_key_rotation                = true
      + id                                 = (known after apply)
      + is_enabled                         = true
      + key_id                             = (known after apply)
      + key_usage                          = "ENCRYPT_DECRYPT"
      + multi_region                       = (known after apply)
      + policy                             = (known after apply)
      + region                             = "us-west-1"
      + rotation_period_in_days            = (known after apply)
      + tags                               = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Name"    = "pytorch-arc-cbr-production-uw1-eks-secrets"
          + "Project" = "ciforge"
        }
      + tags_all                           = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Name"      = "pytorch-arc-cbr-production-uw1-eks-secrets"
          + "Project"   = "ciforge"
        }
    }

  # module.eks.aws_launch_template.base will be created
  + resource "aws_launch_template" "base" {
      + arn             = (known after apply)
      + default_version = (known after apply)
      + id              = (known after apply)
      + image_id        = "ami-07fd8394a1d58b614"
      + latest_version  = (known after apply)
      + name            = (known after apply)
      + name_prefix     = "pytorch-arc-cbr-production-uw1-base-"
      + region          = "us-west-1"
      + tags            = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all        = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + user_data       = (known after apply)

      + block_device_mappings {
          + device_name = "/dev/xvda"

          + ebs {
              + delete_on_termination      = "true"
              + encrypted                  = "true"
              + iops                       = 3000
              + throughput                 = 125
              + volume_initialization_rate = (known after apply)
              + volume_size                = 100
              + volume_type                = "gp3"
            }
        }

      + metadata_options {
          + http_endpoint               = "enabled"
          + http_protocol_ipv6          = "enabled"
          + http_put_response_hop_limit = 1
          + http_tokens                 = "required"
          + instance_metadata_tags      = (known after apply)
        }

      + tag_specifications {
          + resource_type = "instance"
          + tags          = {
              + "Cluster" = "pytorch-arc-cbr-production-uw1"
              + "Name"    = "pytorch-arc-cbr-production-uw1-base-node"
              + "Project" = "ciforge"
              + "Type"    = "base-infrastructure"
            }
        }
    }

  # module.harbor.aws_iam_access_key.harbor_s3 will be created
  + resource "aws_iam_access_key" "harbor_s3" {
      + create_date                    = (known after apply)
      + encrypted_secret               = (known after apply)
      + encrypted_ses_smtp_password_v4 = (known after apply)
      + id                             = (known after apply)
      + key_fingerprint                = (known after apply)
      + secret                         = (sensitive value)
      + ses_smtp_password_v4           = (sensitive value)
      + status                         = "Active"
      + user                           = "pytorch-arc-cbr-production-uw1-harbor-s3"
    }

  # module.harbor.aws_iam_policy.harbor_registry will be created
  + resource "aws_iam_policy" "harbor_registry" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Harbor registry S3 access for pytorch-arc-cbr-production-uw1"
      + id               = (known after apply)
      + name             = "pytorch-arc-cbr-production-uw1-harbor-registry"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "s3:ListBucket",
                          + "s3:GetBucketLocation",
                          + "s3:ListBucketMultipartUploads",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:s3:::pytorch-arc-cbr-production-uw1-harbor-registry"
                      + Sid      = "AllowS3BucketAccess"
                    },
                  + {
                      + Action   = [
                          + "s3:GetObject",
                          + "s3:PutObject",
                          + "s3:DeleteObject",
                          + "s3:ListMultipartUploadParts",
                          + "s3:AbortMultipartUpload",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:s3:::pytorch-arc-cbr-production-uw1-harbor-registry/*"
                      + Sid      = "AllowS3ObjectAccess"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + policy_id        = (known after apply)
      + tags             = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all         = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
    }

  # module.harbor.aws_iam_role.harbor_registry will be created
  + resource "aws_iam_role" "harbor_registry" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "pytorch-arc-cbr-production-uw1-harbor-registry"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all              = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + unique_id             = (known after apply)
    }

  # module.harbor.aws_iam_role_policy_attachment.harbor_registry will be created
  + resource "aws_iam_role_policy_attachment" "harbor_registry" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "pytorch-arc-cbr-production-uw1-harbor-registry"
    }

  # module.harbor.aws_iam_user.harbor_s3 will be created
  + resource "aws_iam_user" "harbor_s3" {
      + arn           = (known after apply)
      + force_destroy = false
      + id            = (known after apply)
      + name          = "pytorch-arc-cbr-production-uw1-harbor-s3"
      + path          = "/"
      + tags          = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all      = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + unique_id     = (known after apply)
    }

  # module.harbor.aws_iam_user_policy_attachment.harbor_s3 will be created
  + resource "aws_iam_user_policy_attachment" "harbor_s3" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + user       = "pytorch-arc-cbr-production-uw1-harbor-s3"
    }

  # module.harbor.aws_s3_bucket_public_access_block.harbor_registry will be created
  + resource "aws_s3_bucket_public_access_block" "harbor_registry" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = "pytorch-arc-cbr-production-uw1-harbor-registry"
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + region                  = "us-west-1"
      + restrict_public_buckets = true
    }

  # module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry will be created
  + resource "aws_s3_bucket_server_side_encryption_configuration" "harbor_registry" {
      + bucket = "pytorch-arc-cbr-production-uw1-harbor-registry"
      + id     = (known after apply)
      + region = "us-west-1"

      + rule {
          + blocked_encryption_types = (known after apply)
          + bucket_key_enabled       = (known after apply)

          + apply_server_side_encryption_by_default {
              + kms_master_key_id = (known after apply)
              + sse_algorithm     = "AES256"
            }
        }
    }

  # module.vpc.aws_egress_only_internet_gateway.this will be created
  + resource "aws_egress_only_internet_gateway" "this" {
      + id       = (known after apply)
      + region   = "us-west-1"
      + tags     = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + vpc_id   = "vpc-0121d1038d393182a"
    }

  # module.vpc.aws_eip.nat[0] will be created
  + resource "aws_eip" "nat" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat[1] will be created
  + resource "aws_eip" "nat" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-0"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-0"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-0"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-1"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-2"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-3"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-3"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-3"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-4"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-4"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-4"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-5"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-5"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-5"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-6"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-6"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-6"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1c-0"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-0"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-0"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1c-1"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1c-2"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1c-3"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-3"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-3"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1c-4"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (kno
... (truncated — see workflow logs for full plan)

@github-actions

github-actions Bot commented Jun 23, 2026

Copy link
Copy Markdown

tofu plan — meta-prod-aws-ue1

✅ Plan succeeded · commit b5e4afc5 · run log

Plan output
Installed 1 package in 2ms
{
    "BucketArn": "arn:aws:s3:::ciforge-tfstate-arc-cbr-prod-ue1",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (meta-prod-aws-ue1) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


module.eks.data.aws_caller_identity.current: Reading...
module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=meta-prod-aws-ue1-harbor-s3]
module.eks.aws_iam_role.cluster: Refreshing state... [id=meta-prod-aws-ue1-cluster-role]
data.aws_availability_zones.available: Reading...
module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-046818728dce02486]
module.eks.aws_iam_role.node: Refreshing state... [id=meta-prod-aws-ue1-node-role]
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=03f0ec26-a6da-43fa-b637-0f60858b706f]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=meta-prod-aws-ue1-harbor-registry]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=308535385114]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/meta-prod-aws-ue1-eks-secrets]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAUPVRELQNOISM5G6N]
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=meta-prod-aws-ue1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=meta-prod-aws-ue1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=meta-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=meta-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=meta-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=meta-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=meta-prod-aws-ue1-node-role:meta-prod-aws-ue1-node-cni-ipv6]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=meta-prod-aws-ue1-harbor-registry]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-ue1-harbor-registry]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=meta-prod-aws-ue1-harbor-registry]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 0s [id=ami-0dafeb02304897431]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=meta-prod-aws-ue1-harbor-s3/arn:aws:iam::308535385114:policy/meta-prod-aws-ue1-harbor-registry]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-04023bafa7a35ed32]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-0cf3d9cf37ee998b6]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-092d6ffaad52de297]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-0c553a216ffcfbc6e]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0b79a2a6a8c2d4c93]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-07f0242f48547edf9]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0348c5058db524cd2]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0d65ec2dd49f0d87c]
module.vpc.aws_eip.nat_secondary["us-east-1a-4"]: Refreshing state... [id=eipalloc-00b67915425a445ad]
module.vpc.aws_eip.nat_secondary["us-east-1b-0"]: Refreshing state... [id=eipalloc-0d3046f70c5e06703]
module.vpc.aws_eip.nat_secondary["us-east-1c-2"]: Refreshing state... [id=eipalloc-07835c4a6798d0cba]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-02ce11d6646870431]
module.vpc.aws_eip.nat_secondary["us-east-1b-3"]: Refreshing state... [id=eipalloc-080f1de6aadf86bfe]
module.vpc.aws_eip.nat_secondary["us-east-1c-0"]: Refreshing state... [id=eipalloc-04e4ed5d389da6ee8]
module.vpc.aws_eip.nat_secondary["us-east-1c-1"]: Refreshing state... [id=eipalloc-0f0532f5d59cb48d4]
module.vpc.aws_eip.nat_secondary["us-east-1a-0"]: Refreshing state... [id=eipalloc-0b13ecc2db20a0a08]
module.vpc.aws_eip.nat_secondary["us-east-1b-4"]: Refreshing state... [id=eipalloc-033e293e0db093eb5]
module.vpc.aws_eip.nat_secondary["us-east-1b-2"]: Refreshing state... [id=eipalloc-082b7b67fc91bddea]
module.vpc.aws_eip.nat_secondary["us-east-1b-5"]: Refreshing state... [id=eipalloc-0891e3c936177ca1f]
module.vpc.aws_eip.nat_secondary["us-east-1b-6"]: Refreshing state... [id=eipalloc-0626688dd96fd72b1]
module.vpc.aws_eip.nat_secondary["us-east-1c-3"]: Refreshing state... [id=eipalloc-0345e227c85668435]
module.vpc.aws_eip.nat_secondary["us-east-1b-1"]: Refreshing state... [id=eipalloc-0d7540e64f41d03ed]
module.vpc.aws_eip.nat_secondary["us-east-1c-6"]: Refreshing state... [id=eipalloc-0cfb63f74c1bfe868]
module.vpc.aws_eip.nat_secondary["us-east-1a-3"]: Refreshing state... [id=eipalloc-01fe44e4ddcf970a4]
module.vpc.aws_eip.nat_secondary["us-east-1a-2"]: Refreshing state... [id=eipalloc-085f1255da01c4a74]
module.vpc.aws_eip.nat_secondary["us-east-1c-4"]: Refreshing state... [id=eipalloc-08c22d102baccc560]
module.vpc.aws_eip.nat_secondary["us-east-1a-6"]: Refreshing state... [id=eipalloc-0f4b7b7794e7ddcab]
module.vpc.aws_eip.nat_secondary["us-east-1a-5"]: Refreshing state... [id=eipalloc-0b1c40b234bf34782]
module.vpc.aws_eip.nat_secondary["us-east-1c-5"]: Refreshing state... [id=eipalloc-08b6b96db8427fe7c]
module.vpc.aws_eip.nat_secondary["us-east-1a-1"]: Refreshing state... [id=eipalloc-04d8d726f10c423a7]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-02e910dda876f6868]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-0c54492cc83f6a297]
module.vpc.aws_eip.nat[2]: Refreshing state... [id=eipalloc-0e51c52fc16722bf1]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-0ec09f9cebd9e03d7]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-002be7d0c2cd21897]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-0092c387bef531804]
module.eks.aws_eks_cluster.this: Refreshing state... [id=meta-prod-aws-ue1]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-051257023fad95bd5]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-0017452213c04953c]
module.vpc.aws_nat_gateway.this[2]: Refreshing state... [id=nat-017b6d671f099d80b]
module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-010e846a3ffc4e7f9]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-01284f97ba53d4b6a]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-08bf0f3dfffae56cd]
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=meta-prod-aws-ue1:kube-proxy]
module.eks.aws_eks_access_entry.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-ue1:arn:aws:iam::308535385114:role/osdc_gha_prod]
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=meta-prod-aws-ue1:vpc-cni]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.eks.aws_launch_template.base: Refreshing state... [id=lt-010f6dcef487af1c3]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-08adf22b49bcc40a4]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-016c3961a7fb4ded9]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0ec9f3350a410730f]
module.eks.data.tls_certificate.cluster[0]: Read complete after 0s [id=b1b539daa206035ae3c3e28288b0681fa1b462f3]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::308535385114:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/B24010B528DA0FC03A2C455E74946D6B]
module.eks.aws_eks_node_group.base: Refreshing state... [id=meta-prod-aws-ue1:meta-prod-aws-ue1-base-nodes]
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=meta-prod-aws-ue1-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=4151242138]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-ue1-ebs-csi-driver-role]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=meta-prod-aws-ue1:coredns]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=meta-prod-aws-ue1-harbor-registry/arn:aws:iam::308535385114:policy/meta-prod-aws-ue1-harbor-registry]
module.eks.aws_eks_access_policy_association.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-ue1#arn:aws:iam::308535385114:role/osdc_gha_prod#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-ue1-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=meta-prod-aws-ue1:aws-ebs-csi-driver]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module karpenter (meta-prod-aws-ue1) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=meta-prod-aws-ue1-karpenter-instance-state-change]
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=meta-prod-aws-ue1-karpenter-spot-interruption]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-east-1.amazonaws.com/308535385114/meta-prod-aws-ue1-karpenter]
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=meta-prod-aws-ue1-karpenter-rebalance]
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=meta-prod-aws-ue1-karpenter-scheduled-change]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-east-1.amazonaws.com/308535385114/meta-prod-aws-ue1-karpenter]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=meta-prod-aws-ue1-karpenter-instance-state-change-KarpenterInstanceStateChange]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=meta-prod-aws-ue1-karpenter-spot-interruption-KarpenterSpotInterruption]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=meta-prod-aws-ue1-karpenter-rebalance-KarpenterRebalance]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=meta-prod-aws-ue1-karpenter-scheduled-change-KarpenterScheduledChange]
data.terraform_remote_state.base: Read complete after 1s
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-016f4a0d209f3e4a9,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-02ce11d6646870431"]: Refreshing state... [id=subnet-02ce11d6646870431,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0d65ec2dd49f0d87c"]: Refreshing state... [id=subnet-0d65ec2dd49f0d87c,karpenter.sh/discovery]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-ue1-karpenter-controller]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0348c5058db524cd2"]: Refreshing state... [id=subnet-0348c5058db524cd2,karpenter.sh/discovery]
aws_iam_role.karpenter_controller: Refreshing state... [id=meta-prod-aws-ue1-karpenter-controller]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=meta-prod-aws-ue1-karpenter-controller-20260627083405030800000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

@github-actions

github-actions Bot commented Jun 23, 2026

Copy link
Copy Markdown

tofu plan — lf-prod-aws-ue1

✅ Plan succeeded · commit b5e4afc5 · run log

Plan output
Installed 1 package in 1ms
{
    "BucketArn": "arn:aws:s3:::lf-osdc-tfstate-prod-ue1",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (lf-prod-aws-ue1) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.eks.aws_iam_role.cluster: Refreshing state... [id=lf-prod-aws-ue1-cluster-role]
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=e5e45db6-94ad-4dfd-8a1a-213730256a9c]
module.eks.data.aws_caller_identity.current: Reading...
module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=lf-prod-aws-ue1-harbor-s3]
module.eks.aws_iam_role.node: Refreshing state... [id=lf-prod-aws-ue1-node-role]
data.aws_availability_zones.available: Reading...
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-06f350eae88f37700]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=lf-prod-aws-ue1-harbor-registry]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=391835788720]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAVWOZ3UWYJZNKMI7G]
data.aws_availability_zones.available: Read complete after 1s [id=us-east-1]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/lf-prod-aws-ue1-eks-secrets]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=lf-prod-aws-ue1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=lf-prod-aws-ue1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=lf-prod-aws-ue1-node-role:lf-prod-aws-ue1-node-cni-ipv6]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=lf-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=lf-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=lf-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=lf-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 1s [id=ami-0dafeb02304897431]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-03548aa6de237de4c]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-089c5123e6da8d43c]
module.vpc.aws_eip.nat_secondary["us-east-1a-3"]: Refreshing state... [id=eipalloc-01a2c9bf10e45099b]
module.vpc.aws_eip.nat_secondary["us-east-1b-6"]: Refreshing state... [id=eipalloc-085e43aacdd3b5c5f]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-051217c40b1d02b3a]
module.vpc.aws_eip.nat_secondary["us-east-1b-4"]: Refreshing state... [id=eipalloc-0bd28bd3991297f4a]
module.vpc.aws_eip.nat_secondary["us-east-1b-2"]: Refreshing state... [id=eipalloc-0c66936151cceca74]
module.vpc.aws_eip.nat_secondary["us-east-1b-1"]: Refreshing state... [id=eipalloc-0f13b0cd68a133531]
module.vpc.aws_eip.nat_secondary["us-east-1a-1"]: Refreshing state... [id=eipalloc-034348675ffacd849]
module.vpc.aws_eip.nat_secondary["us-east-1a-0"]: Refreshing state... [id=eipalloc-03131d115b478f7c3]
module.vpc.aws_eip.nat_secondary["us-east-1c-2"]: Refreshing state... [id=eipalloc-0a4874208e55dfb7b]
module.vpc.aws_eip.nat_secondary["us-east-1b-5"]: Refreshing state... [id=eipalloc-00cd91c376a1f197d]
module.vpc.aws_eip.nat_secondary["us-east-1c-1"]: Refreshing state... [id=eipalloc-01b2275a4f494fe58]
module.vpc.aws_eip.nat_secondary["us-east-1c-5"]: Refreshing state... [id=eipalloc-07612f4e715e508ae]
module.vpc.aws_eip.nat_secondary["us-east-1c-3"]: Refreshing state... [id=eipalloc-03ec1105bba33668b]
module.vpc.aws_eip.nat_secondary["us-east-1c-4"]: Refreshing state... [id=eipalloc-0db3b4c44cbf47d5a]
module.vpc.aws_eip.nat_secondary["us-east-1c-6"]: Refreshing state... [id=eipalloc-088384cdd02d04bce]
module.vpc.aws_eip.nat_secondary["us-east-1a-6"]: Refreshing state... [id=eipalloc-046fa83874bde66b5]
module.vpc.aws_eip.nat_secondary["us-east-1a-4"]: Refreshing state... [id=eipalloc-0581e7f2f8194266e]
module.vpc.aws_eip.nat_secondary["us-east-1a-5"]: Refreshing state... [id=eipalloc-0936080d9155a0306]
module.vpc.aws_eip.nat_secondary["us-east-1b-3"]: Refreshing state... [id=eipalloc-042e254711d0d3dda]
module.vpc.aws_eip.nat_secondary["us-east-1c-0"]: Refreshing state... [id=eipalloc-051a8792e8dad6c5b]
module.vpc.aws_eip.nat_secondary["us-east-1a-2"]: Refreshing state... [id=eipalloc-0625b097098b1ac2a]
module.vpc.aws_eip.nat_secondary["us-east-1b-0"]: Refreshing state... [id=eipalloc-0533e7098b8548fda]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0afe958a38da9f46c]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-06e680510bc45584b]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0f7184dc74425b3ca]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0fa332056910f46b2]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-087f338c446cffe5d]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-01ca3df6137b445c0]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-07234379e7833a398]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-0f16b1a5ecd405405]
module.vpc.aws_eip.nat[2]: Refreshing state... [id=eipalloc-0fe9cf01a4661b360]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::391835788720:policy/lf-prod-aws-ue1-harbor-registry]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=lf-prod-aws-ue1-harbor-registry]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=lf-prod-aws-ue1-harbor-registry]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-025d5eab2da94f8e6]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-0a6049a78a7428383]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-025956fd021d43094]
module.eks.aws_eks_cluster.this: Refreshing state... [id=lf-prod-aws-ue1]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=lf-prod-aws-ue1-harbor-s3/arn:aws:iam::391835788720:policy/lf-prod-aws-ue1-harbor-registry]
module.vpc.aws_nat_gateway.this[2]: Refreshing state... [id=nat-0cf871626838e4133]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-0d0e9d964d1cd8a9e]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-09c6f66e50dce1835]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-0264db606b7f24bb6]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-02536bbe724eaaa2f]
module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-027811d9ba750a284]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=lf-prod-aws-ue1:kube-proxy]
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=lf-prod-aws-ue1:vpc-cni]
module.eks.aws_eks_access_entry.cluster_admin["lf_osdc_admin"]: Refreshing state... [id=lf-prod-aws-ue1:arn:aws:iam::391835788720:role/lf_osdc_admin]
module.eks.aws_launch_template.base: Refreshing state... [id=lt-0e3be05a985acc61c]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0c6e77db648d5279c]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-00cd583d71292870b]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-009170e5cc902aa3e]
module.eks.aws_eks_node_group.base: Refreshing state... [id=lf-prod-aws-ue1:lf-prod-aws-ue1-base-nodes]
module.eks.data.tls_certificate.cluster[0]: Read complete after 0s [id=b1b539daa206035ae3c3e28288b0681fa1b462f3]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::391835788720:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/E8EF4A6C55DB9699E53A54DA444C21A3]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=lf-prod-aws-ue1-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=717515682]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=lf-prod-aws-ue1-ebs-csi-driver-role]
module.eks.aws_eks_access_policy_association.cluster_admin["lf_osdc_admin"]: Refreshing state... [id=lf-prod-aws-ue1#arn:aws:iam::391835788720:role/lf_osdc_admin#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=lf-prod-aws-ue1:coredns]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=lf-prod-aws-ue1-harbor-registry/arn:aws:iam::391835788720:policy/lf-prod-aws-ue1-harbor-registry]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=lf-prod-aws-ue1-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=lf-prod-aws-ue1:aws-ebs-csi-driver]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module karpenter (lf-prod-aws-ue1) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=lf-prod-aws-ue1-karpenter-rebalance]
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=lf-prod-aws-ue1-karpenter-scheduled-change]
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=lf-prod-aws-ue1-karpenter-spot-interruption]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-east-1.amazonaws.com/391835788720/lf-prod-aws-ue1-karpenter]
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=lf-prod-aws-ue1-karpenter-instance-state-change]
data.terraform_remote_state.base: Read complete after 0s
aws_ec2_tag.subnet_karpenter_discovery["subnet-0fa332056910f46b2"]: Refreshing state... [id=subnet-0fa332056910f46b2,karpenter.sh/discovery]
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-07a769a5e8a93a444,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-01ca3df6137b445c0"]: Refreshing state... [id=subnet-01ca3df6137b445c0,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-07234379e7833a398"]: Refreshing state... [id=subnet-07234379e7833a398,karpenter.sh/discovery]
aws_iam_role.karpenter_controller: Refreshing state... [id=lf-prod-aws-ue1-karpenter-controller]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-east-1.amazonaws.com/391835788720/lf-prod-aws-ue1-karpenter]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=lf-prod-aws-ue1-karpenter-scheduled-change-KarpenterScheduledChange]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=lf-prod-aws-ue1-karpenter-spot-interruption-KarpenterSpotInterruption]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::391835788720:policy/lf-prod-aws-ue1-karpenter-controller]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=lf-prod-aws-ue1-karpenter-instance-state-change-KarpenterInstanceStateChange]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=lf-prod-aws-ue1-karpenter-rebalance-KarpenterRebalance]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=lf-prod-aws-ue1-karpenter-controller-20260605165913470400000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

@github-actions

github-actions Bot commented Jun 23, 2026

Copy link
Copy Markdown

tofu plan — lf-prod-aws-ue2

✅ Plan succeeded · commit b5e4afc5 · run log

Plan output
Installed 1 package in 1ms
{
    "BucketArn": "arn:aws:s3:::lf-osdc-tfstate-prod-ue2",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (lf-prod-aws-ue2) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=lf-prod-aws-ue2-harbor-s3]
data.aws_availability_zones.available: Reading...
module.eks.data.aws_caller_identity.current: Reading...
module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-0f7d54e3accfbe3e4]
module.eks.aws_iam_role.node: Refreshing state... [id=lf-prod-aws-ue2-node-role]
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=27a9b8e9-2509-43ce-ac8e-cfc320b65fe2]
module.eks.aws_iam_role.cluster: Refreshing state... [id=lf-prod-aws-ue2-cluster-role]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=lf-prod-aws-ue2-harbor-registry]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=391835788720]
data.aws_availability_zones.available: Read complete after 0s [id=us-east-2]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/lf-prod-aws-ue2-eks-secrets]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAVWOZ3UWYMGG4LIHB]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=lf-prod-aws-ue2-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=lf-prod-aws-ue2-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=lf-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=lf-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=lf-prod-aws-ue2-node-role:lf-prod-aws-ue2-node-cni-ipv6]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=lf-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=lf-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 0s [id=ami-009f1fe7d56695348]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=lf-prod-aws-ue2-harbor-registry]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::391835788720:policy/lf-prod-aws-ue2-harbor-registry]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=lf-prod-aws-ue2-harbor-registry]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=lf-prod-aws-ue2-harbor-s3/arn:aws:iam::391835788720:policy/lf-prod-aws-ue2-harbor-registry]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-042c4d31ed557eaa4]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-061f8f7ac8b40d720]
module.vpc.aws_eip.nat[2]: Refreshing state... [id=eipalloc-079ed57d9de06fd9b]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-0e0efd2a8ef20d72e]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-08c041a7cb9147705]
module.vpc.aws_eip.nat_secondary["us-east-2c-0"]: Refreshing state... [id=eipalloc-09bd4b74b1a8ca6ac]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-06a9b2e4ea40968b6]
module.vpc.aws_eip.nat_secondary["us-east-2b-3"]: Refreshing state... [id=eipalloc-0b95441aa4e161db2]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0515848329e5dc53a]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0ae8d251d3a0336ca]
module.vpc.aws_eip.nat_secondary["us-east-2a-2"]: Refreshing state... [id=eipalloc-0e53d306d25151b0e]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-0508ab6e3db7ccf08]
module.vpc.aws_eip.nat_secondary["us-east-2c-4"]: Refreshing state... [id=eipalloc-005e21ac878c4db34]
module.vpc.aws_eip.nat_secondary["us-east-2b-4"]: Refreshing state... [id=eipalloc-08683a31d5967bff6]
module.vpc.aws_eip.nat_secondary["us-east-2a-1"]: Refreshing state... [id=eipalloc-0a90e8e5b75a3fe45]
module.vpc.aws_eip.nat_secondary["us-east-2a-5"]: Refreshing state... [id=eipalloc-095865342b4c692ac]
module.vpc.aws_eip.nat_secondary["us-east-2c-2"]: Refreshing state... [id=eipalloc-08e66df79eddc18b5]
module.vpc.aws_eip.nat_secondary["us-east-2a-4"]: Refreshing state... [id=eipalloc-0bd8a5e170892bb0b]
module.vpc.aws_eip.nat_secondary["us-east-2b-6"]: Refreshing state... [id=eipalloc-09c38605941dbbaac]
module.vpc.aws_eip.nat_secondary["us-east-2c-5"]: Refreshing state... [id=eipalloc-06c020042f283554a]
module.vpc.aws_eip.nat_secondary["us-east-2b-5"]: Refreshing state... [id=eipalloc-06f0755f7542d77fa]
module.vpc.aws_eip.nat_secondary["us-east-2a-3"]: Refreshing state... [id=eipalloc-0737f1fdf35a0f975]
module.vpc.aws_eip.nat_secondary["us-east-2b-0"]: Refreshing state... [id=eipalloc-055182abe5c634ddc]
module.vpc.aws_eip.nat_secondary["us-east-2c-3"]: Refreshing state... [id=eipalloc-04d97b3aec8f5fb8a]
module.vpc.aws_eip.nat_secondary["us-east-2b-2"]: Refreshing state... [id=eipalloc-0403ed9359182b72c]
module.vpc.aws_eip.nat_secondary["us-east-2c-1"]: Refreshing state... [id=eipalloc-0241d507f34cdb0b5]
module.vpc.aws_eip.nat_secondary["us-east-2a-6"]: Refreshing state... [id=eipalloc-077cbc910a56d08fd]
module.vpc.aws_eip.nat_secondary["us-east-2c-6"]: Refreshing state... [id=eipalloc-057df768d859ed17e]
module.vpc.aws_eip.nat_secondary["us-east-2b-1"]: Refreshing state... [id=eipalloc-0c8d74e3dcfb2dad0]
module.vpc.aws_eip.nat_secondary["us-east-2a-0"]: Refreshing state... [id=eipalloc-0a9078e90b80cc1de]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0e53846501278171e]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-080bfdf02da937445]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-016d460df617c0e2c]
module.eks.aws_eks_cluster.this: Refreshing state... [id=lf-prod-aws-ue2]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-0d0f31615161dab0f]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-028a6f03785f6bca2]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-005f847cdca1f2143]
module.vpc.aws_nat_gateway.this[2]: Refreshing state... [id=nat-0caff297f1b93f0c7]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-0288194135c91a55d]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-095cd56cd812b4931]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-0d0497dd1d2a111f5]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-0ce64842bfadf32b0]
module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-0d7230758d05b4f20]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-05de05c204a439484]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0feb6707491379e22]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0cbaf74e1bd57a865]
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=lf-prod-aws-ue2:vpc-cni]
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=lf-prod-aws-ue2:kube-proxy]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.eks.aws_eks_access_entry.cluster_admin["lf_osdc_admin"]: Refreshing state... [id=lf-prod-aws-ue2:arn:aws:iam::391835788720:role/lf_osdc_admin]
module.eks.aws_launch_template.base: Refreshing state... [id=lt-062d0b42e1b1ca1af]
module.eks.aws_eks_node_group.base: Refreshing state... [id=lf-prod-aws-ue2:lf-prod-aws-ue2-base-nodes]
module.eks.data.tls_certificate.cluster[0]: Read complete after 1s [id=033a163afb2babc26f7883e642621ac361c93d61]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::391835788720:oidc-provider/oidc.eks.us-east-2.amazonaws.com/id/43EEAC690CC76E15781134A4FC06EDCE]
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=lf-prod-aws-ue2-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=796338164]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=lf-prod-aws-ue2-ebs-csi-driver-role]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=lf-prod-aws-ue2:coredns]
module.eks.aws_eks_access_policy_association.cluster_admin["lf_osdc_admin"]: Refreshing state... [id=lf-prod-aws-ue2#arn:aws:iam::391835788720:role/lf_osdc_admin#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=lf-prod-aws-ue2-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=lf-prod-aws-ue2-harbor-registry/arn:aws:iam::391835788720:policy/lf-prod-aws-ue2-harbor-registry]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=lf-prod-aws-ue2:aws-ebs-csi-driver]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module karpenter (lf-prod-aws-ue2) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=lf-prod-aws-ue2-karpenter-rebalance]
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=lf-prod-aws-ue2-karpenter-spot-interruption]
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=lf-prod-aws-ue2-karpenter-scheduled-change]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/391835788720/lf-prod-aws-ue2-karpenter]
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=lf-prod-aws-ue2-karpenter-instance-state-change]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/391835788720/lf-prod-aws-ue2-karpenter]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=lf-prod-aws-ue2-karpenter-scheduled-change-KarpenterScheduledChange]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=lf-prod-aws-ue2-karpenter-spot-interruption-KarpenterSpotInterruption]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=lf-prod-aws-ue2-karpenter-rebalance-KarpenterRebalance]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=lf-prod-aws-ue2-karpenter-instance-state-change-KarpenterInstanceStateChange]
data.terraform_remote_state.base: Read complete after 1s
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-06c1f2ed8ffb1ddfa,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0ae8d251d3a0336ca"]: Refreshing state... [id=subnet-0ae8d251d3a0336ca,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0515848329e5dc53a"]: Refreshing state... [id=subnet-0515848329e5dc53a,karpenter.sh/discovery]
aws_iam_role.karpenter_controller: Refreshing state... [id=lf-prod-aws-ue2-karpenter-controller]
aws_ec2_tag.subnet_karpenter_discovery["subnet-06a9b2e4ea40968b6"]: Refreshing state... [id=subnet-06a9b2e4ea40968b6,karpenter.sh/discovery]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::391835788720:policy/lf-prod-aws-ue2-karpenter-controller]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=lf-prod-aws-ue2-karpenter-controller-20260608235145776400000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

[ghstack-poisoned]
[ghstack-poisoned]
@huydhn huydhn changed the title osdc/hf-cache: terraform — shared S3 bucket + per-cluster IRSA osdc/hf-cache: terraform — per-region S3 bucket + per-cluster IRSA Jun 24, 2026
[ghstack-poisoned]
[ghstack-poisoned]
huydhn added 2 commits June 26, 2026 18:24
[ghstack-poisoned]
[ghstack-poisoned]
Comment thread osdc/modules/hf-cache/terraform/main.tf
@huydhn huydhn requested a review from jeanschmidt June 29, 2026 17:27
huydhn added 2 commits June 30, 2026 13:41
[ghstack-poisoned]
[ghstack-poisoned]
huydhn added 2 commits June 30, 2026 17:35
[ghstack-poisoned]
[ghstack-poisoned]
@huydhn huydhn temporarily deployed to osdc-staging July 1, 2026 00:35 — with GitHub Actions Inactive
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

tofu plan — meta-prod-aws-ue2

✅ Plan succeeded · commit b5e4afc5 · run log

Plan output
Installed 1 package in 3ms
{
    "BucketArn": "arn:aws:s3:::ciforge-tfstate-arc-cbr-prod",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (meta-prod-aws-ue2) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=meta-prod-aws-ue2-harbor-s3]
module.eks.aws_iam_role.node: Refreshing state... [id=meta-prod-aws-ue2-node-role]
module.eks.data.aws_caller_identity.current: Reading...
data.aws_availability_zones.available: Reading...
module.eks.aws_iam_role.cluster: Refreshing state... [id=meta-prod-aws-ue2-cluster-role]
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=5d4d0652-42ff-43dd-9226-39d12a821a51]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=meta-prod-aws-ue2-harbor-registry]
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-0a4f4e29523e47c1b]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=308535385114]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAUPVRELQNJVCP27OP]
data.aws_availability_zones.available: Read complete after 0s [id=us-east-2]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/meta-prod-aws-ue2-eks-secrets]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=meta-prod-aws-ue2-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=meta-prod-aws-ue2-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=meta-prod-aws-ue2-node-role:meta-prod-aws-ue2-node-cni-ipv6]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=meta-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=meta-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=meta-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=meta-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=meta-prod-aws-ue2-harbor-registry]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=meta-prod-aws-ue2-harbor-registry]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-ue2-harbor-registry]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=meta-prod-aws-ue2-harbor-s3/arn:aws:iam::308535385114:policy/meta-prod-aws-ue2-harbor-registry]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 1s [id=ami-009f1fe7d56695348]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-016bb57c3b21473a6]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-04af658be058383c5]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-061aea9b4b9bada09]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-02d073a8ea6afc941]
module.vpc.aws_eip.nat[2]: Refreshing state... [id=eipalloc-083663c3c87e010db]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-02dd343006d52558e]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-0bcb5a49baf039af4]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-002376e4b06050dd5]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0f47ac14e31a8017f]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0438aca402f5b38a7]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-09d2f10b60ed5d309]
module.vpc.aws_eip.nat_secondary["us-east-2c-1"]: Refreshing state... [id=eipalloc-0be4a9c527836548e]
module.vpc.aws_eip.nat_secondary["us-east-2c-6"]: Refreshing state... [id=eipalloc-01fc1d68552fd3c93]
module.vpc.aws_eip.nat_secondary["us-east-2a-2"]: Refreshing state... [id=eipalloc-089abbdd07fba6c2b]
module.vpc.aws_eip.nat_secondary["us-east-2b-0"]: Refreshing state... [id=eipalloc-04da46294f7eaf76e]
module.vpc.aws_eip.nat_secondary["us-east-2a-1"]: Refreshing state... [id=eipalloc-0419741e10c7f3d0e]
module.vpc.aws_eip.nat_secondary["us-east-2a-6"]: Refreshing state... [id=eipalloc-0825c0cfde63c3db8]
module.vpc.aws_eip.nat_secondary["us-east-2b-4"]: Refreshing state... [id=eipalloc-08535e5eee34fd191]
module.vpc.aws_eip.nat_secondary["us-east-2b-6"]: Refreshing state... [id=eipalloc-06755348e3e26fd1e]
module.vpc.aws_eip.nat_secondary["us-east-2b-1"]: Refreshing state... [id=eipalloc-05f0cbb677b209e4c]
module.vpc.aws_eip.nat_secondary["us-east-2a-4"]: Refreshing state... [id=eipalloc-0808c5e0c619858bf]
module.vpc.aws_eip.nat_secondary["us-east-2b-5"]: Refreshing state... [id=eipalloc-0e4421d040c50313d]
module.vpc.aws_eip.nat_secondary["us-east-2c-4"]: Refreshing state... [id=eipalloc-00389a24357de600c]
module.vpc.aws_eip.nat_secondary["us-east-2c-2"]: Refreshing state... [id=eipalloc-0cd6a97f41c08ad79]
module.vpc.aws_eip.nat_secondary["us-east-2c-3"]: Refreshing state... [id=eipalloc-0aae09505ca231089]
module.vpc.aws_eip.nat_secondary["us-east-2b-3"]: Refreshing state... [id=eipalloc-015325899aff1e5ed]
module.vpc.aws_eip.nat_secondary["us-east-2a-5"]: Refreshing state... [id=eipalloc-0c1dc27d4f3538385]
module.vpc.aws_eip.nat_secondary["us-east-2c-0"]: Refreshing state... [id=eipalloc-08261cb440c99aeab]
module.vpc.aws_eip.nat_secondary["us-east-2c-5"]: Refreshing state... [id=eipalloc-00f2ab5d8753f4695]
module.vpc.aws_eip.nat_secondary["us-east-2a-3"]: Refreshing state... [id=eipalloc-0a8f826170a066d1a]
module.vpc.aws_eip.nat_secondary["us-east-2b-2"]: Refreshing state... [id=eipalloc-03b287002428ed999]
module.vpc.aws_eip.nat_secondary["us-east-2a-0"]: Refreshing state... [id=eipalloc-0b3606e915a05b900]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-08126e2d33cab5385]
module.eks.aws_eks_cluster.this: Refreshing state... [id=meta-prod-aws-ue2]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-00e225254564766a6]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-0ec5793b2d56da22d]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-0d74603290859e2f2]
module.eks.aws_eks_access_entry.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-ue2:arn:aws:iam::308535385114:role/osdc_gha_prod]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=meta-prod-aws-ue2:kube-proxy]
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=meta-prod-aws-ue2:vpc-cni]
module.eks.aws_launch_template.base: Refreshing state... [id=lt-0b4676c69cf648948]
module.eks.data.tls_certificate.cluster[0]: Read complete after 0s [id=033a163afb2babc26f7883e642621ac361c93d61]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::308535385114:oidc-provider/oidc.eks.us-east-2.amazonaws.com/id/D399D35AE88C3599FE2FC477C1EC7C92]
module.eks.aws_eks_node_group.base: Refreshing state... [id=meta-prod-aws-ue2:meta-prod-aws-ue2-base-nodes]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=meta-prod-aws-ue2-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=780079123]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-ue2-ebs-csi-driver-role]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=meta-prod-aws-ue2-harbor-registry/arn:aws:iam::308535385114:policy/meta-prod-aws-ue2-harbor-registry]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-ue2-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=meta-prod-aws-ue2:aws-ebs-csi-driver]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=meta-prod-aws-ue2:coredns]
module.eks.aws_eks_access_policy_association.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-ue2#arn:aws:iam::308535385114:role/osdc_gha_prod#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-0578f79b0309df745]
module.vpc.aws_nat_gateway.this[2]: Refreshing state... [id=nat-01ba8099bebc551a4]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-0fc6b948cfe81046d]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-0b9d4e0fc87d542a6]
module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-0bc4e669577609a58]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-0fd06291b649af633]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0f09d32deabb452f1]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-03b5e7bbb060c2f94]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0dd75e8dec345f5a0]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module karpenter (meta-prod-aws-ue2) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=meta-prod-aws-ue2-karpenter-spot-interruption]
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=meta-prod-aws-ue2-karpenter-rebalance]
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=meta-prod-aws-ue2-karpenter-instance-state-change]
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=meta-prod-aws-ue2-karpenter-scheduled-change]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/308535385114/meta-prod-aws-ue2-karpenter]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/308535385114/meta-prod-aws-ue2-karpenter]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=meta-prod-aws-ue2-karpenter-scheduled-change-KarpenterScheduledChange]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=meta-prod-aws-ue2-karpenter-rebalance-KarpenterRebalance]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=meta-prod-aws-ue2-karpenter-spot-interruption-KarpenterSpotInterruption]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=meta-prod-aws-ue2-karpenter-instance-state-change-KarpenterInstanceStateChange]
data.terraform_remote_state.base: Read complete after 1s
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-08123718ac4568e55,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-09d2f10b60ed5d309"]: Refreshing state... [id=subnet-09d2f10b60ed5d309,karpenter.sh/discovery]
aws_iam_role.karpenter_controller: Refreshing state... [id=meta-prod-aws-ue2-karpenter-controller]
aws_ec2_tag.subnet_karpenter_discovery["subnet-061aea9b4b9bada09"]: Refreshing state... [id=subnet-061aea9b4b9bada09,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-02dd343006d52558e"]: Refreshing state... [id=subnet-02dd343006d52558e,karpenter.sh/discovery]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-ue2-karpenter-controller]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=meta-prod-aws-ue2-karpenter-controller-20260626065954984300000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

@huydhn huydhn temporarily deployed to osdc-staging July 1, 2026 00:37 — with GitHub Actions Inactive
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

tofu plan — meta-prod-aws-uw1

✅ Plan succeeded · commit b5e4afc5 · run log

Plan output
Installed 1 package in 2ms
{
    "BucketArn": "arn:aws:s3:::ciforge-tfstate-arc-cbr-prod-uw1",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (meta-prod-aws-uw1) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


module.eks.data.aws_caller_identity.current: Reading...
module.eks.data.aws_ami.eks_optimized_al2023: Reading...
data.aws_availability_zones.available: Reading...
module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=meta-prod-aws-uw1-harbor-s3]
module.eks.aws_iam_role.node: Refreshing state... [id=meta-prod-aws-uw1-node-role]
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=249b363f-50d9-4d71-8c19-33c90089adc4]
module.eks.aws_iam_role.cluster: Refreshing state... [id=meta-prod-aws-uw1-cluster-role]
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-0c7a0f5c4f16f50dd]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=meta-prod-aws-uw1-harbor-registry]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=308535385114]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAUPVRELQNNXRVD65N]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=meta-prod-aws-uw1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=meta-prod-aws-uw1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=meta-prod-aws-uw1-node-role:meta-prod-aws-uw1-node-cni-ipv6]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=meta-prod-aws-uw1-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=meta-prod-aws-uw1-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=meta-prod-aws-uw1-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=meta-prod-aws-uw1-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
data.aws_availability_zones.available: Read complete after 1s [id=us-west-1]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/meta-prod-aws-uw1-eks-secrets]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 1s [id=ami-07fd8394a1d58b614]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-0c3a516c5f092e482]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-0063ee624cd2732d8]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-09ba42112ad2f3498]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-09e992b7d08e2e934]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-000973dc2a1d7e619]
module.vpc.aws_eip.nat_secondary["us-west-1c-4"]: Refreshing state... [id=eipalloc-026da1516572eec86]
module.vpc.aws_eip.nat_secondary["us-west-1a-2"]: Refreshing state... [id=eipalloc-09e48c6512d9e612f]
module.vpc.aws_eip.nat_secondary["us-west-1a-5"]: Refreshing state... [id=eipalloc-0686d617611f65881]
module.vpc.aws_eip.nat_secondary["us-west-1a-6"]: Refreshing state... [id=eipalloc-0bf3c5405c4b04b9c]
module.vpc.aws_eip.nat_secondary["us-west-1a-0"]: Refreshing state... [id=eipalloc-08ee495e2612f9854]
module.vpc.aws_eip.nat_secondary["us-west-1c-3"]: Refreshing state... [id=eipalloc-0b5f261d2d97bcdc2]
module.vpc.aws_eip.nat_secondary["us-west-1a-4"]: Refreshing state... [id=eipalloc-052349005feef822c]
module.vpc.aws_eip.nat_secondary["us-west-1c-5"]: Refreshing state... [id=eipalloc-0def1ec3fa43dac4b]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-062b73a22caa683b7]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-04dd3f923b70d7177]
module.vpc.aws_eip.nat_secondary["us-west-1c-2"]: Refreshing state... [id=eipalloc-02f6fb7e715ebf888]
module.vpc.aws_eip.nat_secondary["us-west-1c-6"]: Refreshing state... [id=eipalloc-047cd622afc027ee1]
module.vpc.aws_eip.nat_secondary["us-west-1a-3"]: Refreshing state... [id=eipalloc-0396526b463284581]
module.vpc.aws_eip.nat_secondary["us-west-1c-0"]: Refreshing state... [id=eipalloc-0aa6be0f303fb413d]
module.vpc.aws_eip.nat_secondary["us-west-1a-1"]: Refreshing state... [id=eipalloc-07fc0a4a8844d68ef]
module.vpc.aws_eip.nat_secondary["us-west-1c-1"]: Refreshing state... [id=eipalloc-0b7ef04c32820eb2b]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0e9dc0314cc83122d]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0ec6555eaab36cb0f]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-0ea3c0815876de4c6]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-021106d76c25ab7dd]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=meta-prod-aws-uw1-harbor-registry]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=meta-prod-aws-uw1-harbor-registry]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-uw1-harbor-registry]
module.eks.aws_eks_cluster.this: Refreshing state... [id=meta-prod-aws-uw1]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=meta-prod-aws-uw1-harbor-s3/arn:aws:iam::308535385114:policy/meta-prod-aws-uw1-harbor-registry]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=meta-prod-aws-uw1:vpc-cni]
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=meta-prod-aws-uw1:kube-proxy]
module.eks.aws_eks_access_entry.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-uw1:arn:aws:iam::308535385114:role/osdc_gha_prod]
module.eks.aws_launch_template.base: Refreshing state... [id=lt-09e8b410d5601fb81]
module.eks.aws_eks_node_group.base: Refreshing state... [id=meta-prod-aws-uw1:meta-prod-aws-uw1-base-nodes]
module.eks.data.tls_certificate.cluster[0]: Read complete after 0s [id=ab5db6c82031e2d229412c67921160a3b3af073b]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::308535385114:oidc-provider/oidc.eks.us-west-1.amazonaws.com/id/049195ED3247B03B610AB041768C99D9]
module.eks.aws_eks_access_policy_association.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-uw1#arn:aws:iam::308535385114:role/osdc_gha_prod#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=meta-prod-aws-uw1-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=1948150697]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-uw1-ebs-csi-driver-role]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=meta-prod-aws-uw1:coredns]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-uw1-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=meta-prod-aws-uw1-harbor-registry/arn:aws:iam::308535385114:policy/meta-prod-aws-uw1-harbor-registry]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=meta-prod-aws-uw1:aws-ebs-csi-driver]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-0c4f5e0d136a43bc1]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-0f09a57f0a682972e]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-096d5785b7f057456]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-0252a95ace300ec13]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-03da4cbd6db56b03b]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-073892599db845ebe]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module karpenter (meta-prod-aws-uw1) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=meta-prod-aws-uw1-karpenter-instance-state-change]
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=meta-prod-aws-uw1-karpenter-scheduled-change]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-west-1.amazonaws.com/308535385114/meta-prod-aws-uw1-karpenter]
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=meta-prod-aws-uw1-karpenter-rebalance]
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=meta-prod-aws-uw1-karpenter-spot-interruption]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-west-1.amazonaws.com/308535385114/meta-prod-aws-uw1-karpenter]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=meta-prod-aws-uw1-karpenter-spot-interruption-KarpenterSpotInterruption]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=meta-prod-aws-uw1-karpenter-rebalance-KarpenterRebalance]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=meta-prod-aws-uw1-karpenter-instance-state-change-KarpenterInstanceStateChange]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=meta-prod-aws-uw1-karpenter-scheduled-change-KarpenterScheduledChange]
data.terraform_remote_state.base: Read complete after 2s
aws_ec2_tag.subnet_karpenter_discovery["subnet-0ec6555eaab36cb0f"]: Refreshing state... [id=subnet-0ec6555eaab36cb0f,karpenter.sh/discovery]
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-07b2ae82341ea99c4,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0e9dc0314cc83122d"]: Refreshing state... [id=subnet-0e9dc0314cc83122d,karpenter.sh/discovery]
aws_iam_role.karpenter_controller: Refreshing state... [id=meta-prod-aws-uw1-karpenter-controller]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-uw1-karpenter-controller]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=meta-prod-aws-uw1-karpenter-controller-20260625071532734400000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

@huydhn huydhn temporarily deployed to osdc-staging July 1, 2026 00:41 — with GitHub Actions Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants