Skip to content

osdc/hf-cache: integration test — refresh (online download → S3 sync)#818

Merged
huydhn merged 28 commits into
gh/huydhn/44/basefrom
gh/huydhn/44/head
Jul 1, 2026
Merged

osdc/hf-cache: integration test — refresh (online download → S3 sync)#818
huydhn merged 28 commits into
gh/huydhn/44/basefrom
gh/huydhn/44/head

Conversation

@huydhn

@huydhn huydhn commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Stack from ghstack (oldest at bottom):

BEGIN_HF_CACHE_OIDC job block (gated on arc-runners + hf-cache):
test-hf-cache-refresh-sync mirrors ci-refresh-hf-cache — assumes the
gha_workflow_hf-cache-write role via GitHub OIDC (environment: hf-cache-write,
id-token: write), downloads a small model (prajjwal1/bert-tiny) from the HF Hub
online, then aws s3 syncs the artifacts to the cluster's bucket and verifies the
objects landed.

The job FAILS if the OIDC role can't be assumed — a swallowed OIDC failure would
hide that the refresh can't actually write the cache. Activating it requires the
'hf-cache-write' environment on the test repo and the role (pytorch-gha-infra
#1239) trusting its OIDC subject.

[ghstack-poisoned]
@github-actions

github-actions Bot commented Jun 24, 2026

Copy link
Copy Markdown

tofu plan — arc-cbr-production

✅ Plan succeeded · commit afa73dc6 · run log

Plan output
Installed 1 package in 2ms
{
    "BucketArn": "arn:aws:s3:::ciforge-tfstate-arc-cbr-prod",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (arc-cbr-production) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


module.vpc.aws_vpc.this: Refreshing state... [id=vpc-0e712dc7e743bbcf7]
module.eks.data.aws_caller_identity.current: Reading...
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=527854a4-e335-4f95-bc89-1321cff7a478]
module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=pytorch-arc-cbr-production-harbor-s3]
data.aws_availability_zones.available: Reading...
module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.eks.aws_iam_role.node: Refreshing state... [id=pytorch-arc-cbr-production-node-role]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-harbor-registry]
module.eks.aws_iam_role.cluster: Refreshing state... [id=pytorch-arc-cbr-production-cluster-role]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=308535385114]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAUPVRELQNOLQFN6MU]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/pytorch-arc-cbr-production-eks-secrets]
data.aws_availability_zones.available: Read complete after 0s [id=us-east-2]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=pytorch-arc-cbr-production-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=pytorch-arc-cbr-production-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=pytorch-arc-cbr-production-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=pytorch-arc-cbr-production-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=pytorch-arc-cbr-production-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=pytorch-arc-cbr-production-node-role:pytorch-arc-cbr-production-node-cni-ipv6]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=pytorch-arc-cbr-production-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-032d4401e63f0c9b9]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-05e96ee7cb818e5c0]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 0s [id=ami-009f1fe7d56695348]
module.vpc.aws_eip.nat[2]: Refreshing state... [id=eipalloc-01187bfaa68514400]
module.vpc.aws_eip.nat_secondary["us-east-2a-0"]: Refreshing state... [id=eipalloc-086a011b3c26c0dd7]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0d34063a19f4b07b4]
module.vpc.aws_eip.nat_secondary["us-east-2c-4"]: Refreshing state... [id=eipalloc-0cc3dadec18bbb3f3]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ab11fcdb8d4ea113]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-01e479dcb5aedf696]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0d26e280575e8aaf4]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-0fddf2f74e7e978c7]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-0a583bbbcac436ebd]
module.vpc.aws_eip.nat_secondary["us-east-2a-3"]: Refreshing state... [id=eipalloc-034d5e1f5a2fcb795]
module.vpc.aws_eip.nat_secondary["us-east-2c-6"]: Refreshing state... [id=eipalloc-0aede78edc69cf695]
module.vpc.aws_eip.nat_secondary["us-east-2c-2"]: Refreshing state... [id=eipalloc-07cfdb2fd5dc07459]
module.vpc.aws_eip.nat_secondary["us-east-2b-2"]: Refreshing state... [id=eipalloc-063bee447616351f9]
module.vpc.aws_eip.nat_secondary["us-east-2b-5"]: Refreshing state... [id=eipalloc-0cde9a6463901f1e1]
module.vpc.aws_eip.nat_secondary["us-east-2c-0"]: Refreshing state... [id=eipalloc-03542e74755fc105b]
module.vpc.aws_eip.nat_secondary["us-east-2a-1"]: Refreshing state... [id=eipalloc-0f2b00a9ac31df215]
module.vpc.aws_eip.nat_secondary["us-east-2b-0"]: Refreshing state... [id=eipalloc-0cead990d60ce181e]
module.vpc.aws_eip.nat_secondary["us-east-2c-5"]: Refreshing state... [id=eipalloc-02825435a2786b3d8]
module.vpc.aws_eip.nat_secondary["us-east-2a-4"]: Refreshing state... [id=eipalloc-067d535102a61d1a8]
module.vpc.aws_eip.nat_secondary["us-east-2c-1"]: Refreshing state... [id=eipalloc-06a980076e99cda81]
module.vpc.aws_eip.nat_secondary["us-east-2b-1"]: Refreshing state... [id=eipalloc-0e67c0a8cd8c990da]
module.vpc.aws_eip.nat_secondary["us-east-2b-6"]: Refreshing state... [id=eipalloc-06b7b88826199a232]
module.vpc.aws_eip.nat_secondary["us-east-2b-4"]: Refreshing state... [id=eipalloc-0de33181548ac2e5a]
module.vpc.aws_eip.nat_secondary["us-east-2a-6"]: Refreshing state... [id=eipalloc-0113c95dbdec2f879]
module.vpc.aws_eip.nat_secondary["us-east-2b-3"]: Refreshing state... [id=eipalloc-021ee6c9f1d20b71a]
module.vpc.aws_eip.nat_secondary["us-east-2c-3"]: Refreshing state... [id=eipalloc-0d3a71569b2f687be]
module.vpc.aws_eip.nat_secondary["us-east-2a-2"]: Refreshing state... [id=eipalloc-09b15a770e0c6d552]
module.vpc.aws_eip.nat_secondary["us-east-2a-5"]: Refreshing state... [id=eipalloc-0bd9bf54bd6010323]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-0577a02acde719bff]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0709abbcafa23aec0]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-harbor-registry]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0992f582e9bf2836e]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-harbor-registry]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-harbor-registry]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-084975a7f7af2696e]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-07d5cd4c479c827ab]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-0ce4fba002d90e7d5]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=pytorch-arc-cbr-production-harbor-s3/arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-harbor-registry]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-0ad75b2f5282877db]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-08e264cbbd47be1ee]
module.vpc.aws_nat_gateway.this[2]: Refreshing state... [id=nat-0f7b8f4473e5790df]
module.eks.aws_eks_cluster.this: Refreshing state... [id=pytorch-arc-cbr-production]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-01d38d41a7ca82a08]
module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-0cb3785c433ed7718]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-0c7ecd4166a01e5f0]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0beb143017359bda1]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-097abe4676c74f71b]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0b6e08b4b0dc968c0]
module.eks.aws_eks_access_entry.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=pytorch-arc-cbr-production:arn:aws:iam::308535385114:role/osdc_gha_prod]
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=pytorch-arc-cbr-production:vpc-cni]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=pytorch-arc-cbr-production:kube-proxy]
module.eks.aws_launch_template.base: Refreshing state... [id=lt-0b820cd15307b6d57]
module.eks.data.tls_certificate.cluster[0]: Read complete after 0s [id=033a163afb2babc26f7883e642621ac361c93d61]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::308535385114:oidc-provider/oidc.eks.us-east-2.amazonaws.com/id/0A621339248958D6D5F2FF084BD185B5]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=2879363015]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=pytorch-arc-cbr-production-ebs-csi-driver-role]
module.eks.aws_eks_node_group.base: Refreshing state... [id=pytorch-arc-cbr-production:pytorch-arc-cbr-production-base-nodes]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-harbor-registry/arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-harbor-registry]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=pytorch-arc-cbr-production-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.eks.aws_eks_access_policy_association.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=pytorch-arc-cbr-production#arn:aws:iam::308535385114:role/osdc_gha_prod#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=pytorch-arc-cbr-production:coredns]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=pytorch-arc-cbr-production:aws-ebs-csi-driver]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module karpenter (arc-cbr-production) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-scheduled-change]
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-instance-state-change]
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-spot-interruption]
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-rebalance]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/308535385114/pytorch-arc-cbr-production-karpenter]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/308535385114/pytorch-arc-cbr-production-karpenter]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-rebalance-KarpenterRebalance]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-scheduled-change-KarpenterScheduledChange]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-spot-interruption-KarpenterSpotInterruption]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-instance-state-change-KarpenterInstanceStateChange]
data.terraform_remote_state.base: Read complete after 1s
aws_ec2_tag.subnet_karpenter_discovery["subnet-0992f582e9bf2836e"]: Refreshing state... [id=subnet-0992f582e9bf2836e,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0709abbcafa23aec0"]: Refreshing state... [id=subnet-0709abbcafa23aec0,karpenter.sh/discovery]
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-01ec5f742ae028981,karpenter.sh/discovery]
aws_iam_role.karpenter_controller: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-controller]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0577a02acde719bff"]: Refreshing state... [id=subnet-0577a02acde719bff,karpenter.sh/discovery]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-karpenter-controller]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-controller-20260518021844404100000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module pypi-cache (arc-cbr-production) ━━━
data.terraform_remote_state.base: Reading...
aws_iam_policy.wants_collector: Refreshing state... [id=arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-pypi-wants-collector-s3]
aws_iam_policy.wheel_syncer: Refreshing state... [id=arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-pypi-wheel-syncer-s3]
aws_efs_file_system.pypi_cache: Refreshing state... [id=fs-0deb818bbf18764de]
data.terraform_remote_state.base: Read complete after 1s
aws_iam_role.efs_csi_driver: Refreshing state... [id=pytorch-arc-cbr-production-efs-csi-driver-role]
aws_iam_role.wants_collector: Refreshing state... [id=pytorch-arc-cbr-production-pypi-wants-collector-role]
aws_security_group.efs: Refreshing state... [id=sg-0979eb5e3d9d3db9f]
aws_iam_role.wheel_syncer: Refreshing state... [id=pytorch-arc-cbr-production-pypi-wheel-syncer-role]
aws_iam_role_policy_attachment.efs_csi_driver: Refreshing state... [id=pytorch-arc-cbr-production-efs-csi-driver-role-20260518023249955700000005]
aws_iam_role_policy_attachment.wants_collector: Refreshing state... [id=pytorch-arc-cbr-production-pypi-wants-collector-role-20260518023249903900000003]
aws_iam_role_policy_attachment.wheel_syncer: Refreshing state... [id=pytorch-arc-cbr-production-pypi-wheel-syncer-role-20260518023249929400000004]
aws_eks_addon.efs_csi_driver: Refreshing state... [id=pytorch-arc-cbr-production:aws-efs-csi-driver]
aws_efs_mount_target.pypi_cache["subnet-0709abbcafa23aec0"]: Refreshing state... [id=fsmt-08cd5108febbacef9]
aws_efs_mount_target.pypi_cache["subnet-0992f582e9bf2836e"]: Refreshing state... [id=fsmt-03523586bb4ff0c46]
aws_efs_mount_target.pypi_cache["subnet-0577a02acde719bff"]: Refreshing state... [id=fsmt-07d7b111b9cd6684e]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

@github-actions

github-actions Bot commented Jun 24, 2026

Copy link
Copy Markdown

tofu plan — arc-cbr-production-uw1

❌ Plan failed · commit 8963295d · run log

Plan output
Installed 1 package in 1ms
{
    "BucketArn": "arn:aws:s3:::ciforge-tfstate-arc-cbr-prod-uw1",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (arc-cbr-production-uw1) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-0121d1038d393182a]
module.eks.data.aws_caller_identity.current: Reading...
data.aws_availability_zones.available: Reading...
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-uw1-harbor-registry]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=308535385114]
data.aws_availability_zones.available: Read complete after 0s [id=us-west-1]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 1s [id=ami-07fd8394a1d58b614]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-0b3b22b995e71d8d9]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-08861bee27120b994]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0a13e7b49c841e497]

OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

OpenTofu will perform the following actions:

  # module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "ebs_csi_assume_role" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRoleWithWebIdentity",
            ]
          + effect  = "Allow"

          + condition {
              + test     = "StringEquals"
              + values   = [
                  + "sts.amazonaws.com",
                ]
              + variable = (known after apply)
            }
          + condition {
              + test     = "StringEquals"
              + values   = [
                  + "system:serviceaccount:kube-system:ebs-csi-controller-sa",
                ]
              + variable = (known after apply)
            }

          + principals {
              + identifiers = [
                  + (known after apply),
                ]
              + type        = "Federated"
            }
        }
    }

  # module.eks.data.tls_certificate.cluster[0] will be read during apply
  # (config refers to values not yet known)
 <= data "tls_certificate" "cluster" {
      + certificates = (known after apply)
      + id           = (known after apply)
      + url          = (known after apply)
    }

  # module.eks.aws_eks_access_entry.cluster_admin["osdc_gha_prod"] will be created
  + resource "aws_eks_access_entry" "cluster_admin" {
      + access_entry_arn  = (known after apply)
      + cluster_name      = "pytorch-arc-cbr-production-uw1"
      + created_at        = (known after apply)
      + id                = (known after apply)
      + kubernetes_groups = (known after apply)
      + modified_at       = (known after apply)
      + principal_arn     = "arn:aws:iam::308535385114:role/osdc_gha_prod"
      + region            = "us-west-1"
      + tags              = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all          = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + type              = "STANDARD"
      + user_name         = (known after apply)
    }

  # module.eks.aws_eks_access_policy_association.cluster_admin["osdc_gha_prod"] will be created
  + resource "aws_eks_access_policy_association" "cluster_admin" {
      + associated_at = (known after apply)
      + cluster_name  = "pytorch-arc-cbr-production-uw1"
      + id            = (known after apply)
      + modified_at   = (known after apply)
      + policy_arn    = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
      + principal_arn = "arn:aws:iam::308535385114:role/osdc_gha_prod"
      + region        = "us-west-1"

      + access_scope {
          + type = "cluster"
        }
    }

  # module.eks.aws_eks_addon.coredns will be created
  + resource "aws_eks_addon" "coredns" {
      + addon_name                  = "coredns"
      + addon_version               = "v1.13.2-eksbuild.1"
      + arn                         = (known after apply)
      + cluster_name                = "pytorch-arc-cbr-production-uw1"
      + configuration_values        = jsonencode(
            {
              + autoScaling               = {
                  + enabled = false
                }
              + podDisruptionBudget       = {
                  + maxUnavailable = 1
                }
              + replicaCount              = 6
              + tolerations               = [
                  + {
                      + effect   = "NoSchedule"
                      + key      = "CriticalAddonsOnly"
                      + operator = "Equal"
                      + value    = "true"
                    },
                ]
              + topologySpreadConstraints = [
                  + {
                      + labelSelector     = {
                          + matchLabels = {
                              + k8s-app = "kube-dns"
                            }
                        }
                      + maxSkew           = 2
                      + topologyKey       = "topology.kubernetes.io/zone"
                      + whenUnsatisfiable = "DoNotSchedule"
                    },
                  + {
                      + labelSelector     = {
                          + matchLabels = {
                              + k8s-app = "kube-dns"
                            }
                        }
                      + maxSkew           = 1
                      + topologyKey       = "kubernetes.io/hostname"
                      + whenUnsatisfiable = "ScheduleAnyway"
                    },
                ]
            }
        )
      + created_at                  = (known after apply)
      + id                          = (known after apply)
      + modified_at                 = (known after apply)
      + region                      = "us-west-1"
      + resolve_conflicts_on_update = "PRESERVE"
      + tags                        = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all                    = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
    }

  # module.eks.aws_eks_addon.ebs_csi_driver will be created
  + resource "aws_eks_addon" "ebs_csi_driver" {
      + addon_name                  = "aws-ebs-csi-driver"
      + addon_version               = (known after apply)
      + arn                         = (known after apply)
      + cluster_name                = "pytorch-arc-cbr-production-uw1"
      + configuration_values        = (known after apply)
      + created_at                  = (known after apply)
      + id                          = (known after apply)
      + modified_at                 = (known after apply)
      + region                      = "us-west-1"
      + resolve_conflicts_on_create = "OVERWRITE"
      + resolve_conflicts_on_update = "PRESERVE"
      + service_account_role_arn    = (known after apply)
      + tags                        = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all                    = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
    }

  # module.eks.aws_eks_addon.kube_proxy will be created
  + resource "aws_eks_addon" "kube_proxy" {
      + addon_name                  = "kube-proxy"
      + addon_version               = "v1.35.0-eksbuild.2"
      + arn                         = (known after apply)
      + cluster_name                = "pytorch-arc-cbr-production-uw1"
      + configuration_values        = (known after apply)
      + created_at                  = (known after apply)
      + id                          = (known after apply)
      + modified_at                 = (known after apply)
      + region                      = "us-west-1"
      + resolve_conflicts_on_update = "PRESERVE"
      + tags                        = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all                    = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
    }

  # module.eks.aws_eks_addon.vpc_cni will be created
  + resource "aws_eks_addon" "vpc_cni" {
      + addon_name                  = "vpc-cni"
      + addon_version               = "v1.21.1-eksbuild.3"
      + arn                         = (known after apply)
      + cluster_name                = "pytorch-arc-cbr-production-uw1"
      + configuration_values        = jsonencode(
            {
              + env = {
                  + ENABLE_PREFIX_DELEGATION = "true"
                  + ENABLE_V4_EGRESS         = "true"
                  + WARM_PREFIX_TARGET       = "1"
                }
            }
        )
      + created_at                  = (known after apply)
      + id                          = (known after apply)
      + modified_at                 = (known after apply)
      + region                      = "us-west-1"
      + resolve_conflicts_on_update = "PRESERVE"
      + tags                        = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all                    = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
    }

  # module.eks.aws_eks_cluster.this will be created
  + resource "aws_eks_cluster" "this" {
      + arn                           = (known after apply)
      + bootstrap_self_managed_addons = true
      + certificate_authority         = (known after apply)
      + cluster_id                    = (known after apply)
      + created_at                    = (known after apply)
      + deletion_protection           = (known after apply)
      + enabled_cluster_log_types     = [
          + "api",
          + "audit",
          + "authenticator",
          + "controllerManager",
          + "scheduler",
        ]
      + endpoint                      = (known after apply)
      + id                            = (known after apply)
      + identity                      = (known after apply)
      + name                          = "pytorch-arc-cbr-production-uw1"
      + platform_version              = (known after apply)
      + region                        = "us-west-1"
      + role_arn                      = (known after apply)
      + status                        = (known after apply)
      + tags                          = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Name"    = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all                      = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Name"      = "pytorch-arc-cbr-production-uw1"
          + "Project"   = "ciforge"
        }
      + version                       = "1.35"

      + access_config {
          + authentication_mode                         = "API_AND_CONFIG_MAP"
          + bootstrap_cluster_creator_admin_permissions = true
        }

      + encryption_config {
          + resources = [
              + "secrets",
            ]

          + provider {
              + key_arn = (known after apply)
            }
        }

      + kubernetes_network_config {
          + ip_family         = "ipv6"
          + service_ipv4_cidr = (known after apply)
          + service_ipv6_cidr = (known after apply)
        }

      + vpc_config {
          + cluster_security_group_id = (known after apply)
          + control_plane_egress_mode = (known after apply)
          + endpoint_private_access   = true
          + endpoint_public_access    = true
          + public_access_cidrs       = [
              + "0.0.0.0/0",
            ]
          + subnet_ids                = [
              + "subnet-08861bee27120b994",
              + "subnet-0a13e7b49c841e497",
            ]
          + vpc_id                    = (known after apply)
        }
    }

  # module.eks.aws_eks_node_group.base will be created
  + resource "aws_eks_node_group" "base" {
      + ami_type               = (known after apply)
      + arn                    = (known after apply)
      + capacity_type          = "ON_DEMAND"
      + cluster_name           = "pytorch-arc-cbr-production-uw1"
      + disk_size              = (known after apply)
      + force_update_version   = true
      + id                     = (known after apply)
      + instance_types         = [
          + "m7i.12xlarge",
        ]
      + labels                 = {
          + "node.kubernetes.io/lifecycle" = "on-demand"
          + "role"                         = "base-infrastructure"
        }
      + node_group_name        = "pytorch-arc-cbr-production-uw1-base-nodes"
      + node_group_name_prefix = (known after apply)
      + node_role_arn          = (known after apply)
      + region                 = "us-west-1"
      + release_version        = (known after apply)
      + resources              = (known after apply)
      + status                 = (known after apply)
      + subnet_ids             = [
          + "subnet-08861bee27120b994",
          + "subnet-0a13e7b49c841e497",
        ]
      + tags                   = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Name"    = "pytorch-arc-cbr-production-uw1-base-nodes"
          + "Project" = "ciforge"
          + "Type"    = "base-infrastructure"
        }
      + tags_all               = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Name"      = "pytorch-arc-cbr-production-uw1-base-nodes"
          + "Project"   = "ciforge"
          + "Type"      = "base-infrastructure"
        }
      + version                = (known after apply)

      + launch_template {
          + id      = (known after apply)
          + name    = (known after apply)
          + version = (known after apply)
        }

      + scaling_config {
          + desired_size = 6
          + max_size     = 6
          + min_size     = 6
        }

      + taint {
          + effect = "NO_SCHEDULE"
          + key    = "CriticalAddonsOnly"
          + value  = "true"
        }

      + timeouts {
          + create = "15m"
          + delete = "10m"
          + update = "15m"
        }

      + update_config {
          + max_unavailable_percentage = 33
        }
    }

  # module.eks.aws_iam_openid_connect_provider.cluster[0] will be created
  + resource "aws_iam_openid_connect_provider" "cluster" {
      + arn             = (known after apply)
      + client_id_list  = [
          + "sts.amazonaws.com",
        ]
      + id              = (known after apply)
      + tags            = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all        = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + thumbprint_list = (known after apply)
      + url             = (known after apply)
    }

  # module.eks.aws_iam_role.cluster will be created
  + resource "aws_iam_role" "cluster" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "eks.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "pytorch-arc-cbr-production-uw1-cluster-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all              = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + unique_id             = (known after apply)
    }

  # module.eks.aws_iam_role.ebs_csi_driver[0] will be created
  + resource "aws_iam_role" "ebs_csi_driver" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "pytorch-arc-cbr-production-uw1-ebs-csi-driver-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all              = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + unique_id             = (known after apply)
    }

  # module.eks.aws_iam_role.node will be created
  + resource "aws_iam_role" "node" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ec2.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "pytorch-arc-cbr-production-uw1-node-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all              = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + unique_id             = (known after apply)
    }

  # module.eks.aws_iam_role_policy.node_cni_ipv6 will be created
  + resource "aws_iam_role_policy" "node_cni_ipv6" {
      + id          = (known after apply)
      + name        = "pytorch-arc-cbr-production-uw1-node-cni-ipv6"
      + name_prefix = (known after apply)
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "ec2:AssignIpv6Addresses",
                          + "ec2:DescribeNetworkInterfaces",
                          + "ec2:DescribeInstances",
                          + "ec2:DescribeInstanceTypes",
                          + "ec2:DescribeTags",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                    },
                  + {
                      + Action   = "ec2:CreateTags"
                      + Effect   = "Allow"
                      + Resource = "arn:aws:ec2:*:*:network-interface/*"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + role        = (known after apply)
    }

  # module.eks.aws_iam_role_policy_attachment.cluster_policy will be created
  + resource "aws_iam_role_policy_attachment" "cluster_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
      + role       = "pytorch-arc-cbr-production-uw1-cluster-role"
    }

  # module.eks.aws_iam_role_policy_attachment.cni_policy will be created
  + resource "aws_iam_role_policy_attachment" "cni_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
      + role       = "pytorch-arc-cbr-production-uw1-node-role"
    }

  # module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0] will be created
  + resource "aws_iam_role_policy_attachment" "ebs_csi_driver" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
      + role       = "pytorch-arc-cbr-production-uw1-ebs-csi-driver-role"
    }

  # module.eks.aws_iam_role_policy_attachment.ecr_policy will be created
  + resource "aws_iam_role_policy_attachment" "ecr_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
      + role       = "pytorch-arc-cbr-production-uw1-node-role"
    }

  # module.eks.aws_iam_role_policy_attachment.node_policy will be created
  + resource "aws_iam_role_policy_attachment" "node_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
      + role       = "pytorch-arc-cbr-production-uw1-node-role"
    }

  # module.eks.aws_iam_role_policy_attachment.ssm_policy will be created
  + resource "aws_iam_role_policy_attachment" "ssm_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
      + role       = "pytorch-arc-cbr-production-uw1-node-role"
    }

  # module.eks.aws_iam_role_policy_attachment.vpc_resource_controller will be created
  + resource "aws_iam_role_policy_attachment" "vpc_resource_controller" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
      + role       = "pytorch-arc-cbr-production-uw1-cluster-role"
    }

  # module.eks.aws_kms_alias.eks_secrets[0] will be created
  + resource "aws_kms_alias" "eks_secrets" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/pytorch-arc-cbr-production-uw1-eks-secrets"
      + name_prefix    = (known after apply)
      + region         = "us-west-1"
      + target_key_arn = (known after apply)
      + target_key_id  = (known after apply)
    }

  # module.eks.aws_kms_key.eks_secrets[0] will be created
  + resource "aws_kms_key" "eks_secrets" {
      + arn                                = (known after apply)
      + bypass_policy_lockout_safety_check = false
      + customer_master_key_spec           = "SYMMETRIC_DEFAULT"
      + deletion_window_in_days            = 30
      + description                        = "KMS key for EKS secrets encryption - pytorch-arc-cbr-production-uw1"
      + enable_key_rotation                = true
      + id                                 = (known after apply)
      + is_enabled                         = true
      + key_id                             = (known after apply)
      + key_usage                          = "ENCRYPT_DECRYPT"
      + multi_region                       = (known after apply)
      + policy                             = (known after apply)
      + region                             = "us-west-1"
      + rotation_period_in_days            = (known after apply)
      + tags                               = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Name"    = "pytorch-arc-cbr-production-uw1-eks-secrets"
          + "Project" = "ciforge"
        }
      + tags_all                           = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Name"      = "pytorch-arc-cbr-production-uw1-eks-secrets"
          + "Project"   = "ciforge"
        }
    }

  # module.eks.aws_launch_template.base will be created
  + resource "aws_launch_template" "base" {
      + arn             = (known after apply)
      + default_version = (known after apply)
      + id              = (known after apply)
      + image_id        = "ami-07fd8394a1d58b614"
      + latest_version  = (known after apply)
      + name            = (known after apply)
      + name_prefix     = "pytorch-arc-cbr-production-uw1-base-"
      + region          = "us-west-1"
      + tags            = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all        = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + user_data       = (known after apply)

      + block_device_mappings {
          + device_name = "/dev/xvda"

          + ebs {
              + delete_on_termination      = "true"
              + encrypted                  = "true"
              + iops                       = 3000
              + throughput                 = 125
              + volume_initialization_rate = (known after apply)
              + volume_size                = 100
              + volume_type                = "gp3"
            }
        }

      + metadata_options {
          + http_endpoint               = "enabled"
          + http_protocol_ipv6          = "enabled"
          + http_put_response_hop_limit = 1
          + http_tokens                 = "required"
          + instance_metadata_tags      = (known after apply)
        }

      + tag_specifications {
          + resource_type = "instance"
          + tags          = {
              + "Cluster" = "pytorch-arc-cbr-production-uw1"
              + "Name"    = "pytorch-arc-cbr-production-uw1-base-node"
              + "Project" = "ciforge"
              + "Type"    = "base-infrastructure"
            }
        }
    }

  # module.harbor.aws_iam_access_key.harbor_s3 will be created
  + resource "aws_iam_access_key" "harbor_s3" {
      + create_date                    = (known after apply)
      + encrypted_secret               = (known after apply)
      + encrypted_ses_smtp_password_v4 = (known after apply)
      + id                             = (known after apply)
      + key_fingerprint                = (known after apply)
      + secret                         = (sensitive value)
      + ses_smtp_password_v4           = (sensitive value)
      + status                         = "Active"
      + user                           = "pytorch-arc-cbr-production-uw1-harbor-s3"
    }

  # module.harbor.aws_iam_policy.harbor_registry will be created
  + resource "aws_iam_policy" "harbor_registry" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Harbor registry S3 access for pytorch-arc-cbr-production-uw1"
      + id               = (known after apply)
      + name             = "pytorch-arc-cbr-production-uw1-harbor-registry"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "s3:ListBucket",
                          + "s3:GetBucketLocation",
                          + "s3:ListBucketMultipartUploads",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:s3:::pytorch-arc-cbr-production-uw1-harbor-registry"
                      + Sid      = "AllowS3BucketAccess"
                    },
                  + {
                      + Action   = [
                          + "s3:GetObject",
                          + "s3:PutObject",
                          + "s3:DeleteObject",
                          + "s3:ListMultipartUploadParts",
                          + "s3:AbortMultipartUpload",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:s3:::pytorch-arc-cbr-production-uw1-harbor-registry/*"
                      + Sid      = "AllowS3ObjectAccess"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + policy_id        = (known after apply)
      + tags             = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all         = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
    }

  # module.harbor.aws_iam_role.harbor_registry will be created
  + resource "aws_iam_role" "harbor_registry" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "pytorch-arc-cbr-production-uw1-harbor-registry"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all              = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + unique_id             = (known after apply)
    }

  # module.harbor.aws_iam_role_policy_attachment.harbor_registry will be created
  + resource "aws_iam_role_policy_attachment" "harbor_registry" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "pytorch-arc-cbr-production-uw1-harbor-registry"
    }

  # module.harbor.aws_iam_user.harbor_s3 will be created
  + resource "aws_iam_user" "harbor_s3" {
      + arn           = (known after apply)
      + force_destroy = false
      + id            = (known after apply)
      + name          = "pytorch-arc-cbr-production-uw1-harbor-s3"
      + path          = "/"
      + tags          = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all      = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + unique_id     = (known after apply)
    }

  # module.harbor.aws_iam_user_policy_attachment.harbor_s3 will be created
  + resource "aws_iam_user_policy_attachment" "harbor_s3" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + user       = "pytorch-arc-cbr-production-uw1-harbor-s3"
    }

  # module.harbor.aws_s3_bucket_public_access_block.harbor_registry will be created
  + resource "aws_s3_bucket_public_access_block" "harbor_registry" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = "pytorch-arc-cbr-production-uw1-harbor-registry"
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + region                  = "us-west-1"
      + restrict_public_buckets = true
    }

  # module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry will be created
  + resource "aws_s3_bucket_server_side_encryption_configuration" "harbor_registry" {
      + bucket = "pytorch-arc-cbr-production-uw1-harbor-registry"
      + id     = (known after apply)
      + region = "us-west-1"

      + rule {
          + blocked_encryption_types = (known after apply)
          + bucket_key_enabled       = (known after apply)

          + apply_server_side_encryption_by_default {
              + kms_master_key_id = (known after apply)
              + sse_algorithm     = "AES256"
            }
        }
    }

  # module.vpc.aws_egress_only_internet_gateway.this will be created
  + resource "aws_egress_only_internet_gateway" "this" {
      + id       = (known after apply)
      + region   = "us-west-1"
      + tags     = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + vpc_id   = "vpc-0121d1038d393182a"
    }

  # module.vpc.aws_eip.nat[0] will be created
  + resource "aws_eip" "nat" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat[1] will be created
  + resource "aws_eip" "nat" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-0"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-0"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-0"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-1"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-2"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-3"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-3"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-3"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-4"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-4"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-4"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-5"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-5"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-5"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-6"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-6"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-6"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1c-0"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-0"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-0"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1c-1"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1c-2"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1c-3"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-3"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-3"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1c-4"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (kno
... (truncated — see workflow logs for full plan)

@github-actions

github-actions Bot commented Jun 24, 2026

Copy link
Copy Markdown

tofu plan — meta-prod-aws-ue1

✅ Plan succeeded · commit a1434136 · run log

Plan output
Installed 1 package in 2ms
{
    "BucketArn": "arn:aws:s3:::ciforge-tfstate-arc-cbr-prod-ue1",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (meta-prod-aws-ue1) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


module.eks.data.aws_caller_identity.current: Reading...
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=03f0ec26-a6da-43fa-b637-0f60858b706f]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=meta-prod-aws-ue1-harbor-registry]
module.eks.aws_iam_role.cluster: Refreshing state... [id=meta-prod-aws-ue1-cluster-role]
module.eks.aws_iam_role.node: Refreshing state... [id=meta-prod-aws-ue1-node-role]
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-046818728dce02486]
module.eks.data.aws_ami.eks_optimized_al2023: Reading...
data.aws_availability_zones.available: Reading...
module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=meta-prod-aws-ue1-harbor-s3]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=308535385114]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAUPVRELQNOISM5G6N]
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/meta-prod-aws-ue1-eks-secrets]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=meta-prod-aws-ue1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=meta-prod-aws-ue1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=meta-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=meta-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=meta-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=meta-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=meta-prod-aws-ue1-node-role:meta-prod-aws-ue1-node-cni-ipv6]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 1s [id=ami-0dafeb02304897431]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=meta-prod-aws-ue1-harbor-registry]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-ue1-harbor-registry]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=meta-prod-aws-ue1-harbor-registry]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=meta-prod-aws-ue1-harbor-s3/arn:aws:iam::308535385114:policy/meta-prod-aws-ue1-harbor-registry]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-04023bafa7a35ed32]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-0cf3d9cf37ee998b6]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-092d6ffaad52de297]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-0c54492cc83f6a297]
module.vpc.aws_eip.nat[2]: Refreshing state... [id=eipalloc-0e51c52fc16722bf1]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-02e910dda876f6868]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-07f0242f48547edf9]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0b79a2a6a8c2d4c93]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0d65ec2dd49f0d87c]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0348c5058db524cd2]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-0c553a216ffcfbc6e]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-02ce11d6646870431]
module.vpc.aws_eip.nat_secondary["us-east-1b-2"]: Refreshing state... [id=eipalloc-082b7b67fc91bddea]
module.vpc.aws_eip.nat_secondary["us-east-1c-4"]: Refreshing state... [id=eipalloc-08c22d102baccc560]
module.vpc.aws_eip.nat_secondary["us-east-1a-6"]: Refreshing state... [id=eipalloc-0f4b7b7794e7ddcab]
module.vpc.aws_eip.nat_secondary["us-east-1a-0"]: Refreshing state... [id=eipalloc-0b13ecc2db20a0a08]
module.vpc.aws_eip.nat_secondary["us-east-1c-2"]: Refreshing state... [id=eipalloc-07835c4a6798d0cba]
module.vpc.aws_eip.nat_secondary["us-east-1c-1"]: Refreshing state... [id=eipalloc-0f0532f5d59cb48d4]
module.vpc.aws_eip.nat_secondary["us-east-1b-3"]: Refreshing state... [id=eipalloc-080f1de6aadf86bfe]
module.vpc.aws_eip.nat_secondary["us-east-1c-0"]: Refreshing state... [id=eipalloc-04e4ed5d389da6ee8]
module.vpc.aws_eip.nat_secondary["us-east-1a-3"]: Refreshing state... [id=eipalloc-01fe44e4ddcf970a4]
module.vpc.aws_eip.nat_secondary["us-east-1a-2"]: Refreshing state... [id=eipalloc-085f1255da01c4a74]
module.vpc.aws_eip.nat_secondary["us-east-1c-6"]: Refreshing state... [id=eipalloc-0cfb63f74c1bfe868]
module.vpc.aws_eip.nat_secondary["us-east-1c-3"]: Refreshing state... [id=eipalloc-0345e227c85668435]
module.vpc.aws_eip.nat_secondary["us-east-1c-5"]: Refreshing state... [id=eipalloc-08b6b96db8427fe7c]
module.vpc.aws_eip.nat_secondary["us-east-1a-5"]: Refreshing state... [id=eipalloc-0b1c40b234bf34782]
module.vpc.aws_eip.nat_secondary["us-east-1b-5"]: Refreshing state... [id=eipalloc-0891e3c936177ca1f]
module.vpc.aws_eip.nat_secondary["us-east-1b-6"]: Refreshing state... [id=eipalloc-0626688dd96fd72b1]
module.vpc.aws_eip.nat_secondary["us-east-1b-0"]: Refreshing state... [id=eipalloc-0d3046f70c5e06703]
module.vpc.aws_eip.nat_secondary["us-east-1a-1"]: Refreshing state... [id=eipalloc-04d8d726f10c423a7]
module.vpc.aws_eip.nat_secondary["us-east-1b-4"]: Refreshing state... [id=eipalloc-033e293e0db093eb5]
module.vpc.aws_eip.nat_secondary["us-east-1a-4"]: Refreshing state... [id=eipalloc-00b67915425a445ad]
module.vpc.aws_eip.nat_secondary["us-east-1b-1"]: Refreshing state... [id=eipalloc-0d7540e64f41d03ed]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-002be7d0c2cd21897]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-0092c387bef531804]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-0ec09f9cebd9e03d7]
module.eks.aws_eks_cluster.this: Refreshing state... [id=meta-prod-aws-ue1]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-0017452213c04953c]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-051257023fad95bd5]
module.vpc.aws_nat_gateway.this[2]: Refreshing state... [id=nat-017b6d671f099d80b]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-08bf0f3dfffae56cd]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-01284f97ba53d4b6a]
module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-010e846a3ffc4e7f9]
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=meta-prod-aws-ue1:kube-proxy]
module.eks.aws_eks_access_entry.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-ue1:arn:aws:iam::308535385114:role/osdc_gha_prod]
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=meta-prod-aws-ue1:vpc-cni]
module.eks.aws_launch_template.base: Refreshing state... [id=lt-010f6dcef487af1c3]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0ec9f3350a410730f]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-016c3961a7fb4ded9]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-08adf22b49bcc40a4]
module.eks.data.tls_certificate.cluster[0]: Read complete after 1s [id=b1b539daa206035ae3c3e28288b0681fa1b462f3]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::308535385114:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/B24010B528DA0FC03A2C455E74946D6B]
module.eks.aws_eks_node_group.base: Refreshing state... [id=meta-prod-aws-ue1:meta-prod-aws-ue1-base-nodes]
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=meta-prod-aws-ue1-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=4151242138]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-ue1-ebs-csi-driver-role]
module.eks.aws_eks_access_policy_association.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-ue1#arn:aws:iam::308535385114:role/osdc_gha_prod#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=meta-prod-aws-ue1:coredns]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=meta-prod-aws-ue1-harbor-registry/arn:aws:iam::308535385114:policy/meta-prod-aws-ue1-harbor-registry]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-ue1-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=meta-prod-aws-ue1:aws-ebs-csi-driver]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module karpenter (meta-prod-aws-ue1) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=meta-prod-aws-ue1-karpenter-rebalance]
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=meta-prod-aws-ue1-karpenter-spot-interruption]
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=meta-prod-aws-ue1-karpenter-scheduled-change]
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=meta-prod-aws-ue1-karpenter-instance-state-change]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-east-1.amazonaws.com/308535385114/meta-prod-aws-ue1-karpenter]
data.terraform_remote_state.base: Read complete after 0s
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-016f4a0d209f3e4a9,karpenter.sh/discovery]
aws_iam_role.karpenter_controller: Refreshing state... [id=meta-prod-aws-ue1-karpenter-controller]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0348c5058db524cd2"]: Refreshing state... [id=subnet-0348c5058db524cd2,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0d65ec2dd49f0d87c"]: Refreshing state... [id=subnet-0d65ec2dd49f0d87c,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-02ce11d6646870431"]: Refreshing state... [id=subnet-02ce11d6646870431,karpenter.sh/discovery]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-east-1.amazonaws.com/308535385114/meta-prod-aws-ue1-karpenter]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-ue1-karpenter-controller]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=meta-prod-aws-ue1-karpenter-instance-state-change-KarpenterInstanceStateChange]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=meta-prod-aws-ue1-karpenter-rebalance-KarpenterRebalance]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=meta-prod-aws-ue1-karpenter-scheduled-change-KarpenterScheduledChange]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=meta-prod-aws-ue1-karpenter-spot-interruption-KarpenterSpotInterruption]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=meta-prod-aws-ue1-karpenter-controller-20260627083405030800000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

@github-actions

github-actions Bot commented Jun 24, 2026

Copy link
Copy Markdown

tofu plan — lf-prod-aws-ue1

✅ Plan succeeded · commit a1434136 · run log

Plan output
Installed 1 package in 2ms
{
    "BucketArn": "arn:aws:s3:::lf-osdc-tfstate-prod-ue1",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (lf-prod-aws-ue1) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


module.eks.data.aws_caller_identity.current: Reading...
data.aws_availability_zones.available: Reading...
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-06f350eae88f37700]
module.eks.aws_iam_role.cluster: Refreshing state... [id=lf-prod-aws-ue1-cluster-role]
module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=lf-prod-aws-ue1-harbor-s3]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=lf-prod-aws-ue1-harbor-registry]
module.eks.aws_iam_role.node: Refreshing state... [id=lf-prod-aws-ue1-node-role]
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=e5e45db6-94ad-4dfd-8a1a-213730256a9c]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=391835788720]
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/lf-prod-aws-ue1-eks-secrets]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAVWOZ3UWYJZNKMI7G]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=lf-prod-aws-ue1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=lf-prod-aws-ue1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=lf-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=lf-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=lf-prod-aws-ue1-node-role:lf-prod-aws-ue1-node-cni-ipv6]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=lf-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=lf-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 0s [id=ami-0dafeb02304897431]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::391835788720:policy/lf-prod-aws-ue1-harbor-registry]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=lf-prod-aws-ue1-harbor-registry]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=lf-prod-aws-ue1-harbor-registry]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=lf-prod-aws-ue1-harbor-s3/arn:aws:iam::391835788720:policy/lf-prod-aws-ue1-harbor-registry]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-089c5123e6da8d43c]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-03548aa6de237de4c]
module.vpc.aws_eip.nat[2]: Refreshing state... [id=eipalloc-0fe9cf01a4661b360]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-0f16b1a5ecd405405]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-051217c40b1d02b3a]
module.vpc.aws_eip.nat_secondary["us-east-1c-4"]: Refreshing state... [id=eipalloc-0db3b4c44cbf47d5a]
module.vpc.aws_eip.nat_secondary["us-east-1c-3"]: Refreshing state... [id=eipalloc-03ec1105bba33668b]
module.vpc.aws_eip.nat_secondary["us-east-1a-2"]: Refreshing state... [id=eipalloc-0625b097098b1ac2a]
module.vpc.aws_eip.nat_secondary["us-east-1a-4"]: Refreshing state... [id=eipalloc-0581e7f2f8194266e]
module.vpc.aws_eip.nat_secondary["us-east-1c-5"]: Refreshing state... [id=eipalloc-07612f4e715e508ae]
module.vpc.aws_eip.nat_secondary["us-east-1a-1"]: Refreshing state... [id=eipalloc-034348675ffacd849]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-087f338c446cffe5d]
module.vpc.aws_eip.nat_secondary["us-east-1c-2"]: Refreshing state... [id=eipalloc-0a4874208e55dfb7b]
module.vpc.aws_eip.nat_secondary["us-east-1c-6"]: Refreshing state... [id=eipalloc-088384cdd02d04bce]
module.vpc.aws_eip.nat_secondary["us-east-1c-1"]: Refreshing state... [id=eipalloc-01b2275a4f494fe58]
module.vpc.aws_eip.nat_secondary["us-east-1b-0"]: Refreshing state... [id=eipalloc-0533e7098b8548fda]
module.vpc.aws_eip.nat_secondary["us-east-1a-3"]: Refreshing state... [id=eipalloc-01a2c9bf10e45099b]
module.vpc.aws_eip.nat_secondary["us-east-1a-0"]: Refreshing state... [id=eipalloc-03131d115b478f7c3]
module.vpc.aws_eip.nat_secondary["us-east-1b-6"]: Refreshing state... [id=eipalloc-085e43aacdd3b5c5f]
module.vpc.aws_eip.nat_secondary["us-east-1a-6"]: Refreshing state... [id=eipalloc-046fa83874bde66b5]
module.vpc.aws_eip.nat_secondary["us-east-1b-4"]: Refreshing state... [id=eipalloc-0bd28bd3991297f4a]
module.vpc.aws_eip.nat_secondary["us-east-1b-3"]: Refreshing state... [id=eipalloc-042e254711d0d3dda]
module.vpc.aws_eip.nat_secondary["us-east-1c-0"]: Refreshing state... [id=eipalloc-051a8792e8dad6c5b]
module.vpc.aws_eip.nat_secondary["us-east-1b-2"]: Refreshing state... [id=eipalloc-0c66936151cceca74]
module.vpc.aws_eip.nat_secondary["us-east-1b-5"]: Refreshing state... [id=eipalloc-00cd91c376a1f197d]
module.vpc.aws_eip.nat_secondary["us-east-1a-5"]: Refreshing state... [id=eipalloc-0936080d9155a0306]
module.vpc.aws_eip.nat_secondary["us-east-1b-1"]: Refreshing state... [id=eipalloc-0f13b0cd68a133531]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-07234379e7833a398]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0fa332056910f46b2]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-01ca3df6137b445c0]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0afe958a38da9f46c]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-06e680510bc45584b]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0f7184dc74425b3ca]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-025956fd021d43094]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-0a6049a78a7428383]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-025d5eab2da94f8e6]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-09c6f66e50dce1835]
module.vpc.aws_nat_gateway.this[2]: Refreshing state... [id=nat-0cf871626838e4133]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-0d0e9d964d1cd8a9e]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-0264db606b7f24bb6]
module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-027811d9ba750a284]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-02536bbe724eaaa2f]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0c6e77db648d5279c]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-00cd583d71292870b]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-009170e5cc902aa3e]
module.eks.aws_eks_cluster.this: Refreshing state... [id=lf-prod-aws-ue1]
module.eks.aws_eks_access_entry.cluster_admin["lf_osdc_admin"]: Refreshing state... [id=lf-prod-aws-ue1:arn:aws:iam::391835788720:role/lf_osdc_admin]
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=lf-prod-aws-ue1:kube-proxy]
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=lf-prod-aws-ue1:vpc-cni]
module.eks.aws_launch_template.base: Refreshing state... [id=lt-0e3be05a985acc61c]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.eks.data.tls_certificate.cluster[0]: Read complete after 0s [id=b1b539daa206035ae3c3e28288b0681fa1b462f3]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::391835788720:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/E8EF4A6C55DB9699E53A54DA444C21A3]
module.eks.aws_eks_node_group.base: Refreshing state... [id=lf-prod-aws-ue1:lf-prod-aws-ue1-base-nodes]
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=lf-prod-aws-ue1-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=717515682]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=lf-prod-aws-ue1-ebs-csi-driver-role]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=lf-prod-aws-ue1-harbor-registry/arn:aws:iam::391835788720:policy/lf-prod-aws-ue1-harbor-registry]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=lf-prod-aws-ue1-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=lf-prod-aws-ue1:coredns]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=lf-prod-aws-ue1:aws-ebs-csi-driver]
module.eks.aws_eks_access_policy_association.cluster_admin["lf_osdc_admin"]: Refreshing state... [id=lf-prod-aws-ue1#arn:aws:iam::391835788720:role/lf_osdc_admin#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module karpenter (lf-prod-aws-ue1) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=lf-prod-aws-ue1-karpenter-spot-interruption]
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=lf-prod-aws-ue1-karpenter-instance-state-change]
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=lf-prod-aws-ue1-karpenter-scheduled-change]
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=lf-prod-aws-ue1-karpenter-rebalance]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-east-1.amazonaws.com/391835788720/lf-prod-aws-ue1-karpenter]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-east-1.amazonaws.com/391835788720/lf-prod-aws-ue1-karpenter]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=lf-prod-aws-ue1-karpenter-spot-interruption-KarpenterSpotInterruption]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=lf-prod-aws-ue1-karpenter-scheduled-change-KarpenterScheduledChange]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=lf-prod-aws-ue1-karpenter-instance-state-change-KarpenterInstanceStateChange]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=lf-prod-aws-ue1-karpenter-rebalance-KarpenterRebalance]
data.terraform_remote_state.base: Read complete after 1s
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-07a769a5e8a93a444,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-07234379e7833a398"]: Refreshing state... [id=subnet-07234379e7833a398,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0fa332056910f46b2"]: Refreshing state... [id=subnet-0fa332056910f46b2,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-01ca3df6137b445c0"]: Refreshing state... [id=subnet-01ca3df6137b445c0,karpenter.sh/discovery]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::391835788720:policy/lf-prod-aws-ue1-karpenter-controller]
aws_iam_role.karpenter_controller: Refreshing state... [id=lf-prod-aws-ue1-karpenter-controller]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=lf-prod-aws-ue1-karpenter-controller-20260605165913470400000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

@github-actions

github-actions Bot commented Jun 24, 2026

Copy link
Copy Markdown

tofu plan — lf-prod-aws-ue2

✅ Plan succeeded · commit 693b84af · run log

Plan output
Installed 1 package in 2ms
{
    "BucketArn": "arn:aws:s3:::lf-osdc-tfstate-prod-ue2",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (lf-prod-aws-ue2) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


module.vpc.aws_vpc.this: Refreshing state... [id=vpc-0f7d54e3accfbe3e4]
module.eks.aws_iam_role.node: Refreshing state... [id=lf-prod-aws-ue2-node-role]
data.aws_availability_zones.available: Reading...
module.eks.aws_iam_role.cluster: Refreshing state... [id=lf-prod-aws-ue2-cluster-role]
module.eks.data.aws_caller_identity.current: Reading...
module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=lf-prod-aws-ue2-harbor-s3]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=lf-prod-aws-ue2-harbor-registry]
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=27a9b8e9-2509-43ce-ac8e-cfc320b65fe2]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=391835788720]
data.aws_availability_zones.available: Read complete after 1s [id=us-east-2]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAVWOZ3UWYMGG4LIHB]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/lf-prod-aws-ue2-eks-secrets]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=lf-prod-aws-ue2-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=lf-prod-aws-ue2-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 1s [id=ami-009f1fe7d56695348]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=lf-prod-aws-ue2-node-role:lf-prod-aws-ue2-node-cni-ipv6]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=lf-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=lf-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=lf-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=lf-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-042c4d31ed557eaa4]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-061f8f7ac8b40d720]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-0508ab6e3db7ccf08]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0e53846501278171e]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-080bfdf02da937445]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-016d460df617c0e2c]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-08c041a7cb9147705]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-06a9b2e4ea40968b6]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-0e0efd2a8ef20d72e]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0515848329e5dc53a]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0ae8d251d3a0336ca]
module.vpc.aws_eip.nat[2]: Refreshing state... [id=eipalloc-079ed57d9de06fd9b]
module.vpc.aws_eip.nat_secondary["us-east-2a-3"]: Refreshing state... [id=eipalloc-0737f1fdf35a0f975]
module.vpc.aws_eip.nat_secondary["us-east-2b-4"]: Refreshing state... [id=eipalloc-08683a31d5967bff6]
module.vpc.aws_eip.nat_secondary["us-east-2a-0"]: Refreshing state... [id=eipalloc-0a9078e90b80cc1de]
module.vpc.aws_eip.nat_secondary["us-east-2b-0"]: Refreshing state... [id=eipalloc-055182abe5c634ddc]
module.vpc.aws_eip.nat_secondary["us-east-2c-2"]: Refreshing state... [id=eipalloc-08e66df79eddc18b5]
module.vpc.aws_eip.nat_secondary["us-east-2b-2"]: Refreshing state... [id=eipalloc-0403ed9359182b72c]
module.vpc.aws_eip.nat_secondary["us-east-2a-4"]: Refreshing state... [id=eipalloc-0bd8a5e170892bb0b]
module.vpc.aws_eip.nat_secondary["us-east-2c-6"]: Refreshing state... [id=eipalloc-057df768d859ed17e]
module.vpc.aws_eip.nat_secondary["us-east-2a-5"]: Refreshing state... [id=eipalloc-095865342b4c692ac]
module.vpc.aws_eip.nat_secondary["us-east-2b-3"]: Refreshing state... [id=eipalloc-0b95441aa4e161db2]
module.vpc.aws_eip.nat_secondary["us-east-2b-1"]: Refreshing state... [id=eipalloc-0c8d74e3dcfb2dad0]
module.vpc.aws_eip.nat_secondary["us-east-2c-0"]: Refreshing state... [id=eipalloc-09bd4b74b1a8ca6ac]
module.vpc.aws_eip.nat_secondary["us-east-2c-5"]: Refreshing state... [id=eipalloc-06c020042f283554a]
module.vpc.aws_eip.nat_secondary["us-east-2a-2"]: Refreshing state... [id=eipalloc-0e53d306d25151b0e]
module.vpc.aws_eip.nat_secondary["us-east-2b-6"]: Refreshing state... [id=eipalloc-09c38605941dbbaac]
module.vpc.aws_eip.nat_secondary["us-east-2c-3"]: Refreshing state... [id=eipalloc-04d97b3aec8f5fb8a]
module.vpc.aws_eip.nat_secondary["us-east-2c-4"]: Refreshing state... [id=eipalloc-005e21ac878c4db34]
module.vpc.aws_eip.nat_secondary["us-east-2b-5"]: Refreshing state... [id=eipalloc-06f0755f7542d77fa]
module.vpc.aws_eip.nat_secondary["us-east-2a-1"]: Refreshing state... [id=eipalloc-0a90e8e5b75a3fe45]
module.vpc.aws_eip.nat_secondary["us-east-2c-1"]: Refreshing state... [id=eipalloc-0241d507f34cdb0b5]
module.vpc.aws_eip.nat_secondary["us-east-2a-6"]: Refreshing state... [id=eipalloc-077cbc910a56d08fd]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=lf-prod-aws-ue2-harbor-registry]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::391835788720:policy/lf-prod-aws-ue2-harbor-registry]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=lf-prod-aws-ue2-harbor-registry]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-028a6f03785f6bca2]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-0d0f31615161dab0f]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-005f847cdca1f2143]
module.eks.aws_eks_cluster.this: Refreshing state... [id=lf-prod-aws-ue2]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=lf-prod-aws-ue2-harbor-s3/arn:aws:iam::391835788720:policy/lf-prod-aws-ue2-harbor-registry]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-0288194135c91a55d]
module.vpc.aws_nat_gateway.this[2]: Refreshing state... [id=nat-0caff297f1b93f0c7]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-095cd56cd812b4931]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-0ce64842bfadf32b0]
module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-0d7230758d05b4f20]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-0d0497dd1d2a111f5]
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=lf-prod-aws-ue2:kube-proxy]
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=lf-prod-aws-ue2:vpc-cni]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.eks.aws_launch_template.base: Refreshing state... [id=lt-062d0b42e1b1ca1af]
module.eks.aws_eks_access_entry.cluster_admin["lf_osdc_admin"]: Refreshing state... [id=lf-prod-aws-ue2:arn:aws:iam::391835788720:role/lf_osdc_admin]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0feb6707491379e22]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-05de05c204a439484]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0cbaf74e1bd57a865]
module.eks.aws_eks_node_group.base: Refreshing state... [id=lf-prod-aws-ue2:lf-prod-aws-ue2-base-nodes]
module.eks.data.tls_certificate.cluster[0]: Read complete after 0s [id=033a163afb2babc26f7883e642621ac361c93d61]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::391835788720:oidc-provider/oidc.eks.us-east-2.amazonaws.com/id/43EEAC690CC76E15781134A4FC06EDCE]
module.eks.aws_eks_access_policy_association.cluster_admin["lf_osdc_admin"]: Refreshing state... [id=lf-prod-aws-ue2#arn:aws:iam::391835788720:role/lf_osdc_admin#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=lf-prod-aws-ue2-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=796338164]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=lf-prod-aws-ue2-ebs-csi-driver-role]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=lf-prod-aws-ue2:coredns]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=lf-prod-aws-ue2-harbor-registry/arn:aws:iam::391835788720:policy/lf-prod-aws-ue2-harbor-registry]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=lf-prod-aws-ue2-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=lf-prod-aws-ue2:aws-ebs-csi-driver]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module karpenter (lf-prod-aws-ue2) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=lf-prod-aws-ue2-karpenter-spot-interruption]
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=lf-prod-aws-ue2-karpenter-rebalance]
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=lf-prod-aws-ue2-karpenter-scheduled-change]
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=lf-prod-aws-ue2-karpenter-instance-state-change]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/391835788720/lf-prod-aws-ue2-karpenter]
data.terraform_remote_state.base: Read complete after 0s
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-06c1f2ed8ffb1ddfa,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-06a9b2e4ea40968b6"]: Refreshing state... [id=subnet-06a9b2e4ea40968b6,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0ae8d251d3a0336ca"]: Refreshing state... [id=subnet-0ae8d251d3a0336ca,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0515848329e5dc53a"]: Refreshing state... [id=subnet-0515848329e5dc53a,karpenter.sh/discovery]
aws_iam_role.karpenter_controller: Refreshing state... [id=lf-prod-aws-ue2-karpenter-controller]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/391835788720/lf-prod-aws-ue2-karpenter]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::391835788720:policy/lf-prod-aws-ue2-karpenter-controller]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=lf-prod-aws-ue2-karpenter-scheduled-change-KarpenterScheduledChange]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=lf-prod-aws-ue2-karpenter-instance-state-change-KarpenterInstanceStateChange]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=lf-prod-aws-ue2-karpenter-spot-interruption-KarpenterSpotInterruption]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=lf-prod-aws-ue2-karpenter-rebalance-KarpenterRebalance]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=lf-prod-aws-ue2-karpenter-controller-20260608235145776400000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

[ghstack-poisoned]
@huydhn huydhn changed the title osdc/hf-cache: integration test — OIDC write round-trip osdc/hf-cache: integration test — refresh (online download → S3 sync) Jun 24, 2026
[ghstack-poisoned]
[ghstack-poisoned]
[ghstack-poisoned]
huydhn added 4 commits June 25, 2026 14:33
[ghstack-poisoned]
[ghstack-poisoned]
[ghstack-poisoned]
[ghstack-poisoned]
@github-actions

github-actions Bot commented Jun 26, 2026

Copy link
Copy Markdown

tofu plan — meta-prod-aws-uw1

✅ Plan succeeded · commit a1434136 · run log

Plan output
Installed 1 package in 2ms
{
    "BucketArn": "arn:aws:s3:::ciforge-tfstate-arc-cbr-prod-uw1",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (meta-prod-aws-uw1) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


data.aws_availability_zones.available: Reading...
module.eks.data.aws_caller_identity.current: Reading...
module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.eks.aws_iam_role.cluster: Refreshing state... [id=meta-prod-aws-uw1-cluster-role]
module.eks.aws_iam_role.node: Refreshing state... [id=meta-prod-aws-uw1-node-role]
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-0c7a0f5c4f16f50dd]
module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=meta-prod-aws-uw1-harbor-s3]
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=249b363f-50d9-4d71-8c19-33c90089adc4]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=meta-prod-aws-uw1-harbor-registry]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=308535385114]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAUPVRELQNNXRVD65N]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=meta-prod-aws-uw1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=meta-prod-aws-uw1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
data.aws_availability_zones.available: Read complete after 0s [id=us-west-1]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=meta-prod-aws-uw1-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=meta-prod-aws-uw1-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=meta-prod-aws-uw1-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=meta-prod-aws-uw1-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=meta-prod-aws-uw1-node-role:meta-prod-aws-uw1-node-cni-ipv6]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/meta-prod-aws-uw1-eks-secrets]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 0s [id=ami-07fd8394a1d58b614]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-0063ee624cd2732d8]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-0c3a516c5f092e482]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-04dd3f923b70d7177]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-062b73a22caa683b7]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-09ba42112ad2f3498]
module.vpc.aws_eip.nat_secondary["us-west-1c-5"]: Refreshing state... [id=eipalloc-0def1ec3fa43dac4b]
module.vpc.aws_eip.nat_secondary["us-west-1c-4"]: Refreshing state... [id=eipalloc-026da1516572eec86]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0e9dc0314cc83122d]
module.vpc.aws_eip.nat_secondary["us-west-1a-4"]: Refreshing state... [id=eipalloc-052349005feef822c]
module.vpc.aws_eip.nat_secondary["us-west-1c-1"]: Refreshing state... [id=eipalloc-0b7ef04c32820eb2b]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0ec6555eaab36cb0f]
module.vpc.aws_eip.nat_secondary["us-west-1c-3"]: Refreshing state... [id=eipalloc-0b5f261d2d97bcdc2]
module.vpc.aws_eip.nat_secondary["us-west-1a-5"]: Refreshing state... [id=eipalloc-0686d617611f65881]
module.vpc.aws_eip.nat_secondary["us-west-1a-3"]: Refreshing state... [id=eipalloc-0396526b463284581]
module.vpc.aws_eip.nat_secondary["us-west-1c-2"]: Refreshing state... [id=eipalloc-02f6fb7e715ebf888]
module.vpc.aws_eip.nat_secondary["us-west-1a-6"]: Refreshing state... [id=eipalloc-0bf3c5405c4b04b9c]
module.vpc.aws_eip.nat_secondary["us-west-1a-1"]: Refreshing state... [id=eipalloc-07fc0a4a8844d68ef]
module.vpc.aws_eip.nat_secondary["us-west-1c-0"]: Refreshing state... [id=eipalloc-0aa6be0f303fb413d]
module.vpc.aws_eip.nat_secondary["us-west-1c-6"]: Refreshing state... [id=eipalloc-047cd622afc027ee1]
module.vpc.aws_eip.nat_secondary["us-west-1a-0"]: Refreshing state... [id=eipalloc-08ee495e2612f9854]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-09e992b7d08e2e934]
module.vpc.aws_eip.nat_secondary["us-west-1a-2"]: Refreshing state... [id=eipalloc-09e48c6512d9e612f]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-000973dc2a1d7e619]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-uw1-harbor-registry]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=meta-prod-aws-uw1-harbor-registry]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=meta-prod-aws-uw1-harbor-registry]
module.eks.aws_eks_cluster.this: Refreshing state... [id=meta-prod-aws-uw1]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=meta-prod-aws-uw1-harbor-s3/arn:aws:iam::308535385114:policy/meta-prod-aws-uw1-harbor-registry]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-021106d76c25ab7dd]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-0ea3c0815876de4c6]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-0f09a57f0a682972e]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-0c4f5e0d136a43bc1]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-096d5785b7f057456]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-0252a95ace300ec13]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-073892599db845ebe]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-03da4cbd6db56b03b]
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=meta-prod-aws-uw1:kube-proxy]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.eks.aws_eks_access_entry.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-uw1:arn:aws:iam::308535385114:role/osdc_gha_prod]
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=meta-prod-aws-uw1:vpc-cni]
module.eks.aws_launch_template.base: Refreshing state... [id=lt-09e8b410d5601fb81]
module.eks.data.tls_certificate.cluster[0]: Read complete after 1s [id=ab5db6c82031e2d229412c67921160a3b3af073b]
module.eks.aws_eks_node_group.base: Refreshing state... [id=meta-prod-aws-uw1:meta-prod-aws-uw1-base-nodes]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::308535385114:oidc-provider/oidc.eks.us-west-1.amazonaws.com/id/049195ED3247B03B610AB041768C99D9]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=meta-prod-aws-uw1-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=1948150697]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-uw1-ebs-csi-driver-role]
module.eks.aws_eks_access_policy_association.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-uw1#arn:aws:iam::308535385114:role/osdc_gha_prod#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=meta-prod-aws-uw1:coredns]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=meta-prod-aws-uw1-harbor-registry/arn:aws:iam::308535385114:policy/meta-prod-aws-uw1-harbor-registry]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-uw1-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=meta-prod-aws-uw1:aws-ebs-csi-driver]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module karpenter (meta-prod-aws-uw1) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=meta-prod-aws-uw1-karpenter-scheduled-change]
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=meta-prod-aws-uw1-karpenter-rebalance]
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=meta-prod-aws-uw1-karpenter-spot-interruption]
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=meta-prod-aws-uw1-karpenter-instance-state-change]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-west-1.amazonaws.com/308535385114/meta-prod-aws-uw1-karpenter]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-west-1.amazonaws.com/308535385114/meta-prod-aws-uw1-karpenter]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=meta-prod-aws-uw1-karpenter-spot-interruption-KarpenterSpotInterruption]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=meta-prod-aws-uw1-karpenter-scheduled-change-KarpenterScheduledChange]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=meta-prod-aws-uw1-karpenter-rebalance-KarpenterRebalance]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=meta-prod-aws-uw1-karpenter-instance-state-change-KarpenterInstanceStateChange]
data.terraform_remote_state.base: Read complete after 1s
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-07b2ae82341ea99c4,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0e9dc0314cc83122d"]: Refreshing state... [id=subnet-0e9dc0314cc83122d,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0ec6555eaab36cb0f"]: Refreshing state... [id=subnet-0ec6555eaab36cb0f,karpenter.sh/discovery]
aws_iam_role.karpenter_controller: Refreshing state... [id=meta-prod-aws-uw1-karpenter-controller]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-uw1-karpenter-controller]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=meta-prod-aws-uw1-karpenter-controller-20260625071532734400000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

huydhn added 4 commits June 25, 2026 19:24
[ghstack-poisoned]
[ghstack-poisoned]
[ghstack-poisoned]
[ghstack-poisoned]
[ghstack-poisoned]
@github-actions

Copy link
Copy Markdown

tofu plan — meta-prod-aws-ue2

✅ Plan succeeded · commit 71566ba7 · run log

Plan output
Installed 1 package in 1ms
{
    "BucketArn": "arn:aws:s3:::ciforge-tfstate-arc-cbr-prod",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (meta-prod-aws-ue2) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


data.aws_availability_zones.available: Reading...
module.eks.data.aws_caller_identity.current: Reading...
module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=meta-prod-aws-ue2-harbor-s3]
module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-0a4f4e29523e47c1b]
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=5d4d0652-42ff-43dd-9226-39d12a821a51]
module.eks.aws_iam_role.node: Refreshing state... [id=meta-prod-aws-ue2-node-role]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=meta-prod-aws-ue2-harbor-registry]
module.eks.aws_iam_role.cluster: Refreshing state... [id=meta-prod-aws-ue2-cluster-role]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=308535385114]
data.aws_availability_zones.available: Read complete after 0s [id=us-east-2]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAUPVRELQNJVCP27OP]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/meta-prod-aws-ue2-eks-secrets]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=meta-prod-aws-ue2-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=meta-prod-aws-ue2-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=meta-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=meta-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=meta-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=meta-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=meta-prod-aws-ue2-node-role:meta-prod-aws-ue2-node-cni-ipv6]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 1s [id=ami-009f1fe7d56695348]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-016bb57c3b21473a6]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-04af658be058383c5]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=meta-prod-aws-ue2-harbor-registry]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=meta-prod-aws-ue2-harbor-registry]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-ue2-harbor-registry]
module.vpc.aws_eip.nat[2]: Refreshing state... [id=eipalloc-083663c3c87e010db]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-08126e2d33cab5385]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0f47ac14e31a8017f]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-02d073a8ea6afc941]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-0bcb5a49baf039af4]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0438aca402f5b38a7]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-002376e4b06050dd5]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-02dd343006d52558e]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-061aea9b4b9bada09]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-09d2f10b60ed5d309]
module.vpc.aws_eip.nat_secondary["us-east-2a-1"]: Refreshing state... [id=eipalloc-0419741e10c7f3d0e]
module.vpc.aws_eip.nat_secondary["us-east-2a-5"]: Refreshing state... [id=eipalloc-0c1dc27d4f3538385]
module.vpc.aws_eip.nat_secondary["us-east-2a-2"]: Refreshing state... [id=eipalloc-089abbdd07fba6c2b]
module.vpc.aws_eip.nat_secondary["us-east-2c-3"]: Refreshing state... [id=eipalloc-0aae09505ca231089]
module.vpc.aws_eip.nat_secondary["us-east-2b-1"]: Refreshing state... [id=eipalloc-05f0cbb677b209e4c]
module.vpc.aws_eip.nat_secondary["us-east-2b-6"]: Refreshing state... [id=eipalloc-06755348e3e26fd1e]
module.vpc.aws_eip.nat_secondary["us-east-2b-3"]: Refreshing state... [id=eipalloc-015325899aff1e5ed]
module.vpc.aws_eip.nat_secondary["us-east-2c-6"]: Refreshing state... [id=eipalloc-01fc1d68552fd3c93]
module.vpc.aws_eip.nat_secondary["us-east-2b-5"]: Refreshing state... [id=eipalloc-0e4421d040c50313d]
module.vpc.aws_eip.nat_secondary["us-east-2c-5"]: Refreshing state... [id=eipalloc-00f2ab5d8753f4695]
module.vpc.aws_eip.nat_secondary["us-east-2a-0"]: Refreshing state... [id=eipalloc-0b3606e915a05b900]
module.vpc.aws_eip.nat_secondary["us-east-2c-0"]: Refreshing state... [id=eipalloc-08261cb440c99aeab]
module.vpc.aws_eip.nat_secondary["us-east-2b-4"]: Refreshing state... [id=eipalloc-08535e5eee34fd191]
module.vpc.aws_eip.nat_secondary["us-east-2b-0"]: Refreshing state... [id=eipalloc-04da46294f7eaf76e]
module.vpc.aws_eip.nat_secondary["us-east-2c-1"]: Refreshing state... [id=eipalloc-0be4a9c527836548e]
module.vpc.aws_eip.nat_secondary["us-east-2a-6"]: Refreshing state... [id=eipalloc-0825c0cfde63c3db8]
module.vpc.aws_eip.nat_secondary["us-east-2a-4"]: Refreshing state... [id=eipalloc-0808c5e0c619858bf]
module.vpc.aws_eip.nat_secondary["us-east-2a-3"]: Refreshing state... [id=eipalloc-0a8f826170a066d1a]
module.vpc.aws_eip.nat_secondary["us-east-2c-2"]: Refreshing state... [id=eipalloc-0cd6a97f41c08ad79]
module.vpc.aws_eip.nat_secondary["us-east-2c-4"]: Refreshing state... [id=eipalloc-00389a24357de600c]
module.vpc.aws_eip.nat_secondary["us-east-2b-2"]: Refreshing state... [id=eipalloc-03b287002428ed999]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=meta-prod-aws-ue2-harbor-s3/arn:aws:iam::308535385114:policy/meta-prod-aws-ue2-harbor-registry]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-0ec5793b2d56da22d]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-0d74603290859e2f2]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-00e225254564766a6]
module.eks.aws_eks_cluster.this: Refreshing state... [id=meta-prod-aws-ue2]
module.vpc.aws_nat_gateway.this[2]: Refreshing state... [id=nat-01ba8099bebc551a4]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-0578f79b0309df745]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-0fc6b948cfe81046d]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-0fd06291b649af633]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-0b9d4e0fc87d542a6]
module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-0bc4e669577609a58]
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=meta-prod-aws-ue2:kube-proxy]
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=meta-prod-aws-ue2:vpc-cni]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.eks.aws_eks_access_entry.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-ue2:arn:aws:iam::308535385114:role/osdc_gha_prod]
module.eks.aws_launch_template.base: Refreshing state... [id=lt-0b4676c69cf648948]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0dd75e8dec345f5a0]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-03b5e7bbb060c2f94]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0f09d32deabb452f1]
module.eks.aws_eks_node_group.base: Refreshing state... [id=meta-prod-aws-ue2:meta-prod-aws-ue2-base-nodes]
module.eks.data.tls_certificate.cluster[0]: Read complete after 0s [id=033a163afb2babc26f7883e642621ac361c93d61]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::308535385114:oidc-provider/oidc.eks.us-east-2.amazonaws.com/id/D399D35AE88C3599FE2FC477C1EC7C92]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=meta-prod-aws-ue2-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=780079123]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-ue2-ebs-csi-driver-role]
module.eks.aws_eks_access_policy_association.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-ue2#arn:aws:iam::308535385114:role/osdc_gha_prod#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=meta-prod-aws-ue2:coredns]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=meta-prod-aws-ue2-harbor-registry/arn:aws:iam::308535385114:policy/meta-prod-aws-ue2-harbor-registry]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-ue2-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=meta-prod-aws-ue2:aws-ebs-csi-driver]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module karpenter (meta-prod-aws-ue2) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=meta-prod-aws-ue2-karpenter-instance-state-change]
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=meta-prod-aws-ue2-karpenter-rebalance]
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=meta-prod-aws-ue2-karpenter-scheduled-change]
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=meta-prod-aws-ue2-karpenter-spot-interruption]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/308535385114/meta-prod-aws-ue2-karpenter]
data.terraform_remote_state.base: Read complete after 0s
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-08123718ac4568e55,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-061aea9b4b9bada09"]: Refreshing state... [id=subnet-061aea9b4b9bada09,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-09d2f10b60ed5d309"]: Refreshing state... [id=subnet-09d2f10b60ed5d309,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-02dd343006d52558e"]: Refreshing state... [id=subnet-02dd343006d52558e,karpenter.sh/discovery]
aws_iam_role.karpenter_controller: Refreshing state... [id=meta-prod-aws-ue2-karpenter-controller]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/308535385114/meta-prod-aws-ue2-karpenter]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=meta-prod-aws-ue2-karpenter-instance-state-change-KarpenterInstanceStateChange]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=meta-prod-aws-ue2-karpenter-scheduled-change-KarpenterScheduledChange]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=meta-prod-aws-ue2-karpenter-spot-interruption-KarpenterSpotInterruption]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-ue2-karpenter-controller]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=meta-prod-aws-ue2-karpenter-rebalance-KarpenterRebalance]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=meta-prod-aws-ue2-karpenter-controller-20260626065954984300000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

huydhn added 4 commits June 29, 2026 19:07
[ghstack-poisoned]
[ghstack-poisoned]
[ghstack-poisoned]
[ghstack-poisoned]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants