Skip to content

osdc/hf-cache: scripts/hf-cache-seed.py to seed models into bucket(s)#833

Open
huydhn wants to merge 18 commits into
gh/huydhn/46/basefrom
gh/huydhn/46/head
Open

osdc/hf-cache: scripts/hf-cache-seed.py to seed models into bucket(s)#833
huydhn wants to merge 18 commits into
gh/huydhn/46/basefrom
gh/huydhn/46/head

Conversation

@huydhn

@huydhn huydhn commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Stack from ghstack (oldest at bottom):

Standalone seeding tool under osdc/scripts (moved out of the justfile). Downloads
each HF model once locally, then aws s3 syncs it to one or more clusters'
per-region buckets pytorch-hf-model-cache-<cluster_id>, or --all clusters that
enable the hf-cache module (synced in parallel). Writes straight to S3 with the
operator's AWS creds — independent of the cluster mount. Run once per model.

uv run scripts/hf-cache-seed.py -c meta-staging-aws-ue1 Qwen/Qwen2.5-7B-Instruct
uv run scripts/hf-cache-seed.py --all Qwen/Qwen2.5-7B-Instruct

@huydhn
Update
b24a439 
[ghstack-poisoned]
@huydhn huydhn requested a review from jeanschmidt as a code owner June 25, 2026 06:11
This was referenced Jun 24, 2026
Open
Open
Open
Open
Open
Open
Open
@github-actions

github-actions Bot commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown

tofu plan — arc-cbr-production

✅ Plan succeeded · commit dcfa0684 · run log

Plan output 
Installed 1 package in 1ms
{
    "BucketArn": "arn:aws:s3:::ciforge-tfstate-arc-cbr-prod",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (arc-cbr-production) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.eks.data.aws_caller_identity.current: Reading...
module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=pytorch-arc-cbr-production-harbor-s3]
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-0e712dc7e743bbcf7]
data.aws_availability_zones.available: Reading...
module.eks.aws_iam_role.cluster: Refreshing state... [id=pytorch-arc-cbr-production-cluster-role]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-harbor-registry]
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=527854a4-e335-4f95-bc89-1321cff7a478]
module.eks.aws_iam_role.node: Refreshing state... [id=pytorch-arc-cbr-production-node-role]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=308535385114]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAUPVRELQNOLQFN6MU]
data.aws_availability_zones.available: Read complete after 0s [id=us-east-2]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/pytorch-arc-cbr-production-eks-secrets]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=pytorch-arc-cbr-production-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=pytorch-arc-cbr-production-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=pytorch-arc-cbr-production-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=pytorch-arc-cbr-production-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=pytorch-arc-cbr-production-node-role:pytorch-arc-cbr-production-node-cni-ipv6]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=pytorch-arc-cbr-production-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=pytorch-arc-cbr-production-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 0s [id=ami-009f1fe7d56695348]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-032d4401e63f0c9b9]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-05e96ee7cb818e5c0]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0d26e280575e8aaf4]
module.vpc.aws_eip.nat_secondary["us-east-2b-6"]: Refreshing state... [id=eipalloc-06b7b88826199a232]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ab11fcdb8d4ea113]
module.vpc.aws_eip.nat_secondary["us-east-2b-5"]: Refreshing state... [id=eipalloc-0cde9a6463901f1e1]
module.vpc.aws_eip.nat_secondary["us-east-2a-3"]: Refreshing state... [id=eipalloc-034d5e1f5a2fcb795]
module.vpc.aws_eip.nat_secondary["us-east-2c-6"]: Refreshing state... [id=eipalloc-0aede78edc69cf695]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-0d34063a19f4b07b4]
module.vpc.aws_eip.nat_secondary["us-east-2a-6"]: Refreshing state... [id=eipalloc-0113c95dbdec2f879]
module.vpc.aws_eip.nat_secondary["us-east-2b-4"]: Refreshing state... [id=eipalloc-0de33181548ac2e5a]
module.vpc.aws_eip.nat_secondary["us-east-2a-0"]: Refreshing state... [id=eipalloc-086a011b3c26c0dd7]
module.vpc.aws_eip.nat_secondary["us-east-2a-5"]: Refreshing state... [id=eipalloc-0bd9bf54bd6010323]
module.vpc.aws_eip.nat_secondary["us-east-2c-4"]: Refreshing state... [id=eipalloc-0cc3dadec18bbb3f3]
module.vpc.aws_eip.nat_secondary["us-east-2c-0"]: Refreshing state... [id=eipalloc-03542e74755fc105b]
module.vpc.aws_eip.nat_secondary["us-east-2b-0"]: Refreshing state... [id=eipalloc-0cead990d60ce181e]
module.vpc.aws_eip.nat_secondary["us-east-2c-2"]: Refreshing state... [id=eipalloc-07cfdb2fd5dc07459]
module.vpc.aws_eip.nat_secondary["us-east-2a-2"]: Refreshing state... [id=eipalloc-09b15a770e0c6d552]
module.vpc.aws_eip.nat_secondary["us-east-2c-5"]: Refreshing state... [id=eipalloc-02825435a2786b3d8]
module.vpc.aws_eip.nat_secondary["us-east-2c-1"]: Refreshing state... [id=eipalloc-06a980076e99cda81]
module.vpc.aws_eip.nat_secondary["us-east-2a-4"]: Refreshing state... [id=eipalloc-067d535102a61d1a8]
module.vpc.aws_eip.nat_secondary["us-east-2b-2"]: Refreshing state... [id=eipalloc-063bee447616351f9]
module.vpc.aws_eip.nat_secondary["us-east-2a-1"]: Refreshing state... [id=eipalloc-0f2b00a9ac31df215]
module.vpc.aws_eip.nat_secondary["us-east-2c-3"]: Refreshing state... [id=eipalloc-0d3a71569b2f687be]
module.vpc.aws_eip.nat_secondary["us-east-2b-3"]: Refreshing state... [id=eipalloc-021ee6c9f1d20b71a]
module.vpc.aws_eip.nat_secondary["us-east-2b-1"]: Refreshing state... [id=eipalloc-0e67c0a8cd8c990da]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0992f582e9bf2836e]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0709abbcafa23aec0]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-0577a02acde719bff]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-01e479dcb5aedf696]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-0a583bbbcac436ebd]
module.vpc.aws_eip.nat[2]: Refreshing state... [id=eipalloc-01187bfaa68514400]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-0fddf2f74e7e978c7]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-harbor-registry]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-harbor-registry]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-harbor-registry]
module.eks.aws_eks_cluster.this: Refreshing state... [id=pytorch-arc-cbr-production]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-084975a7f7af2696e]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-0ce4fba002d90e7d5]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-07d5cd4c479c827ab]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=pytorch-arc-cbr-production-harbor-s3/arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-harbor-registry]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-0ad75b2f5282877db]
module.vpc.aws_nat_gateway.this[2]: Refreshing state... [id=nat-0f7b8f4473e5790df]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-08e264cbbd47be1ee]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-01d38d41a7ca82a08]
module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-0cb3785c433ed7718]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-0c7ecd4166a01e5f0]
module.eks.aws_launch_template.base: Refreshing state... [id=lt-0b820cd15307b6d57]
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=pytorch-arc-cbr-production:kube-proxy]
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=pytorch-arc-cbr-production:vpc-cni]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.eks.aws_eks_access_entry.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=pytorch-arc-cbr-production:arn:aws:iam::308535385114:role/osdc_gha_prod]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0b6e08b4b0dc968c0]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0beb143017359bda1]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-097abe4676c74f71b]
module.eks.aws_eks_node_group.base: Refreshing state... [id=pytorch-arc-cbr-production:pytorch-arc-cbr-production-base-nodes]
module.eks.data.tls_certificate.cluster[0]: Read complete after 0s [id=033a163afb2babc26f7883e642621ac361c93d61]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::308535385114:oidc-provider/oidc.eks.us-east-2.amazonaws.com/id/0A621339248958D6D5F2FF084BD185B5]
module.eks.aws_eks_access_policy_association.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=pytorch-arc-cbr-production#arn:aws:iam::308535385114:role/osdc_gha_prod#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=2879363015]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=pytorch-arc-cbr-production-ebs-csi-driver-role]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=pytorch-arc-cbr-production:coredns]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-harbor-registry/arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-harbor-registry]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=pytorch-arc-cbr-production-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=pytorch-arc-cbr-production:aws-ebs-csi-driver]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module karpenter (arc-cbr-production) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-rebalance]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/308535385114/pytorch-arc-cbr-production-karpenter]
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-spot-interruption]
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-scheduled-change]
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-instance-state-change]
data.terraform_remote_state.base: Read complete after 1s
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-01ec5f742ae028981,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0577a02acde719bff"]: Refreshing state... [id=subnet-0577a02acde719bff,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0992f582e9bf2836e"]: Refreshing state... [id=subnet-0992f582e9bf2836e,karpenter.sh/discovery]
aws_iam_role.karpenter_controller: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-controller]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0709abbcafa23aec0"]: Refreshing state... [id=subnet-0709abbcafa23aec0,karpenter.sh/discovery]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-karpenter-controller]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/308535385114/pytorch-arc-cbr-production-karpenter]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-scheduled-change-KarpenterScheduledChange]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-instance-state-change-KarpenterInstanceStateChange]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-spot-interruption-KarpenterSpotInterruption]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-rebalance-KarpenterRebalance]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=pytorch-arc-cbr-production-karpenter-controller-20260518021844404100000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module pypi-cache (arc-cbr-production) ━━━
data.terraform_remote_state.base: Reading...
aws_iam_policy.wants_collector: Refreshing state... [id=arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-pypi-wants-collector-s3]
aws_iam_policy.wheel_syncer: Refreshing state... [id=arn:aws:iam::308535385114:policy/pytorch-arc-cbr-production-pypi-wheel-syncer-s3]
aws_efs_file_system.pypi_cache: Refreshing state... [id=fs-0deb818bbf18764de]
data.terraform_remote_state.base: Read complete after 0s
aws_iam_role.wants_collector: Refreshing state... [id=pytorch-arc-cbr-production-pypi-wants-collector-role]
aws_iam_role.wheel_syncer: Refreshing state... [id=pytorch-arc-cbr-production-pypi-wheel-syncer-role]
aws_iam_role.efs_csi_driver: Refreshing state... [id=pytorch-arc-cbr-production-efs-csi-driver-role]
aws_security_group.efs: Refreshing state... [id=sg-0979eb5e3d9d3db9f]
aws_iam_role_policy_attachment.wheel_syncer: Refreshing state... [id=pytorch-arc-cbr-production-pypi-wheel-syncer-role-20260518023249929400000004]
aws_efs_mount_target.pypi_cache["subnet-0992f582e9bf2836e"]: Refreshing state... [id=fsmt-03523586bb4ff0c46]
aws_efs_mount_target.pypi_cache["subnet-0577a02acde719bff"]: Refreshing state... [id=fsmt-07d7b111b9cd6684e]
aws_efs_mount_target.pypi_cache["subnet-0709abbcafa23aec0"]: Refreshing state... [id=fsmt-08cd5108febbacef9]
aws_iam_role_policy_attachment.wants_collector: Refreshing state... [id=pytorch-arc-cbr-production-pypi-wants-collector-role-20260518023249903900000003]
aws_iam_role_policy_attachment.efs_csi_driver: Refreshing state... [id=pytorch-arc-cbr-production-efs-csi-driver-role-20260518023249955700000005]
aws_eks_addon.efs_csi_driver: Refreshing state... [id=pytorch-arc-cbr-production:aws-efs-csi-driver]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

@github-actions

github-actions Bot commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown

tofu plan — meta-prod-aws-ue1

✅ Plan succeeded · commit 5e1a42c3 · run log

Plan output 
Installed 1 package in 1ms
{
    "BucketArn": "arn:aws:s3:::ciforge-tfstate-arc-cbr-prod-ue1",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (meta-prod-aws-ue1) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


module.eks.data.aws_ami.eks_optimized_al2023: Reading...
data.aws_availability_zones.available: Reading...
module.eks.data.aws_caller_identity.current: Reading...
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-046818728dce02486]
module.eks.aws_iam_role.node: Refreshing state... [id=meta-prod-aws-ue1-node-role]
module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=meta-prod-aws-ue1-harbor-s3]
module.eks.aws_iam_role.cluster: Refreshing state... [id=meta-prod-aws-ue1-cluster-role]
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=9274017b-776a-41bd-9f11-d118a1174159]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=meta-prod-aws-ue1-harbor-registry]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=308535385114]
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/meta-prod-aws-ue1-eks-secrets]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAUPVRELQNGRUDTXPT]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=meta-prod-aws-ue1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=meta-prod-aws-ue1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=meta-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=meta-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=meta-prod-aws-ue1-node-role:meta-prod-aws-ue1-node-cni-ipv6]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=meta-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=meta-prod-aws-ue1-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 1s [id=ami-0dafeb02304897431]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=meta-prod-aws-ue1-harbor-registry]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-ue1-harbor-registry]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=meta-prod-aws-ue1-harbor-registry]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=meta-prod-aws-ue1-harbor-s3/arn:aws:iam::308535385114:policy/meta-prod-aws-ue1-harbor-registry]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-0ce44cb6446f3c1b6]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-0cf3d9cf37ee998b6]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-07bfd0f170c3b3406]
module.vpc.aws_eip.nat[2]: Refreshing state... [id=eipalloc-033772b4490df1b41]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0f922406e02ecba1d]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-00c2e2605c4dea199]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0d65ec2dd49f0d87c]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-0eafd792589fbb363]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-078f44b58c8b48ade]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-02ce11d6646870431]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0348c5058db524cd2]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-0beb5fc44f0ee165f]
module.vpc.aws_eip.nat_secondary["us-east-1c-4"]: Refreshing state... [id=eipalloc-00c5df9f3b60f353d]
module.vpc.aws_eip.nat_secondary["us-east-1a-0"]: Refreshing state... [id=eipalloc-0c8a6faed0a97479d]
module.vpc.aws_eip.nat_secondary["us-east-1b-5"]: Refreshing state... [id=eipalloc-0d078dc6f07628714]
module.vpc.aws_eip.nat_secondary["us-east-1b-2"]: Refreshing state... [id=eipalloc-0f0b720f4cca62ec7]
module.vpc.aws_eip.nat_secondary["us-east-1c-5"]: Refreshing state... [id=eipalloc-04fe645562f597aaa]
module.vpc.aws_eip.nat_secondary["us-east-1b-0"]: Refreshing state... [id=eipalloc-0bcfe1f98793e1b12]
module.vpc.aws_eip.nat_secondary["us-east-1a-5"]: Refreshing state... [id=eipalloc-01f89a7c130d2a810]
module.vpc.aws_eip.nat_secondary["us-east-1c-3"]: Refreshing state... [id=eipalloc-0af54aa2e5f40dfa4]
module.vpc.aws_eip.nat_secondary["us-east-1a-4"]: Refreshing state... [id=eipalloc-09fa171393c3a7cfb]
module.vpc.aws_eip.nat_secondary["us-east-1a-6"]: Refreshing state... [id=eipalloc-02e84a51a14c9cbda]
module.vpc.aws_eip.nat_secondary["us-east-1a-3"]: Refreshing state... [id=eipalloc-0bda13d7b70c00c00]
module.vpc.aws_eip.nat_secondary["us-east-1b-1"]: Refreshing state... [id=eipalloc-0d095305019486ae6]
module.vpc.aws_eip.nat_secondary["us-east-1c-2"]: Refreshing state... [id=eipalloc-025ef0e1813277c67]
module.vpc.aws_eip.nat_secondary["us-east-1c-1"]: Refreshing state... [id=eipalloc-0cb5208c5f775baf6]
module.vpc.aws_eip.nat_secondary["us-east-1c-0"]: Refreshing state... [id=eipalloc-05844040c7248f44f]
module.vpc.aws_eip.nat_secondary["us-east-1b-4"]: Refreshing state... [id=eipalloc-0aba12aa23c11d20c]
module.vpc.aws_eip.nat_secondary["us-east-1a-2"]: Refreshing state... [id=eipalloc-080ec4e265ebdc5ad]
module.vpc.aws_eip.nat_secondary["us-east-1a-1"]: Refreshing state... [id=eipalloc-08c7bd3306cf687ca]
module.vpc.aws_eip.nat_secondary["us-east-1b-3"]: Refreshing state... [id=eipalloc-0c8291ee817240e1f]
module.vpc.aws_eip.nat_secondary["us-east-1b-6"]: Refreshing state... [id=eipalloc-0f922f499d32f1368]
module.vpc.aws_eip.nat_secondary["us-east-1c-6"]: Refreshing state... [id=eipalloc-0d22d3aa0667a1070]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-0616491b7baeab47f]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-05e7e66e960593972]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-05da47c4ed26ae390]
module.eks.aws_eks_cluster.this: Refreshing state... [id=meta-prod-aws-ue1]
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=meta-prod-aws-ue1:kube-proxy]
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=meta-prod-aws-ue1:vpc-cni]
module.eks.aws_eks_access_entry.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-ue1:arn:aws:iam::308535385114:role/osdc_gha_prod]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.eks.aws_launch_template.base: Refreshing state... [id=lt-043779597e3b5a7fd]
module.eks.data.tls_certificate.cluster[0]: Read complete after 0s [id=b1b539daa206035ae3c3e28288b0681fa1b462f3]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::308535385114:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/6C84A48E1BF23A027C1E78912A368743]
module.eks.aws_eks_node_group.base: Refreshing state... [id=meta-prod-aws-ue1:meta-prod-aws-ue1-base-nodes]
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=meta-prod-aws-ue1-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=3022997555]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-ue1-ebs-csi-driver-role]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=meta-prod-aws-ue1:coredns]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=meta-prod-aws-ue1-harbor-registry/arn:aws:iam::308535385114:policy/meta-prod-aws-ue1-harbor-registry]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-ue1-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.eks.aws_eks_access_policy_association.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-ue1#arn:aws:iam::308535385114:role/osdc_gha_prod#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=meta-prod-aws-ue1:aws-ebs-csi-driver]
module.vpc.aws_nat_gateway.this[2]: Refreshing state... [id=nat-09414719983019b49]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-025de56c0aac8d3f0]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-0cff785d8001fc914]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-09287d705ce4a88bc]
module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-05d5b7a41aa6323ed]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-0c665948be8d0282e]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-02a8683fa7258f295]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0306281246323bd27]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-09dca398d838d4247]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module karpenter (meta-prod-aws-ue1) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=meta-prod-aws-ue1-karpenter-instance-state-change]
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=meta-prod-aws-ue1-karpenter-rebalance]
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=meta-prod-aws-ue1-karpenter-scheduled-change]
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=meta-prod-aws-ue1-karpenter-spot-interruption]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-east-1.amazonaws.com/308535385114/meta-prod-aws-ue1-karpenter]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-east-1.amazonaws.com/308535385114/meta-prod-aws-ue1-karpenter]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=meta-prod-aws-ue1-karpenter-instance-state-change-KarpenterInstanceStateChange]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=meta-prod-aws-ue1-karpenter-rebalance-KarpenterRebalance]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=meta-prod-aws-ue1-karpenter-scheduled-change-KarpenterScheduledChange]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=meta-prod-aws-ue1-karpenter-spot-interruption-KarpenterSpotInterruption]
data.terraform_remote_state.base: Read complete after 1s
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-016f4a0d209f3e4a9,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-02ce11d6646870431"]: Refreshing state... [id=subnet-02ce11d6646870431,karpenter.sh/discovery]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-ue1-karpenter-controller]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0d65ec2dd49f0d87c"]: Refreshing state... [id=subnet-0d65ec2dd49f0d87c,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0348c5058db524cd2"]: Refreshing state... [id=subnet-0348c5058db524cd2,karpenter.sh/discovery]
aws_iam_role.karpenter_controller: Refreshing state... [id=meta-prod-aws-ue1-karpenter-controller]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=meta-prod-aws-ue1-karpenter-controller-20260528200455768400000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module pypi-cache (meta-prod-aws-ue1) ━━━
data.terraform_remote_state.base: Reading...
aws_iam_policy.wants_collector: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-ue1-pypi-wants-collector-s3]
aws_iam_policy.wheel_syncer: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-ue1-pypi-wheel-syncer-s3]
aws_efs_file_system.pypi_cache: Refreshing state... [id=fs-023e57b36ec1cd426]
data.terraform_remote_state.base: Read complete after 1s
aws_iam_role.wheel_syncer: Refreshing state... [id=meta-prod-aws-ue1-pypi-wheel-syncer-role]
aws_iam_role.wants_collector: Refreshing state... [id=meta-prod-aws-ue1-pypi-wants-collector-role]
aws_security_group.efs: Refreshing state... [id=sg-0bc06caa62214c9b7]
aws_iam_role.efs_csi_driver: Refreshing state... [id=meta-prod-aws-ue1-efs-csi-driver-role]
aws_iam_role_policy_attachment.wants_collector: Refreshing state... [id=meta-prod-aws-ue1-pypi-wants-collector-role-20260528201106192600000004]
aws_iam_role_policy_attachment.wheel_syncer: Refreshing state... [id=meta-prod-aws-ue1-pypi-wheel-syncer-role-20260528201106257700000005]
aws_iam_role_policy_attachment.efs_csi_driver: Refreshing state... [id=meta-prod-aws-ue1-efs-csi-driver-role-20260528201106116400000003]
aws_eks_addon.efs_csi_driver: Refreshing state... [id=meta-prod-aws-ue1:aws-efs-csi-driver]
aws_efs_mount_target.pypi_cache["subnet-0d65ec2dd49f0d87c"]: Refreshing state... [id=fsmt-0ffaedc58eceb7749]
aws_efs_mount_target.pypi_cache["subnet-02ce11d6646870431"]: Refreshing state... [id=fsmt-06a05c001541338d2]
aws_efs_mount_target.pypi_cache["subnet-0348c5058db524cd2"]: Refreshing state... [id=fsmt-0500c573cafe66133]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

@huydhn huydhn marked this pull request as draft June 25, 2026 06:16
@github-actions

github-actions Bot commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown

tofu plan — lf-prod-aws-ue2

✅ Plan succeeded · commit 5be5cc3d · run log

Plan output 
Installed 1 package in 2ms
{
    "BucketArn": "arn:aws:s3:::lf-osdc-tfstate-prod-ue2",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (lf-prod-aws-ue2) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


data.aws_availability_zones.available: Reading...
module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.eks.data.aws_caller_identity.current: Reading...
module.eks.aws_iam_role.node: Refreshing state... [id=lf-prod-aws-ue2-node-role]
module.eks.aws_iam_role.cluster: Refreshing state... [id=lf-prod-aws-ue2-cluster-role]
module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=lf-prod-aws-ue2-harbor-s3]
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-0f7d54e3accfbe3e4]
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=27a9b8e9-2509-43ce-ac8e-cfc320b65fe2]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=lf-prod-aws-ue2-harbor-registry]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=391835788720]
data.aws_availability_zones.available: Read complete after 0s [id=us-east-2]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAVWOZ3UWYMGG4LIHB]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/lf-prod-aws-ue2-eks-secrets]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 0s [id=ami-009f1fe7d56695348]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=lf-prod-aws-ue2-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=lf-prod-aws-ue2-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=lf-prod-aws-ue2-node-role:lf-prod-aws-ue2-node-cni-ipv6]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=lf-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=lf-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=lf-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=lf-prod-aws-ue2-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-061f8f7ac8b40d720]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-042c4d31ed557eaa4]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-0508ab6e3db7ccf08]
module.vpc.aws_eip.nat_secondary["us-east-2b-3"]: Refreshing state... [id=eipalloc-0b95441aa4e161db2]
module.vpc.aws_eip.nat_secondary["us-east-2c-0"]: Refreshing state... [id=eipalloc-09bd4b74b1a8ca6ac]
module.vpc.aws_eip.nat_secondary["us-east-2c-2"]: Refreshing state... [id=eipalloc-08e66df79eddc18b5]
module.vpc.aws_eip.nat_secondary["us-east-2a-4"]: Refreshing state... [id=eipalloc-0bd8a5e170892bb0b]
module.vpc.aws_eip.nat_secondary["us-east-2a-2"]: Refreshing state... [id=eipalloc-0e53d306d25151b0e]
module.vpc.aws_eip.nat_secondary["us-east-2c-3"]: Refreshing state... [id=eipalloc-04d97b3aec8f5fb8a]
module.vpc.aws_eip.nat_secondary["us-east-2b-1"]: Refreshing state... [id=eipalloc-0c8d74e3dcfb2dad0]
module.vpc.aws_eip.nat_secondary["us-east-2a-0"]: Refreshing state... [id=eipalloc-0a9078e90b80cc1de]
module.vpc.aws_eip.nat_secondary["us-east-2b-4"]: Refreshing state... [id=eipalloc-08683a31d5967bff6]
module.vpc.aws_eip.nat_secondary["us-east-2c-6"]: Refreshing state... [id=eipalloc-057df768d859ed17e]
module.vpc.aws_eip.nat_secondary["us-east-2a-6"]: Refreshing state... [id=eipalloc-077cbc910a56d08fd]
module.vpc.aws_eip.nat_secondary["us-east-2a-5"]: Refreshing state... [id=eipalloc-095865342b4c692ac]
module.vpc.aws_eip.nat_secondary["us-east-2b-6"]: Refreshing state... [id=eipalloc-09c38605941dbbaac]
module.vpc.aws_eip.nat_secondary["us-east-2a-3"]: Refreshing state... [id=eipalloc-0737f1fdf35a0f975]
module.vpc.aws_eip.nat_secondary["us-east-2b-5"]: Refreshing state... [id=eipalloc-06f0755f7542d77fa]
module.vpc.aws_eip.nat_secondary["us-east-2b-2"]: Refreshing state... [id=eipalloc-0403ed9359182b72c]
module.vpc.aws_eip.nat_secondary["us-east-2c-4"]: Refreshing state... [id=eipalloc-005e21ac878c4db34]
module.vpc.aws_eip.nat_secondary["us-east-2c-5"]: Refreshing state... [id=eipalloc-06c020042f283554a]
module.vpc.aws_eip.nat_secondary["us-east-2a-1"]: Refreshing state... [id=eipalloc-0a90e8e5b75a3fe45]
module.vpc.aws_eip.nat_secondary["us-east-2c-1"]: Refreshing state... [id=eipalloc-0241d507f34cdb0b5]
module.vpc.aws_eip.nat_secondary["us-east-2b-0"]: Refreshing state... [id=eipalloc-055182abe5c634ddc]
module.vpc.aws_subnet.private[2]: Refreshing state... [id=subnet-06a9b2e4ea40968b6]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0515848329e5dc53a]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0ae8d251d3a0336ca]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0e53846501278171e]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-08c041a7cb9147705]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-080bfdf02da937445]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-016d460df617c0e2c]
module.vpc.aws_eip.nat[2]: Refreshing state... [id=eipalloc-079ed57d9de06fd9b]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-0e0efd2a8ef20d72e]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=lf-prod-aws-ue2-harbor-registry]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::391835788720:policy/lf-prod-aws-ue2-harbor-registry]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=lf-prod-aws-ue2-harbor-registry]
module.eks.aws_eks_cluster.this: Refreshing state... [id=lf-prod-aws-ue2]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-028a6f03785f6bca2]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-005f847cdca1f2143]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-0d0f31615161dab0f]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-095cd56cd812b4931]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-0288194135c91a55d]
module.vpc.aws_nat_gateway.this[2]: Refreshing state... [id=nat-0caff297f1b93f0c7]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=lf-prod-aws-ue2-harbor-s3/arn:aws:iam::391835788720:policy/lf-prod-aws-ue2-harbor-registry]
module.vpc.aws_route_table.private[2]: Refreshing state... [id=rtb-0d7230758d05b4f20]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-0d0497dd1d2a111f5]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-0ce64842bfadf32b0]
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=lf-prod-aws-ue2:kube-proxy]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.eks.aws_eks_access_entry.cluster_admin["lf_osdc_admin"]: Refreshing state... [id=lf-prod-aws-ue2:arn:aws:iam::391835788720:role/lf_osdc_admin]
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=lf-prod-aws-ue2:vpc-cni]
module.eks.aws_launch_template.base: Refreshing state... [id=lt-062d0b42e1b1ca1af]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0cbaf74e1bd57a865]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-05de05c204a439484]
module.vpc.aws_route_table_association.private[2]: Refreshing state... [id=rtbassoc-0feb6707491379e22]
module.eks.aws_eks_node_group.base: Refreshing state... [id=lf-prod-aws-ue2:lf-prod-aws-ue2-base-nodes]
module.eks.data.tls_certificate.cluster[0]: Read complete after 0s [id=033a163afb2babc26f7883e642621ac361c93d61]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::391835788720:oidc-provider/oidc.eks.us-east-2.amazonaws.com/id/43EEAC690CC76E15781134A4FC06EDCE]
module.eks.aws_eks_access_policy_association.cluster_admin["lf_osdc_admin"]: Refreshing state... [id=lf-prod-aws-ue2#arn:aws:iam::391835788720:role/lf_osdc_admin#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=lf-prod-aws-ue2-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=796338164]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=lf-prod-aws-ue2-ebs-csi-driver-role]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=lf-prod-aws-ue2:coredns]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=lf-prod-aws-ue2-harbor-registry/arn:aws:iam::391835788720:policy/lf-prod-aws-ue2-harbor-registry]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=lf-prod-aws-ue2-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=lf-prod-aws-ue2:aws-ebs-csi-driver]

OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

OpenTofu will perform the following actions:

  # module.eks.aws_eks_node_group.base must be replaced
-/+ resource "aws_eks_node_group" "base" {
      ~ ami_type               = "CUSTOM" -> (known after apply)
      ~ arn                    = "arn:aws:eks:us-east-2:391835788720:nodegroup/lf-prod-aws-ue2/lf-prod-aws-ue2-base-nodes/18cf7f9f-7334-8ea4-6d47-6a326189f72e" -> (known after apply)
      ~ disk_size              = 0 -> (known after apply)
      ~ id                     = "lf-prod-aws-ue2:lf-prod-aws-ue2-base-nodes" -> (known after apply)
      ~ instance_types         = [ # forces replacement
          - "m7i.8xlarge",
          + "m7i.12xlarge",
        ]
      + node_group_name_prefix = (known after apply)
      ~ release_version        = "ami-009f1fe7d56695348" -> (known after apply)
      ~ resources              = [
          - {
              - autoscaling_groups              = [
                  - {
                      - name = "eks-lf-prod-aws-ue2-base-nodes-18cf7f9f-7334-8ea4-6d47-6a326189f72e"
                    },
                ]
              - remote_access_security_group_id = ""
            },
        ] -> (known after apply)
      ~ status                 = "ACTIVE" -> (known after apply)
        tags                   = {
            "Cluster" = "lf-prod-aws-ue2"
            "Name"    = "lf-prod-aws-ue2-base-nodes"
            "Project" = "ciforge"
            "Type"    = "base-infrastructure"
        }
      ~ version                = "1.35" -> (known after apply)
        # (9 unchanged attributes hidden)

      ~ launch_template {
            id      = "lt-062d0b42e1b1ca1af"
          ~ name    = "lf-prod-aws-ue2-base-2026060823434416370000000b" -> (known after apply)
            # (1 unchanged attribute hidden)
        }

      ~ update_config {
          - max_unavailable            = 0 -> null
            # (1 unchanged attribute hidden)
        }

        # (3 unchanged blocks hidden)
    }

Plan: 1 to add, 0 to change, 1 to destroy.

━━━ PLAN: Module karpenter (lf-prod-aws-ue2) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=lf-prod-aws-ue2-karpenter-scheduled-change]
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=lf-prod-aws-ue2-karpenter-rebalance]
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=lf-prod-aws-ue2-karpenter-instance-state-change]
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=lf-prod-aws-ue2-karpenter-spot-interruption]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/391835788720/lf-prod-aws-ue2-karpenter]
data.terraform_remote_state.base: Read complete after 1s
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-06c1f2ed8ffb1ddfa,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0ae8d251d3a0336ca"]: Refreshing state... [id=subnet-0ae8d251d3a0336ca,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-06a9b2e4ea40968b6"]: Refreshing state... [id=subnet-06a9b2e4ea40968b6,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0515848329e5dc53a"]: Refreshing state... [id=subnet-0515848329e5dc53a,karpenter.sh/discovery]
aws_iam_role.karpenter_controller: Refreshing state... [id=lf-prod-aws-ue2-karpenter-controller]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=lf-prod-aws-ue2-karpenter-rebalance-KarpenterRebalance]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-east-2.amazonaws.com/391835788720/lf-prod-aws-ue2-karpenter]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::391835788720:policy/lf-prod-aws-ue2-karpenter-controller]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=lf-prod-aws-ue2-karpenter-spot-interruption-KarpenterSpotInterruption]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=lf-prod-aws-ue2-karpenter-instance-state-change-KarpenterInstanceStateChange]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=lf-prod-aws-ue2-karpenter-scheduled-change-KarpenterScheduledChange]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=lf-prod-aws-ue2-karpenter-controller-20260608235145776400000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

@huydhn huydhn mentioned this pull request Jun 25, 2026
Closed
@huydhn
Update
06d8ba9 
[ghstack-poisoned]
huydhn added a commit that referenced this pull request Jun 25, 2026
@huydhn
osdc/hf-cache: one-off just hf-cache-seed recipe
5a21419 
Adds a local one-off recipe to seed a model into a cluster's HF cache S3 bucket:
downloads with huggingface_hub and `aws s3 sync`s to
s3://pytorch-hf-model-cache-<cluster_id>/hub using your AWS creds (not the OIDC
CI role). Default model Qwen/Qwen2.5-7B-Instruct; set HF_TOKEN for gated models.
Used to populate the large model that test-hf-cache-large-read reads.


ghstack-source-id: 6d009e9
Pull-Request: #833
@github-actions

github-actions Bot commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown

tofu plan — arc-cbr-production-uw1

❌ Plan failed · commit 5e1a42c3 · run log

Plan output 
Installed 1 package in 2ms
{
    "BucketArn": "arn:aws:s3:::ciforge-tfstate-arc-cbr-prod-uw1",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (arc-cbr-production-uw1) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


module.eks.data.aws_caller_identity.current: Reading...
data.aws_availability_zones.available: Reading...
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-0121d1038d393182a]
module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=pytorch-arc-cbr-production-uw1-harbor-registry]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=308535385114]
data.aws_availability_zones.available: Read complete after 0s [id=us-west-1]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 1s [id=ami-07fd8394a1d58b614]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-0b3b22b995e71d8d9]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-08861bee27120b994]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0a13e7b49c841e497]

OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

OpenTofu will perform the following actions:

  # module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "ebs_csi_assume_role" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRoleWithWebIdentity",
            ]
          + effect  = "Allow"

          + condition {
              + test     = "StringEquals"
              + values   = [
                  + "sts.amazonaws.com",
                ]
              + variable = (known after apply)
            }
          + condition {
              + test     = "StringEquals"
              + values   = [
                  + "system:serviceaccount:kube-system:ebs-csi-controller-sa",
                ]
              + variable = (known after apply)
            }

          + principals {
              + identifiers = [
                  + (known after apply),
                ]
              + type        = "Federated"
            }
        }
    }

  # module.eks.data.tls_certificate.cluster[0] will be read during apply
  # (config refers to values not yet known)
 <= data "tls_certificate" "cluster" {
      + certificates = (known after apply)
      + id           = (known after apply)
      + url          = (known after apply)
    }

  # module.eks.aws_eks_access_entry.cluster_admin["osdc_gha_prod"] will be created
  + resource "aws_eks_access_entry" "cluster_admin" {
      + access_entry_arn  = (known after apply)
      + cluster_name      = "pytorch-arc-cbr-production-uw1"
      + created_at        = (known after apply)
      + id                = (known after apply)
      + kubernetes_groups = (known after apply)
      + modified_at       = (known after apply)
      + principal_arn     = "arn:aws:iam::308535385114:role/osdc_gha_prod"
      + region            = "us-west-1"
      + tags              = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all          = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + type              = "STANDARD"
      + user_name         = (known after apply)
    }

  # module.eks.aws_eks_access_policy_association.cluster_admin["osdc_gha_prod"] will be created
  + resource "aws_eks_access_policy_association" "cluster_admin" {
      + associated_at = (known after apply)
      + cluster_name  = "pytorch-arc-cbr-production-uw1"
      + id            = (known after apply)
      + modified_at   = (known after apply)
      + policy_arn    = "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
      + principal_arn = "arn:aws:iam::308535385114:role/osdc_gha_prod"
      + region        = "us-west-1"

      + access_scope {
          + type = "cluster"
        }
    }

  # module.eks.aws_eks_addon.coredns will be created
  + resource "aws_eks_addon" "coredns" {
      + addon_name                  = "coredns"
      + addon_version               = "v1.13.2-eksbuild.1"
      + arn                         = (known after apply)
      + cluster_name                = "pytorch-arc-cbr-production-uw1"
      + configuration_values        = jsonencode(
            {
              + autoScaling               = {
                  + enabled = false
                }
              + podDisruptionBudget       = {
                  + maxUnavailable = 1
                }
              + replicaCount              = 6
              + tolerations               = [
                  + {
                      + effect   = "NoSchedule"
                      + key      = "CriticalAddonsOnly"
                      + operator = "Equal"
                      + value    = "true"
                    },
                ]
              + topologySpreadConstraints = [
                  + {
                      + labelSelector     = {
                          + matchLabels = {
                              + k8s-app = "kube-dns"
                            }
                        }
                      + maxSkew           = 2
                      + topologyKey       = "topology.kubernetes.io/zone"
                      + whenUnsatisfiable = "DoNotSchedule"
                    },
                  + {
                      + labelSelector     = {
                          + matchLabels = {
                              + k8s-app = "kube-dns"
                            }
                        }
                      + maxSkew           = 1
                      + topologyKey       = "kubernetes.io/hostname"
                      + whenUnsatisfiable = "ScheduleAnyway"
                    },
                ]
            }
        )
      + created_at                  = (known after apply)
      + id                          = (known after apply)
      + modified_at                 = (known after apply)
      + region                      = "us-west-1"
      + resolve_conflicts_on_update = "PRESERVE"
      + tags                        = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all                    = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
    }

  # module.eks.aws_eks_addon.ebs_csi_driver will be created
  + resource "aws_eks_addon" "ebs_csi_driver" {
      + addon_name                  = "aws-ebs-csi-driver"
      + addon_version               = (known after apply)
      + arn                         = (known after apply)
      + cluster_name                = "pytorch-arc-cbr-production-uw1"
      + configuration_values        = (known after apply)
      + created_at                  = (known after apply)
      + id                          = (known after apply)
      + modified_at                 = (known after apply)
      + region                      = "us-west-1"
      + resolve_conflicts_on_create = "OVERWRITE"
      + resolve_conflicts_on_update = "PRESERVE"
      + service_account_role_arn    = (known after apply)
      + tags                        = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all                    = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
    }

  # module.eks.aws_eks_addon.kube_proxy will be created
  + resource "aws_eks_addon" "kube_proxy" {
      + addon_name                  = "kube-proxy"
      + addon_version               = "v1.35.0-eksbuild.2"
      + arn                         = (known after apply)
      + cluster_name                = "pytorch-arc-cbr-production-uw1"
      + configuration_values        = (known after apply)
      + created_at                  = (known after apply)
      + id                          = (known after apply)
      + modified_at                 = (known after apply)
      + region                      = "us-west-1"
      + resolve_conflicts_on_update = "PRESERVE"
      + tags                        = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all                    = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
    }

  # module.eks.aws_eks_addon.vpc_cni will be created
  + resource "aws_eks_addon" "vpc_cni" {
      + addon_name                  = "vpc-cni"
      + addon_version               = "v1.21.1-eksbuild.3"
      + arn                         = (known after apply)
      + cluster_name                = "pytorch-arc-cbr-production-uw1"
      + configuration_values        = jsonencode(
            {
              + env = {
                  + ENABLE_PREFIX_DELEGATION = "true"
                  + ENABLE_V4_EGRESS         = "true"
                  + WARM_PREFIX_TARGET       = "1"
                }
            }
        )
      + created_at                  = (known after apply)
      + id                          = (known after apply)
      + modified_at                 = (known after apply)
      + region                      = "us-west-1"
      + resolve_conflicts_on_update = "PRESERVE"
      + tags                        = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all                    = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
    }

  # module.eks.aws_eks_cluster.this will be created
  + resource "aws_eks_cluster" "this" {
      + arn                           = (known after apply)
      + bootstrap_self_managed_addons = true
      + certificate_authority         = (known after apply)
      + cluster_id                    = (known after apply)
      + created_at                    = (known after apply)
      + deletion_protection           = (known after apply)
      + enabled_cluster_log_types     = [
          + "api",
          + "audit",
          + "authenticator",
          + "controllerManager",
          + "scheduler",
        ]
      + endpoint                      = (known after apply)
      + id                            = (known after apply)
      + identity                      = (known after apply)
      + name                          = "pytorch-arc-cbr-production-uw1"
      + platform_version              = (known after apply)
      + region                        = "us-west-1"
      + role_arn                      = (known after apply)
      + status                        = (known after apply)
      + tags                          = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Name"    = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all                      = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Name"      = "pytorch-arc-cbr-production-uw1"
          + "Project"   = "ciforge"
        }
      + version                       = "1.35"

      + access_config {
          + authentication_mode                         = "API_AND_CONFIG_MAP"
          + bootstrap_cluster_creator_admin_permissions = true
        }

      + encryption_config {
          + resources = [
              + "secrets",
            ]

          + provider {
              + key_arn = (known after apply)
            }
        }

      + kubernetes_network_config {
          + ip_family         = "ipv6"
          + service_ipv4_cidr = (known after apply)
          + service_ipv6_cidr = (known after apply)
        }

      + vpc_config {
          + cluster_security_group_id = (known after apply)
          + control_plane_egress_mode = (known after apply)
          + endpoint_private_access   = true
          + endpoint_public_access    = true
          + public_access_cidrs       = [
              + "0.0.0.0/0",
            ]
          + subnet_ids                = [
              + "subnet-08861bee27120b994",
              + "subnet-0a13e7b49c841e497",
            ]
          + vpc_id                    = (known after apply)
        }
    }

  # module.eks.aws_eks_node_group.base will be created
  + resource "aws_eks_node_group" "base" {
      + ami_type               = (known after apply)
      + arn                    = (known after apply)
      + capacity_type          = "ON_DEMAND"
      + cluster_name           = "pytorch-arc-cbr-production-uw1"
      + disk_size              = (known after apply)
      + force_update_version   = true
      + id                     = (known after apply)
      + instance_types         = [
          + "m7i.12xlarge",
        ]
      + labels                 = {
          + "node.kubernetes.io/lifecycle" = "on-demand"
          + "role"                         = "base-infrastructure"
        }
      + node_group_name        = "pytorch-arc-cbr-production-uw1-base-nodes"
      + node_group_name_prefix = (known after apply)
      + node_role_arn          = (known after apply)
      + region                 = "us-west-1"
      + release_version        = (known after apply)
      + resources              = (known after apply)
      + status                 = (known after apply)
      + subnet_ids             = [
          + "subnet-08861bee27120b994",
          + "subnet-0a13e7b49c841e497",
        ]
      + tags                   = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Name"    = "pytorch-arc-cbr-production-uw1-base-nodes"
          + "Project" = "ciforge"
          + "Type"    = "base-infrastructure"
        }
      + tags_all               = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Name"      = "pytorch-arc-cbr-production-uw1-base-nodes"
          + "Project"   = "ciforge"
          + "Type"      = "base-infrastructure"
        }
      + version                = (known after apply)

      + launch_template {
          + id      = (known after apply)
          + name    = (known after apply)
          + version = (known after apply)
        }

      + scaling_config {
          + desired_size = 6
          + max_size     = 6
          + min_size     = 6
        }

      + taint {
          + effect = "NO_SCHEDULE"
          + key    = "CriticalAddonsOnly"
          + value  = "true"
        }

      + timeouts {
          + create = "15m"
          + delete = "10m"
          + update = "15m"
        }

      + update_config {
          + max_unavailable_percentage = 33
        }
    }

  # module.eks.aws_iam_openid_connect_provider.cluster[0] will be created
  + resource "aws_iam_openid_connect_provider" "cluster" {
      + arn             = (known after apply)
      + client_id_list  = [
          + "sts.amazonaws.com",
        ]
      + id              = (known after apply)
      + tags            = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all        = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + thumbprint_list = (known after apply)
      + url             = (known after apply)
    }

  # module.eks.aws_iam_role.cluster will be created
  + resource "aws_iam_role" "cluster" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "eks.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "pytorch-arc-cbr-production-uw1-cluster-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all              = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + unique_id             = (known after apply)
    }

  # module.eks.aws_iam_role.ebs_csi_driver[0] will be created
  + resource "aws_iam_role" "ebs_csi_driver" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "pytorch-arc-cbr-production-uw1-ebs-csi-driver-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all              = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + unique_id             = (known after apply)
    }

  # module.eks.aws_iam_role.node will be created
  + resource "aws_iam_role" "node" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ec2.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "pytorch-arc-cbr-production-uw1-node-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all              = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + unique_id             = (known after apply)
    }

  # module.eks.aws_iam_role_policy.node_cni_ipv6 will be created
  + resource "aws_iam_role_policy" "node_cni_ipv6" {
      + id          = (known after apply)
      + name        = "pytorch-arc-cbr-production-uw1-node-cni-ipv6"
      + name_prefix = (known after apply)
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "ec2:AssignIpv6Addresses",
                          + "ec2:DescribeNetworkInterfaces",
                          + "ec2:DescribeInstances",
                          + "ec2:DescribeInstanceTypes",
                          + "ec2:DescribeTags",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                    },
                  + {
                      + Action   = "ec2:CreateTags"
                      + Effect   = "Allow"
                      + Resource = "arn:aws:ec2:*:*:network-interface/*"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + role        = (known after apply)
    }

  # module.eks.aws_iam_role_policy_attachment.cluster_policy will be created
  + resource "aws_iam_role_policy_attachment" "cluster_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
      + role       = "pytorch-arc-cbr-production-uw1-cluster-role"
    }

  # module.eks.aws_iam_role_policy_attachment.cni_policy will be created
  + resource "aws_iam_role_policy_attachment" "cni_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
      + role       = "pytorch-arc-cbr-production-uw1-node-role"
    }

  # module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0] will be created
  + resource "aws_iam_role_policy_attachment" "ebs_csi_driver" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
      + role       = "pytorch-arc-cbr-production-uw1-ebs-csi-driver-role"
    }

  # module.eks.aws_iam_role_policy_attachment.ecr_policy will be created
  + resource "aws_iam_role_policy_attachment" "ecr_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
      + role       = "pytorch-arc-cbr-production-uw1-node-role"
    }

  # module.eks.aws_iam_role_policy_attachment.node_policy will be created
  + resource "aws_iam_role_policy_attachment" "node_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
      + role       = "pytorch-arc-cbr-production-uw1-node-role"
    }

  # module.eks.aws_iam_role_policy_attachment.ssm_policy will be created
  + resource "aws_iam_role_policy_attachment" "ssm_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
      + role       = "pytorch-arc-cbr-production-uw1-node-role"
    }

  # module.eks.aws_iam_role_policy_attachment.vpc_resource_controller will be created
  + resource "aws_iam_role_policy_attachment" "vpc_resource_controller" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
      + role       = "pytorch-arc-cbr-production-uw1-cluster-role"
    }

  # module.eks.aws_kms_alias.eks_secrets[0] will be created
  + resource "aws_kms_alias" "eks_secrets" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/pytorch-arc-cbr-production-uw1-eks-secrets"
      + name_prefix    = (known after apply)
      + region         = "us-west-1"
      + target_key_arn = (known after apply)
      + target_key_id  = (known after apply)
    }

  # module.eks.aws_kms_key.eks_secrets[0] will be created
  + resource "aws_kms_key" "eks_secrets" {
      + arn                                = (known after apply)
      + bypass_policy_lockout_safety_check = false
      + customer_master_key_spec           = "SYMMETRIC_DEFAULT"
      + deletion_window_in_days            = 30
      + description                        = "KMS key for EKS secrets encryption - pytorch-arc-cbr-production-uw1"
      + enable_key_rotation                = true
      + id                                 = (known after apply)
      + is_enabled                         = true
      + key_id                             = (known after apply)
      + key_usage                          = "ENCRYPT_DECRYPT"
      + multi_region                       = (known after apply)
      + policy                             = (known after apply)
      + region                             = "us-west-1"
      + rotation_period_in_days            = (known after apply)
      + tags                               = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Name"    = "pytorch-arc-cbr-production-uw1-eks-secrets"
          + "Project" = "ciforge"
        }
      + tags_all                           = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Name"      = "pytorch-arc-cbr-production-uw1-eks-secrets"
          + "Project"   = "ciforge"
        }
    }

  # module.eks.aws_launch_template.base will be created
  + resource "aws_launch_template" "base" {
      + arn             = (known after apply)
      + default_version = (known after apply)
      + id              = (known after apply)
      + image_id        = "ami-07fd8394a1d58b614"
      + latest_version  = (known after apply)
      + name            = (known after apply)
      + name_prefix     = "pytorch-arc-cbr-production-uw1-base-"
      + region          = "us-west-1"
      + tags            = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all        = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + user_data       = (known after apply)

      + block_device_mappings {
          + device_name = "/dev/xvda"

          + ebs {
              + delete_on_termination      = "true"
              + encrypted                  = "true"
              + iops                       = 3000
              + throughput                 = 125
              + volume_initialization_rate = (known after apply)
              + volume_size                = 100
              + volume_type                = "gp3"
            }
        }

      + metadata_options {
          + http_endpoint               = "enabled"
          + http_protocol_ipv6          = "enabled"
          + http_put_response_hop_limit = 1
          + http_tokens                 = "required"
          + instance_metadata_tags      = (known after apply)
        }

      + tag_specifications {
          + resource_type = "instance"
          + tags          = {
              + "Cluster" = "pytorch-arc-cbr-production-uw1"
              + "Name"    = "pytorch-arc-cbr-production-uw1-base-node"
              + "Project" = "ciforge"
              + "Type"    = "base-infrastructure"
            }
        }
    }

  # module.harbor.aws_iam_access_key.harbor_s3 will be created
  + resource "aws_iam_access_key" "harbor_s3" {
      + create_date                    = (known after apply)
      + encrypted_secret               = (known after apply)
      + encrypted_ses_smtp_password_v4 = (known after apply)
      + id                             = (known after apply)
      + key_fingerprint                = (known after apply)
      + secret                         = (sensitive value)
      + ses_smtp_password_v4           = (sensitive value)
      + status                         = "Active"
      + user                           = "pytorch-arc-cbr-production-uw1-harbor-s3"
    }

  # module.harbor.aws_iam_policy.harbor_registry will be created
  + resource "aws_iam_policy" "harbor_registry" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Harbor registry S3 access for pytorch-arc-cbr-production-uw1"
      + id               = (known after apply)
      + name             = "pytorch-arc-cbr-production-uw1-harbor-registry"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "s3:ListBucket",
                          + "s3:GetBucketLocation",
                          + "s3:ListBucketMultipartUploads",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:s3:::pytorch-arc-cbr-production-uw1-harbor-registry"
                      + Sid      = "AllowS3BucketAccess"
                    },
                  + {
                      + Action   = [
                          + "s3:GetObject",
                          + "s3:PutObject",
                          + "s3:DeleteObject",
                          + "s3:ListMultipartUploadParts",
                          + "s3:AbortMultipartUpload",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:s3:::pytorch-arc-cbr-production-uw1-harbor-registry/*"
                      + Sid      = "AllowS3ObjectAccess"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + policy_id        = (known after apply)
      + tags             = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all         = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
    }

  # module.harbor.aws_iam_role.harbor_registry will be created
  + resource "aws_iam_role" "harbor_registry" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "pytorch-arc-cbr-production-uw1-harbor-registry"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all              = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + unique_id             = (known after apply)
    }

  # module.harbor.aws_iam_role_policy_attachment.harbor_registry will be created
  + resource "aws_iam_role_policy_attachment" "harbor_registry" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "pytorch-arc-cbr-production-uw1-harbor-registry"
    }

  # module.harbor.aws_iam_user.harbor_s3 will be created
  + resource "aws_iam_user" "harbor_s3" {
      + arn           = (known after apply)
      + force_destroy = false
      + id            = (known after apply)
      + name          = "pytorch-arc-cbr-production-uw1-harbor-s3"
      + path          = "/"
      + tags          = {
          + "Cluster" = "pytorch-arc-cbr-production-uw1"
          + "Project" = "ciforge"
        }
      + tags_all      = {
          + "Cluster"   = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy" = "opentofu"
          + "Project"   = "ciforge"
        }
      + unique_id     = (known after apply)
    }

  # module.harbor.aws_iam_user_policy_attachment.harbor_s3 will be created
  + resource "aws_iam_user_policy_attachment" "harbor_s3" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + user       = "pytorch-arc-cbr-production-uw1-harbor-s3"
    }

  # module.harbor.aws_s3_bucket_public_access_block.harbor_registry will be created
  + resource "aws_s3_bucket_public_access_block" "harbor_registry" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = "pytorch-arc-cbr-production-uw1-harbor-registry"
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + region                  = "us-west-1"
      + restrict_public_buckets = true
    }

  # module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry will be created
  + resource "aws_s3_bucket_server_side_encryption_configuration" "harbor_registry" {
      + bucket = "pytorch-arc-cbr-production-uw1-harbor-registry"
      + id     = (known after apply)
      + region = "us-west-1"

      + rule {
          + blocked_encryption_types = (known after apply)
          + bucket_key_enabled       = (known after apply)

          + apply_server_side_encryption_by_default {
              + kms_master_key_id = (known after apply)
              + sse_algorithm     = "AES256"
            }
        }
    }

  # module.vpc.aws_egress_only_internet_gateway.this will be created
  + resource "aws_egress_only_internet_gateway" "this" {
      + id       = (known after apply)
      + region   = "us-west-1"
      + tags     = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + vpc_id   = "vpc-0121d1038d393182a"
    }

  # module.vpc.aws_eip.nat[0] will be created
  + resource "aws_eip" "nat" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat[1] will be created
  + resource "aws_eip" "nat" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-0"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-0"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-0"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-1"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-2"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-3"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-3"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-3"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-4"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-4"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-4"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-5"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-5"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-5"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1a-6"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-6"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-1-sec-us-west-1a-6"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1c-0"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-0"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-0"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1c-1"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-1"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1c-2"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-2"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1c-3"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "us-west-1"
      + tags                 = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-3"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
      + tags_all             = {
          + "Cluster"                                              = "pytorch-arc-cbr-production-uw1"
          + "ManagedBy"                                            = "opentofu"
          + "Name"                                                 = "pytorch-arc-cbr-production-uw1-vpc-nat-2-sec-us-west-1c-3"
          + "Project"                                              = "ciforge"
          + "kubernetes.io/cluster/pytorch-arc-cbr-production-uw1" = "shared"
        }
    }

  # module.vpc.aws_eip.nat_secondary["us-west-1c-4"] will be created
  + resource "aws_eip" "nat_secondary" {
      + allocation_id        = (known after apply)
      + arn                  = (kno
... (truncated — see workflow logs for full plan)

huydhn added a commit that referenced this pull request Jun 25, 2026
@huydhn
osdc/hf-cache: one-off just hf-cache-seed recipe
349e3b3 
Adds a local one-off recipe to seed a model into a cluster's HF cache S3 bucket:
downloads with huggingface_hub and `aws s3 sync`s to
s3://pytorch-hf-model-cache-<cluster_id>/hub using your AWS creds (not the OIDC
CI role). Default model Qwen/Qwen2.5-7B-Instruct; set HF_TOKEN for gated models.
Used to populate the large model that test-hf-cache-large-read reads.


ghstack-source-id: 6d009e9
Pull-Request: #833
@huydhn
Update
8d9bdef 
[ghstack-poisoned]
huydhn added a commit that referenced this pull request Jun 25, 2026
@huydhn
osdc/hf-cache: one-off just hf-cache-seed recipe
8ce52c8 
Adds a local one-off recipe to seed a model into a cluster's HF cache S3 bucket:
downloads with huggingface_hub and `aws s3 sync`s to
s3://pytorch-hf-model-cache-<cluster_id>/hub using your AWS creds (not the OIDC
CI role). Default model Qwen/Qwen2.5-7B-Instruct; set HF_TOKEN for gated models.
Used to populate the large model that test-hf-cache-large-read reads.


ghstack-source-id: e0a82f4
Pull-Request: #833
@huydhn
Update
788d781 
[ghstack-poisoned]
huydhn added a commit that referenced this pull request Jun 25, 2026
@huydhn
osdc/hf-cache: scripts/hf-cache-seed.py to seed models into bucket(s)
2ddcbfe 
Standalone seeding tool under osdc/scripts (moved out of the justfile). Downloads
each HF model once locally, then `aws s3 sync`s it to one or more clusters'
per-region buckets pytorch-hf-model-cache-<cluster_id>, or --all clusters that
enable the hf-cache module (synced in parallel). Writes straight to S3 with the
operator's AWS creds — independent of the cluster mount. Run once per model.

  uv run scripts/hf-cache-seed.py -c meta-staging-aws-ue1 Qwen/Qwen2.5-7B-Instruct
  uv run scripts/hf-cache-seed.py --all Qwen/Qwen2.5-7B-Instruct

ghstack-source-id: 8866009
Pull-Request: #833
@huydhn
Update
480e419 
[ghstack-poisoned]
huydhn added a commit that referenced this pull request Jun 25, 2026
@huydhn
osdc/hf-cache: scripts/hf-cache-seed.py to seed models into bucket(s)
d65d03d 
Standalone seeding tool under osdc/scripts (moved out of the justfile). Downloads
each HF model once locally, then `aws s3 sync`s it to one or more clusters'
per-region buckets pytorch-hf-model-cache-<cluster_id>, or --all clusters that
enable the hf-cache module (synced in parallel). Writes straight to S3 with the
operator's AWS creds — independent of the cluster mount. Run once per model.

  uv run scripts/hf-cache-seed.py -c meta-staging-aws-ue1 Qwen/Qwen2.5-7B-Instruct
  uv run scripts/hf-cache-seed.py --all Qwen/Qwen2.5-7B-Instruct

ghstack-source-id: a185035
Pull-Request: #833
@huydhn
Update
78dbfd8 
[ghstack-poisoned]
huydhn added a commit that referenced this pull request Jun 25, 2026
@huydhn
osdc/hf-cache: scripts/hf-cache-seed.py to seed models into bucket(s)
f08b9ac 
Standalone seeding tool under osdc/scripts (moved out of the justfile). Downloads
each HF model once locally, then `aws s3 sync`s it to one or more clusters'
per-region buckets pytorch-hf-model-cache-<cluster_id>, or --all clusters that
enable the hf-cache module (synced in parallel). Writes straight to S3 with the
operator's AWS creds — independent of the cluster mount. Run once per model.

  uv run scripts/hf-cache-seed.py -c meta-staging-aws-ue1 Qwen/Qwen2.5-7B-Instruct
  uv run scripts/hf-cache-seed.py --all Qwen/Qwen2.5-7B-Instruct

ghstack-source-id: 3769c61
Pull-Request: #833
@huydhn
Update
53bfee7 
[ghstack-poisoned]
huydhn added a commit that referenced this pull request Jun 26, 2026
@huydhn
osdc/hf-cache: scripts/hf-cache-seed.py to seed models into bucket(s)
53a4884 
Standalone seeding tool under osdc/scripts (moved out of the justfile). Downloads
each HF model once locally, then `aws s3 sync`s it to one or more clusters'
per-region buckets pytorch-hf-model-cache-<cluster_id>, or --all clusters that
enable the hf-cache module (synced in parallel). Writes straight to S3 with the
operator's AWS creds — independent of the cluster mount. Run once per model.

  uv run scripts/hf-cache-seed.py -c meta-staging-aws-ue1 Qwen/Qwen2.5-7B-Instruct
  uv run scripts/hf-cache-seed.py --all Qwen/Qwen2.5-7B-Instruct

ghstack-source-id: 471693c
Pull-Request: #833
huydhn added 2 commits June 25, 2026 19:07
@huydhn
Update
0a585ab 
[ghstack-poisoned]
@huydhn
Update
8fba081 
[ghstack-poisoned]
@github-actions

github-actions Bot commented Jun 26, 2026

Copy link
Copy Markdown

tofu plan — meta-prod-aws-uw1

✅ Plan succeeded · commit dcfa0684 · run log

Plan output 
Installed 1 package in 2ms
{
    "BucketArn": "arn:aws:s3:::ciforge-tfstate-arc-cbr-prod-uw1",
    "BucketRegion": "us-west-2",
    "AccessPointAlias": false
}
━━━ PLAN: Base (meta-prod-aws-uw1) ━━━
There are some problems with the CLI configuration:
╷
│ Error: The specified plugin cache dir /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache cannot be opened: stat /home/runner/work/ci-infra/ci-infra/osdc/.terraform.d/plugin-cache: no such file or directory
│
╵

As a result of the above problems, OpenTofu may not behave as intended.


module.eks.data.aws_caller_identity.current: Reading...
data.aws_availability_zones.available: Reading...
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-0c7a0f5c4f16f50dd]
module.eks.data.aws_ami.eks_optimized_al2023: Reading...
module.eks.aws_iam_role.cluster: Refreshing state... [id=meta-prod-aws-uw1-cluster-role]
module.harbor.aws_iam_user.harbor_s3: Refreshing state... [id=meta-prod-aws-uw1-harbor-s3]
module.eks.aws_iam_role.node: Refreshing state... [id=meta-prod-aws-uw1-node-role]
module.harbor.aws_s3_bucket.harbor_registry: Refreshing state... [id=meta-prod-aws-uw1-harbor-registry]
module.eks.aws_kms_key.eks_secrets[0]: Refreshing state... [id=249b363f-50d9-4d71-8c19-33c90089adc4]
module.eks.data.aws_caller_identity.current: Read complete after 0s [id=308535385114]
data.aws_availability_zones.available: Read complete after 0s [id=us-west-1]
module.eks.aws_kms_alias.eks_secrets[0]: Refreshing state... [id=alias/meta-prod-aws-uw1-eks-secrets]
module.harbor.aws_s3_bucket_public_access_block.harbor_registry: Refreshing state... [id=meta-prod-aws-uw1-harbor-registry]
module.harbor.aws_iam_policy.harbor_registry: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-uw1-harbor-registry]
module.harbor.aws_s3_bucket_server_side_encryption_configuration.harbor_registry: Refreshing state... [id=meta-prod-aws-uw1-harbor-registry]
module.harbor.aws_iam_access_key.harbor_s3: Refreshing state... [id=AKIAUPVRELQNNXRVD65N]
module.vpc.aws_internet_gateway.this: Refreshing state... [id=igw-0c3a516c5f092e482]
module.vpc.aws_egress_only_internet_gateway.this: Refreshing state... [id=eigw-0063ee624cd2732d8]
module.eks.aws_iam_role_policy_attachment.vpc_resource_controller: Refreshing state... [id=meta-prod-aws-uw1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSVPCResourceController]
module.eks.aws_iam_role_policy_attachment.cluster_policy: Refreshing state... [id=meta-prod-aws-uw1-cluster-role/arn:aws:iam::aws:policy/AmazonEKSClusterPolicy]
module.vpc.aws_route_table.public: Refreshing state... [id=rtb-09ba42112ad2f3498]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-000973dc2a1d7e619]
module.vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0ec6555eaab36cb0f]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-09e992b7d08e2e934]
module.vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0e9dc0314cc83122d]
module.vpc.aws_eip.nat_secondary["us-west-1c-2"]: Refreshing state... [id=eipalloc-02f6fb7e715ebf888]
module.eks.data.aws_ami.eks_optimized_al2023: Read complete after 0s [id=ami-07fd8394a1d58b614]
module.vpc.aws_eip.nat_secondary["us-west-1a-1"]: Refreshing state... [id=eipalloc-07fc0a4a8844d68ef]
module.vpc.aws_eip.nat_secondary["us-west-1c-4"]: Refreshing state... [id=eipalloc-026da1516572eec86]
module.vpc.aws_eip.nat_secondary["us-west-1a-2"]: Refreshing state... [id=eipalloc-09e48c6512d9e612f]
module.vpc.aws_eip.nat_secondary["us-west-1c-3"]: Refreshing state... [id=eipalloc-0b5f261d2d97bcdc2]
module.vpc.aws_eip.nat_secondary["us-west-1c-6"]: Refreshing state... [id=eipalloc-047cd622afc027ee1]
module.vpc.aws_eip.nat_secondary["us-west-1a-3"]: Refreshing state... [id=eipalloc-0396526b463284581]
module.vpc.aws_eip.nat_secondary["us-west-1c-5"]: Refreshing state... [id=eipalloc-0def1ec3fa43dac4b]
module.vpc.aws_eip.nat_secondary["us-west-1a-0"]: Refreshing state... [id=eipalloc-08ee495e2612f9854]
module.vpc.aws_eip.nat_secondary["us-west-1c-0"]: Refreshing state... [id=eipalloc-0aa6be0f303fb413d]
module.vpc.aws_eip.nat_secondary["us-west-1a-5"]: Refreshing state... [id=eipalloc-0686d617611f65881]
module.vpc.aws_eip.nat_secondary["us-west-1a-6"]: Refreshing state... [id=eipalloc-0bf3c5405c4b04b9c]
module.vpc.aws_eip.nat_secondary["us-west-1c-1"]: Refreshing state... [id=eipalloc-0b7ef04c32820eb2b]
module.vpc.aws_eip.nat_secondary["us-west-1a-4"]: Refreshing state... [id=eipalloc-052349005feef822c]
module.vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-062b73a22caa683b7]
module.vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-04dd3f923b70d7177]
module.harbor.aws_iam_user_policy_attachment.harbor_s3: Refreshing state... [id=meta-prod-aws-uw1-harbor-s3/arn:aws:iam::308535385114:policy/meta-prod-aws-uw1-harbor-registry]
module.eks.aws_iam_role_policy_attachment.ssm_policy: Refreshing state... [id=meta-prod-aws-uw1-node-role/arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore]
module.eks.aws_iam_role_policy_attachment.ecr_policy: Refreshing state... [id=meta-prod-aws-uw1-node-role/arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly]
module.eks.aws_iam_role_policy_attachment.cni_policy: Refreshing state... [id=meta-prod-aws-uw1-node-role/arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy]
module.eks.aws_iam_role_policy.node_cni_ipv6: Refreshing state... [id=meta-prod-aws-uw1-node-role:meta-prod-aws-uw1-node-cni-ipv6]
module.eks.aws_iam_role_policy_attachment.node_policy: Refreshing state... [id=meta-prod-aws-uw1-node-role/arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-0ea3c0815876de4c6]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-021106d76c25ab7dd]
module.eks.aws_eks_cluster.this: Refreshing state... [id=meta-prod-aws-uw1]
module.eks.aws_eks_addon.kube_proxy: Refreshing state... [id=meta-prod-aws-uw1:kube-proxy]
module.eks.aws_eks_access_entry.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-uw1:arn:aws:iam::308535385114:role/osdc_gha_prod]
module.eks.data.tls_certificate.cluster[0]: Reading...
module.eks.aws_eks_addon.vpc_cni: Refreshing state... [id=meta-prod-aws-uw1:vpc-cni]
module.eks.aws_launch_template.base: Refreshing state... [id=lt-09e8b410d5601fb81]
module.eks.data.tls_certificate.cluster[0]: Read complete after 0s [id=ab5db6c82031e2d229412c67921160a3b3af073b]
module.eks.aws_iam_openid_connect_provider.cluster[0]: Refreshing state... [id=arn:aws:iam::308535385114:oidc-provider/oidc.eks.us-west-1.amazonaws.com/id/049195ED3247B03B610AB041768C99D9]
module.eks.aws_eks_node_group.base: Refreshing state... [id=meta-prod-aws-uw1:meta-prod-aws-uw1-base-nodes]
module.harbor.aws_iam_role.harbor_registry: Refreshing state... [id=meta-prod-aws-uw1-harbor-registry]
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Reading...
module.eks.data.aws_iam_policy_document.ebs_csi_assume_role[0]: Read complete after 0s [id=1948150697]
module.eks.aws_iam_role.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-uw1-ebs-csi-driver-role]
module.vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-0c4f5e0d136a43bc1]
module.vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-0f09a57f0a682972e]
module.eks.aws_eks_addon.coredns: Refreshing state... [id=meta-prod-aws-uw1:coredns]
module.vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-0252a95ace300ec13]
module.vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-096d5785b7f057456]
module.eks.aws_eks_access_policy_association.cluster_admin["osdc_gha_prod"]: Refreshing state... [id=meta-prod-aws-uw1#arn:aws:iam::308535385114:role/osdc_gha_prod#arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy]
module.vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-073892599db845ebe]
module.vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-03da4cbd6db56b03b]
module.harbor.aws_iam_role_policy_attachment.harbor_registry: Refreshing state... [id=meta-prod-aws-uw1-harbor-registry/arn:aws:iam::308535385114:policy/meta-prod-aws-uw1-harbor-registry]
module.eks.aws_iam_role_policy_attachment.ebs_csi_driver[0]: Refreshing state... [id=meta-prod-aws-uw1-ebs-csi-driver-role/arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy]
module.eks.aws_eks_addon.ebs_csi_driver: Refreshing state... [id=meta-prod-aws-uw1:aws-ebs-csi-driver]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

━━━ PLAN: Module karpenter (meta-prod-aws-uw1) ━━━
data.terraform_remote_state.base: Reading...
aws_cloudwatch_event_rule.scheduled_change: Refreshing state... [id=meta-prod-aws-uw1-karpenter-scheduled-change]
aws_sqs_queue.karpenter: Refreshing state... [id=https://sqs.us-west-1.amazonaws.com/308535385114/meta-prod-aws-uw1-karpenter]
aws_cloudwatch_event_rule.instance_state_change: Refreshing state... [id=meta-prod-aws-uw1-karpenter-instance-state-change]
aws_cloudwatch_event_rule.rebalance: Refreshing state... [id=meta-prod-aws-uw1-karpenter-rebalance]
aws_cloudwatch_event_rule.spot_interruption: Refreshing state... [id=meta-prod-aws-uw1-karpenter-spot-interruption]
aws_sqs_queue_policy.karpenter: Refreshing state... [id=https://sqs.us-west-1.amazonaws.com/308535385114/meta-prod-aws-uw1-karpenter]
aws_cloudwatch_event_target.spot_interruption: Refreshing state... [id=meta-prod-aws-uw1-karpenter-spot-interruption-KarpenterSpotInterruption]
aws_cloudwatch_event_target.instance_state_change: Refreshing state... [id=meta-prod-aws-uw1-karpenter-instance-state-change-KarpenterInstanceStateChange]
aws_cloudwatch_event_target.scheduled_change: Refreshing state... [id=meta-prod-aws-uw1-karpenter-scheduled-change-KarpenterScheduledChange]
aws_cloudwatch_event_target.rebalance: Refreshing state... [id=meta-prod-aws-uw1-karpenter-rebalance-KarpenterRebalance]
data.terraform_remote_state.base: Read complete after 1s
aws_ec2_tag.subnet_karpenter_discovery["subnet-0ec6555eaab36cb0f"]: Refreshing state... [id=subnet-0ec6555eaab36cb0f,karpenter.sh/discovery]
aws_ec2_tag.cluster_sg_karpenter: Refreshing state... [id=sg-07b2ae82341ea99c4,karpenter.sh/discovery]
aws_ec2_tag.subnet_karpenter_discovery["subnet-0e9dc0314cc83122d"]: Refreshing state... [id=subnet-0e9dc0314cc83122d,karpenter.sh/discovery]
aws_iam_role.karpenter_controller: Refreshing state... [id=meta-prod-aws-uw1-karpenter-controller]
aws_iam_policy.karpenter_controller: Refreshing state... [id=arn:aws:iam::308535385114:policy/meta-prod-aws-uw1-karpenter-controller]
aws_iam_role_policy_attachment.karpenter_controller: Refreshing state... [id=meta-prod-aws-uw1-karpenter-controller-20260625071532734400000001]

No changes. Your infrastructure matches the configuration.

OpenTofu has compared your real infrastructure against your configuration and
found no differences, so no changes are needed.

huydhn added 4 commits June 25, 2026 19:24
@huydhn
Update
65abe80 
[ghstack-poisoned]
@huydhn
Update
2dbfbc2 
[ghstack-poisoned]
@huydhn
Update
efc3583 
[ghstack-poisoned]
@huydhn
Update
48fff97 
[ghstack-poisoned]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeanschmidt jeanschmidt Awaiting requested review from jeanschmidt jeanschmidt is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@huydhn