terraform-provider-rancher2
terraform-provider-rancher2 copied to clipboard
Published
20 hours ago •
rancher
rancher
Create new RKE-Template-Revision error. Bad response statusCode [422]. Status [422 Unprocessable Entity]
We are using rancher2_cluster_template to create and upgrade RKE clusters. With Rancher 2.6.3 and 2.6.4, we are experiencing the problem of making a new Template.
First, we deploy the RKE cluster with one template revision, "V7," in our case.
resource "rancher2_cluster_template" "rke-template" {
name = var.rke-template-name
template_revisions {
name = "V7"
cluster_config {
enable_network_policy = false
#default_pod_security_policy_template_id = "restricted"
#kube_config = ""
rke_config {
addons = file("./rke-config-files/V7/addon.yml")
kubernetes_version = "v1.20.12-rancher1-1"
private_registries {
url = "docker-server-rancherhub.packages.server.local"
is_default = true
user = var.registry_username
password = var.registry_password
}
ingress {
default_backend = true
provider = "nginx"
node_selector = { "server/affinity.type" = "ingress" }
#extra_args = {"default-ssl-certificate"="ingress-nginx/ingress-nginx-secret"}
}
network {
plugin = "calico"
}
services {
etcd {
gid = 52034
uid = 52034
}
kube_api {
always_pull_images = true
pod_security_policy = false
audit_log {
enabled = true
configuration {
max_age = 10
max_backup = 10
max_size = 100
format = "json"
policy = file("./rke-config-files/V7/auditlog_policy.yaml")
}
}
secrets_encryption_config {
enabled = true
}
event_rate_limit {
enabled = true
configuration = file("./rke-config-files/V7/event_rate_config.yaml")
}
}
kube_controller {
extra_args = { "cluster-signing-cert-file" = "/etc/kubernetes/ssl/kube-ca.pem", "cluster-signing-key-file" = "/etc/kubernetes/ssl/kube-ca-key.pem" }
}
}
upgrade_strategy {
drain = true
drain_input {
grace_period = 30
delete_local_data = true
}
max_unavailable_worker = "20%"
}
}
}
default = true
}
description = "Terraform cluster template"
}
This code works just fine.
Then, if we try to create a second revision ,V8, we get an error:
resource "rancher2_cluster_template" "rke-template" {
name = var.rke-template-name
template_revisions {
name = "V7"
cluster_config {
enable_network_policy = false
#default_pod_security_policy_template_id = "restricted"
#kube_config = ""
rke_config {
addons = file("./rke-config-files/V7/addon.yml")
kubernetes_version = "v1.20.12-rancher1-1"
private_registries {
url = "docker-server-rancherhub.packages.server.local"
is_default = true
user = var.registry_username
password = var.registry_password
}
ingress {
default_backend = true
provider = "nginx"
node_selector = { "server/affinity.type" = "ingress" }
#extra_args = {"default-ssl-certificate"="ingress-nginx/ingress-nginx-secret"}
}
network {
plugin = "calico"
}
services {
etcd {
gid = 52034
uid = 52034
}
kube_api {
always_pull_images = true
pod_security_policy = false
audit_log {
enabled = true
configuration {
max_age = 10
max_backup = 10
max_size = 100
format = "json"
policy = file("./rke-config-files/V7/auditlog_policy.yaml")
}
}
secrets_encryption_config {
enabled = true
}
event_rate_limit {
enabled = true
configuration = file("./rke-config-files/V7/event_rate_config.yaml")
}
}
kube_controller {
extra_args = { "cluster-signing-cert-file" = "/etc/kubernetes/ssl/kube-ca.pem", "cluster-signing-key-file" = "/etc/kubernetes/ssl/kube-ca-key.pem" }
}
}
upgrade_strategy {
drain = true
drain_input {
grace_period = 30
delete_local_data = true
}
max_unavailable_worker = "20%"
}
}
}
default = true
}
template_revisions {
name = "V8"
cluster_config {
enable_network_policy = false
#default_pod_security_policy_template_id = "restricted"
#kube_config = ""
rke_config {
addons = file("./rke-config-files/V8/addon.yml")
kubernetes_version = "v1.21.7-rancher1-1"
private_registries {
url = "docker-server-rancherhub.packages.server.local"
is_default = true
user = var.registry_username
password = var.registry_password
}
ingress {
default_backend = true
provider = "nginx"
node_selector = { "server/affinity.type" = "ingress" }
#extra_args = {"default-ssl-certificate"="ingress-nginx/ingress-nginx-secret"}
}
network {
plugin = "calico"
}
services {
etcd {
gid = 52034
uid = 52034
}
kube_api {
always_pull_images = true
pod_security_policy = false
audit_log {
enabled = true
configuration {
max_age = 10
max_backup = 10
max_size = 100
format = "json"
policy = file("./rke-config-files/V8/auditlog_policy.yaml")
}
}
secrets_encryption_config {
enabled = true
}
event_rate_limit {
enabled = true
configuration = file("./rke-config-files/V8/event_rate_config.yaml")
}
}
kube_controller {
extra_args = { "cluster-signing-cert-file" = "/etc/kubernetes/ssl/kube-ca.pem", "cluster-signing-key-file" = "/etc/kubernetes/ssl/kube-ca-key.pem" }
}
}
upgrade_strategy {
drain = true
drain_input {
grace_period = 30
delete_local_data = true
}
max_unavailable_worker = "20%"
}
}
}
default = false
}
description = "Terraform cluster template"
}
module.rancher_cluster.rancher2_cluster_template.rke-template: Modifying... [id=cattle-global-data:ct-jjcjb]
╷
│ Error: Updating ClusterTemplateRevision cattle-global-data:ctr-tpvcn: Bad response statusCode [422]. Status [422 Unprocessable Entity]. Body: [code=InvalidAction, message=Cannot update the clusterTemplateRevision until Clusters are referring it, baseType=error] from [https://rancher.test.paas.server.com/v3/clusterTemplateRevisions/cattle-global-data:ctr-tpvcn]
│
│ with module.rancher_cluster.rancher2_cluster_template.rke-template,
│ on ../../terraform-rancher-module/rke-template.tf line 1, in resource "rancher2_cluster_template" "rke-template":
│ 1: resource "rancher2_cluster_template" "rke-template" {
│
╵
The same login works in Rancher 2.5.11 and 2.5.12.
Terraform version: 1.1.4
rancher2 provider version: 1.21.0, 1.22.2, 1.23.0
Rancher version: 2.6.3, 2.6.4
@romanromanovv Were you able to ever resolve this, and if so, how did you do it?
This is outdated and has been closed by the original customer who filed it.
