[BUG] Unable to see the secret that stores S3 credentials

[mvineza]

Rancher Server Setup

• Rancher version: 2.7.8
• Installation option (Docker install/Helm Chart): Helm Chart
  • If Helm Chart, Kubernetes Cluster and version (RKE1, RKE2, k3s, EKS, etc): RKE2
• Proxy/Cert Details:

Information about the Cluster

• Kubernetes version: v1.26.8+rke2r1
• Cluster Type (Local/Downstream): Downstream
  • If downstream, what type of cluster? (Custom/Imported or specify provider for Hosted/Infrastructure Provider): Infrastructure Provider

    We are seeing the following issue on Rancher UI after pointing etcd snapshots location to our storage appliance.

    failed to lookup etcdSnapshotCloudCredentialName: secrets "rancherv2" not found, refreshing etcd create state

    To Reproduce

    1. Add the following config on the terraform module.

       
       # main.tf
       # ...
       etcd {
         disable_snapshots = false
         s3_config {
           bucket                = var.etcd_snapshots_bucket
           endpoint              = var.etcd_snapshots_endpoint
           cloud_credential_name = rancher2_cloud_credential.this.name
         }
       
         snapshot_retention     = var.etcd_snapshots_retention
         snapshot_schedule_cron = var.etcd_snapshots_schedule
       }

    resource "rancher2_cloud_credential" "this" { name = "rancherv2" s3_credential_config { access_key = var.etcd_snapshots_access_key secret_key = var.etcd_snapshots_secret_key } }

    ...

    
    2. Add the following variable

    varibles.tf

    ...

    variable "etcd_snapshots_bucket" { description = "S3 bucket name" type = string default = "k8s-etcd-snapshots" }

    variable "etcd_snapshots_access_key" { description = "S3 access key for writing snapshots" type = string }

    variable "etcd_snapshots_secret_key" { description = "S3 secret key for writing snapshots" type = string }

    variable "etcd_snapshots_endpoint" { description = "S3 endpoint" type = string default = "https://storage.local" }

    variable "etcd_snapshots_retention" { description = "Snapshot retention" type = number default = 5 }

    variable "etcd_snapshots_schedule" { description = "Snapshot schedule in cron syntax" type = string default = "0 /5 " }

    
    
    3. Apply terraform
    4. Go to Rancher UI: Cluster Management > select the cluster > Snapshots > Snapshot Now
    
    ### Actual Result
    <!-- A clear and concise description of what actually happened. -->
    Snapshot creation fails with the error above
    
    ### Expected Result
    <!--A clear and concise description of what you expected to happen.-->
    A snapshot will be created to our storage appliance
    
    ### Screenshots
    <!-- If applicable, add screenshots to help explain your problem.-->
    <img width="764" alt="image" src="https://github.com/rancher/terraform-provider-rancher2/assets/28911125/6ee7bf8d-718d-46f3-a04c-021d9cc6f1de">
    
    ### Additional context
    <!--Add any other context about the problem here.-->

[mvineza]

I checked this again and notice that the "rancherv2" secret is supposed to be under fleet-default namespace.

As a workaround, I create a secret under that namespace inside the upstream (local) cluster.

apiVersion: v1
data:
  s3credentialConfig-accessKey: dGVzdHRlc3R0ZXN0dGVzdHRlc3R0ZXN0dGVzdA==
  s3credentialConfig-defaultSkipSSLVerify: ZmFsc2U=
  s3credentialConfig-secretKey: dGVzdHRlc3R0ZXN0dGVzdHRlc3R0ZXN0dGVzdA==
kind: Secret
metadata:
  name: rancherv2
  namespace: fleet-default
type: Opaque

Not sure if I'm missing something on my terraform code or this secret must be handled and created separately.