The ability to attach a sm instance at vpc cluster creation is missing

[vburckhardt]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

ibm_container_ingress_instance allows to attach an instance after creation, but it is not possible to attach an instance at cluster creation through the provider.

The capability exists in the CLI: https://cloud.ibm.com/docs/openshift?topic=openshift-secrets-mgr#secrets-mgr_cluster_create

New or Affected Resource(s)

• ibm_container_vpc_cluster

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

• 0000

[hkantare]

@attilatabori Can some one from team look into this

[theodoracheng]

@vburckhardt This is the expected behavior - configurations are limited in the cluster configuration resource to limit complexity. The recommended approach is to create the cluster first, then register a default Secrets Manager instance immediately after. Doing so will result in the ingress domain TLS certificates being uploaded to the corresponding Secrets Manager instance.

[vburckhardt]

Hello @theodoracheng - the terraform provider should surface the same capabilities as the IBM Cloud CLI / API. This is an overall design goal. I do not think the argument around "limiting complexity" makes sense here.