Can you shed some light on why the following argument is required:
edge_gateway_id
In VCD UI, it is perfectly acceptable to create IP Sets even when no edge gateways have been created in a VDC group.
In our use case, we would refer to IP sets in mainly distributed firewall rules, to control east-west traffic. It therefore makes no sense to bind these objects to a single edge gateway from that point of view, since these IP Set objects would not even be used by any single edge gateway, but DFW rules controlling VM-to-VM traffic.
It appears that in order to use these IP Set objects, you have to create a VDC Group level edge gateway and bind these IP Sets to it, in order to use those IP Sets in distributed firewall rules. Would it not make more sense to bind these IP Sets to a particular VDC group, instead of a single edge gateway? I am asking because I see that the "vdc" argument in deprecated. Perhaps there is some dependency that I am missing.
Hello,
Terraform Version
1.7.2
Affected Resource(s)
Can you shed some light on why the following argument is required: edge_gateway_id
In VCD UI, it is perfectly acceptable to create IP Sets even when no edge gateways have been created in a VDC group.
In our use case, we would refer to IP sets in mainly distributed firewall rules, to control east-west traffic. It therefore makes no sense to bind these objects to a single edge gateway from that point of view, since these IP Set objects would not even be used by any single edge gateway, but DFW rules controlling VM-to-VM traffic.
It appears that in order to use these IP Set objects, you have to create a VDC Group level edge gateway and bind these IP Sets to it, in order to use those IP Sets in distributed firewall rules. Would it not make more sense to bind these IP Sets to a particular VDC group, instead of a single edge gateway? I am asking because I see that the "vdc" argument in deprecated. Perhaps there is some dependency that I am missing.