If Helm Chart, Kubernetes Cluster and version (RKE1, RKE2, k3s, EKS, etc): v2.16.8-rancher2
Proxy/Cert Details:
Information about the Cluster
Kubernetes version: v1.25.13+rke2r1
Cluster Type (Local/Downstream): Donwstream Custom
If downstream, what type of cluster? (Custom/Imported or specify provider for Hosted/Infrastructure Provider):
Incostistent plan when try to add S3 configuration for ETCD backup. The bucket is created by another module and the credentials are stored inside Hashicorp Vault
To Reproduce
Actual Result
│ When expanding the plan for module.rancher2[0].rancher2_cluster_v2.this to
│ include new values learned so far during apply, provider
│ "registry.terraform.io/rancher/rancher2" produced an invalid new value for
│ .rke_config[0].etcd[0].s3_config[0].bucket: was cty.StringVal(""), but now
│ cty.StringVal("name_of_the_bucket").
Expected Result
Enable the S3 configuration for ETCD backup
Screenshots
data "vault_kv_secret_v2" "etcd_secret" {
for_each = { for bucket in var.s3_bucket : bucket.bucket_name => bucket if bucket.tags == "etcd" }
mount = "mount-point"
name = "path/to/vault/secrets/${each.key}-${var.workspace}-data"
}
Rancher Server Setup
If Helm Chart, Kubernetes Cluster and version (RKE1, RKE2, k3s, EKS, etc): v2.16.8-rancher2
Information about the Cluster
Incostistent plan when try to add S3 configuration for ETCD backup. The bucket is created by another module and the credentials are stored inside Hashicorp Vault
To Reproduce
Actual Result
│ When expanding the plan for module.rancher2[0].rancher2_cluster_v2.this to │ include new values learned so far during apply, provider │ "registry.terraform.io/rancher/rancher2" produced an invalid new value for │ .rke_config[0].etcd[0].s3_config[0].bucket: was cty.StringVal(""), but now │ cty.StringVal("name_of_the_bucket").
Expected Result
Enable the S3 configuration for ETCD backup
Screenshots
data "vault_kv_secret_v2" "etcd_secret" { for_each = { for bucket in var.s3_bucket : bucket.bucket_name => bucket if bucket.tags == "etcd" } mount = "mount-point" name = "path/to/vault/secrets/${each.key}-${var.workspace}-data" }
Create a new rancher2 Cloud Credential
resource "rancher2_cloud_credential" "this" { name = "${var.workspace}-etcd-s3" description = "Backup etcd to S3" s3_credential_config { access_key = data.vault_kv_secret_v2.etcd_secret[keys(data.vault_kv_secret_v2.etcd_secret)[0]].data["access_key"] secret_key = data.vault_kv_secret_v2.etcd_secret[keys(data.vault_kv_secret_v2.etcd_secret)[0]].data["secret_key"] default_bucket = data.vault_kv_secret_v2.etcd_secret[keys(data.vault_kv_secret_v2.etcd_secret)[0]].data["bucket_name"] default_endpoint = data.vault_kv_secret_v2.etcd_secret[keys(data.vault_kv_secret_v2.etcd_secret)[0]].data["endpoint"] default_folder = "/etcd_backup" default_region = data.vault_kv_secret_v2.etcd_secret[keys(data.vault_kv_secret_v2.etcd_secret)[0]].data["region"] default_skip_ssl_verify = var.rancher2.etcd.snapshot.s3_config.skip_ssl_verify } }
s3 config resource "rancher2_cluster_v2"
Additional context