Refer to LPGs created by the module in the `nat/internet_gateway_route_rules`

[12345ieee]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

#295 (resolved in #332 ) added the capability to create LPGs in the oke VCN by the use of:

local_peering_gateways  = {lpg1_name = { route_table_id = "", peer_id = "possible_id_of_peered" }}

But it's not possible to refer to these gateways in the nat/internet_gateway_route_rules sections the way it's possible for the predefined drg, nat_gateway, internet_gateway.

This makes it impossible to create fully contained LPG-route networks in the OKE module, as it holds the VCN inside, so one has a chicken-and-egg problem. #467 would solve this from another angle, but the support needed is SO SO close to what we already have.

New or Affected Resource(s)

oci_core_local_peering_gateway
oci_core_route_table

Potential Terraform Configuration

I suggest a configuration similar to the one for drg, nat_gateway, internet_gateway:

  local_peering_gateways  = {lpg1_name = { route_table_id = "", peer_id = "possible_id_of_peered" }}
  nat_gateway_route_rules = [
    {
      destination       = "172.18.0.0/16",
      destination_type  = "CIDR_BLOCK",
      network_entity_id = "nat_gateway",
      description       = "already works, uses the id of the NAT GW created by the OKE module"
    },
    {
      destination       = "172.19.0.0/16",
      destination_type  = "CIDR_BLOCK",
      network_entity_id = "LPG@lpg1_name",
      description       = "this doesn't work right now, the network_entity_id would be the id of the LPG created above"
    }
  ]

References

[hyder]

Hi @12345ieee,

For the network_entity_id value, can you please try passing the LPGs' OCIDs directly?

I would also like to understand your use case better. Can you please elaborate?

[12345ieee]

Hi @hyder ,

I would like to put the LPG ocid there, the issue is that I do not have it until the module runs, because the LPG is created by the module. But I would need the id before the module runs to write it in the inputs, hence the chicken-egg problem.

The drg, nat_gateway, internet_gateway have the same issue, that's why a special string key has been created to represent their id before the module is run, IMHO the same is needed for LPGs.

[hyder]

+@snafuz and @kral2

I thought you can get the module to create the lpgs for you by using the local_peering_gateways variable. Or am I missing something? Can you please help @12345ieee?

[12345ieee]

Oh, but the module absolutely creates the LPGs for me, the issue is in configuring routes to/from said LPGs in the cluster subnets.

[snafuz]

@12345ieee I see your point. I've opened a related issue in the vcn module. I'm currently working on improving the whole route rules management to give it more flexibility and will include this change.

[thpham]

@12345ieee I created a PR that address your issue, would you be interested to have a look and eventually test it ?

[hyder]

Once we've tested it in the VCN module, let's test it here as well just to make sure there's no side effect on existing clusters.

[12345ieee]

I thank you @thpham , but I cannot test it anymore, as I moved to defining the networking outside of the oke module for added flexibility, using the feature added in #467 .

[thpham]

The latest v3.6.0 release of terraform-oci-vcn module, now include the feature, I will prepare a PR here to allow its usage.