terraform-provider-rancher2 icon indicating copy to clipboard operation
terraform-provider-rancher2 copied to clipboard

Published 20 hours ago verified publisher icon rancher

rancher2_cloud_credential secret created in wrong cluster

Open mh013370 opened this issue 2 years ago • 0 comments

Rancher version v2.6.5 rancher2 provider version: 1.23.0 rke2 version: 1.22.7

I have a minio i'm trying to use to store etcd backups for a workload rke2 cluster and so i'm trying to configure it to do so. I'd previously used it to store rke1 backups via this provider, so I've set this up in the past.

I've deployed a rancher2_cluster_v2 cluster successfully that's running several workloads. It comes up successfully and isn't a problem point.

To configure the etcd backups, i've added an etcd block to rancher2_cluster_v2.rke_config and created a rancher2_cloud_credential with an s3_credential_config as follows:

resource "rancher2_cluster_v2" "my_cluster" {
  rke_config {
    etcd {
      snapshot_schedule_cron = "0 */12 * * *"
      snapshot_retention = 10
      s3_config {
        bucket = "backups"
        endpoint = "https://minio.host:9000"
        cloud_credential_name = rancher2_cloud_credential.credentials.name
      }
    }
  }
}

resource "rancher2_cloud_credential" "credentials" {
  name = "rancher-creds"
  s3_credential_config {
    access_key = <ACCESS_KEY>
    secret_key = <SECRET_KEY>
  }
}

This fails when applied because the rancher2_cluster_v2 can't locate the rancher-creds secret. Looking into it, i see that the secret gets created in the rancher management cluster in the cattle-global-data namespace and not in the workload cluster i'm attempting to configure etcd backups for. There's not a way to say which cluster(s) this credential is for through the provider.

Am i configuring this incorrectly or should it be possible for workload rancher clusters to read credential secrets from the management rancher cluster?

I attempted to configure the etcd backups manually through the Rancher UI after configuring the rancher2_cloud_credential to see if this is a problem with the rancher2_cluster_v2 resource, but it results in the same problem. The Rancher UI allows me to select the S3 cloud credential i created, but the secret for that credential is in the management rancher cluster and not the workload cluster i'm trying to configure.

Any help appreciated!

mh013370 avatar Jun 14 '22 09:06 mh013370