Open gthieleb opened 4 months ago
This is not supported in the backend. There were discussions at some point, but there are no clear plans to allow this.
@cristiGuranIonos Does this mean it is not possible to enable the firewall with terraform. Is there a workaround by using an API call?
As a workaround I tried with creating an additional NIC to perform the firewall enablement action but as you already stated it seems explicitly prohibited:
│ Error: error occured while creating a nic: an error occured while creating nic for dcId: 8f9e61ba-e4a3-417d-8386-1871102a4d4e, server_id: 81cef2fa-b6ee-486d-b165-cd689fc97a00, Response: (403 Forbidden {
│ "httpStatus" : 403,
│ "messages" : [ {
│ "errorCode" : "452",
│ "message" : "Access Denied: Server 81cef2fa-b6ee-486d-b165-cd689fc97a00 is managed by 'k8s'."
│ } ]
│ }
│ )
tf:
resource "ionoscloud_k8s_node_pool" "node_pool" {
name = var.ionos_k8s_nodepool_name
k8s_version = var.ionos_k8s_nodepool_version
maintenance_window {
day_of_the_week = "Sunday"
time = "03:30:00Z"
}
datacenter_id = data.ionoscloud_datacenter.dc.id
k8s_cluster_id = ionoscloud_k8s_cluster.cluster.id
cpu_family = "INTEL_SKYLAKE"
availability_zone = "AUTO"
storage_type = "HDD"
node_count = var.ionos_nodepool_spec.node_count
cores_count = var.ionos_nodepool_spec.cores_count
ram_size = var.ionos_nodepool_spec.ram_size
storage_size = var.ionos_nodepool_spec.storage_size
# initial deploy private lan
lans {
id = ionoscloud_lan.private.id
}
}
data ionoscloud_servers k8s_nodes {
datacenter_id = data.ionoscloud_datacenter.dc.id
filter {
name = "name"
value = var.ionos_k8s_nodepool_name
}
depends_on = [ionoscloud_k8s_node_pool.node_pool]
}
resource "ionoscloud_nic" "public_nic" {
count = var.ionos_nodepool_spec.node_count
datacenter_id = data.ionoscloud_datacenter.dc.id
server_id = data.ionoscloud_servers.k8s_nodes.servers[count.index].id
name = "NIC ${ionoscloud_lan.public.name}"
lan = ionoscloud_lan.public.id
firewall_active = true
depends_on = [ionoscloud_k8s_node_pool.node_pool]
}
Treating the nodepool as a normal server is not allowed as it might lead to undefined behaviour.
Current Provider Version
Use-cases
I would like to enable the firewall of kubernetes nodepool by using terraform. Currently when creating a nodepool I do not have access to the server or nic resource that contains this flag.
Attempted Solutions
I tried to import the nic ressource but this a little bit tricky.
Proposal
I see 2 possibilities to address that topic.