Open lionelmace opened 3 years ago
Hi @lionelmace Can you try passing kms instance guid
for the kms config's instance_id
.. like this
kms_config = [
{
instance_id = ibm_resource_instance.kp_instance.guid,
crk_id = ibm_kp_key.my_kp_key.id,
private_endpoint = true
}
]
If I use guid
, I face this error
module.vpc_openshift_cluster.ibm_container_vpc_cluster.cluster: Modifying... [id=c5r5me1f0qelptsqsrn0]
╷
│ Error: Request failed with status code: 400, ServerErrorResponse: {"incidentID":"32b7b592-399c-48f0-8cda-37a2190b96e5,32b7b592-399c-48f0-8cda-37a2190b96e5","code":"E94ef","description":"Invalid key management service information. Check your KMS instance ID, root key, and endpoint URL.","type":"Cluster","recoveryCLI":"To get the instance ID, run 'ibmcloud resource service-instance \u003ckms_service\u003e --id' and copy the second value (not the full CRN).\nTo get the root key and endpoint URL, consult the KMS provider documentation, such as 'http://ibm.biz/kp-viewcrk' and 'http://ibm.biz/kp-endpoints'."}
│
│ with module.vpc_openshift_cluster.ibm_container_vpc_cluster.cluster,
│ on .terraform/modules/vpc_openshift_cluster/modules/vpc-openshift/main.tf line 6, in resource "ibm_container_vpc_cluster" "cluster":
│ 6: resource "ibm_container_vpc_cluster" "cluster" {
Which provider version has your module downloaded? If using the latest version, you shouldn't be seeing the issue when passing the guid of kp instance to kms_config. But in case you it has downloaded the older provider versions.. can you tell us if you have provider block with region parameter declared inn your tf configuration?
I didn’t specify a version so I guess I use the latest version. Here is the code I use: https://github.com/lionelmace/mytodo/blob/master/cloud/terraform/main.tf
I upgraded the terraform to version 1.34.0
. I use guid. I still face the same error
module.vpc_openshift_cluster.ibm_container_vpc_cluster.cluster: Modifying... [id=c5r5me1f0qelptsqsrn0]
╷
│ Error: Request failed with status code: 400, ServerErrorResponse: {"incidentID":"71b26e62-3b1b-4405-b87b-b684822f99f7,71b26e62-3b1b-4405-b87b-b684822f99f7","code":"E94ef","description":"Invalid key management service information. Check your KMS instance ID, root key, and endpoint URL.","type":"Cluster","recoveryCLI":"To get the instance ID, run 'ibmcloud resource service-instance \u003ckms_service\u003e --id' and copy the second value (not the full CRN).\nTo get the root key and endpoint URL, consult the KMS provider documentation, such as 'http://ibm.biz/kp-viewcrk' and 'http://ibm.biz/kp-endpoints'."}
│
│ with module.vpc_openshift_cluster.ibm_container_vpc_cluster.cluster,
│ on .terraform/modules/vpc_openshift_cluster/modules/vpc-openshift/main.tf line 6, in resource "ibm_container_vpc_cluster" "cluster":
│ 6: resource "ibm_container_vpc_cluster" "cluster" {
Do you have provider block declared with region? If yes, what is the region? What location are you creating the cluster?
Yes. Region = eu-de
The complete tf scripts are here
https://github.com/lionelmace/mytodo/blob/master/cloud/terraform/provider.tf
I'm trying to enable KMS on my existing cluster using the following terraform:
I'm facing the error below when I do
terraform apply
What am I missing? Wrong id for KP?