kiranchavala commented on PR #245:
URL:
https://github.com/apache/cloudstack-terraform-provider/pull/245#issuecomment-3414568767
@CodeBleu @Pearl1594
I have also tested with cks resource and with the latest build found that
cks resource is not affected
1. With terraform provider 0.5 release
Deploy a cks cluster in a vpc network and add a acl rule
```
resource "cloudstack_vpc" "default" {
name = "test-vpc-cks3"
cidr = "10.0.0.0/16"
vpc_offering = "Default VPC offering"
zone = "4c5a0032-9270-4e4b-9dd0-4b861e8b7e19"
}
resource "cloudstack_network" "default" {
name = "test-network"
cidr = "10.0.0.0/24"
network_offering = "DefaultIsolatedNetworkOfferingForVpcNetworks"
zone = "4c5a0032-9270-4e4b-9dd0-4b861e8b7e19"
vpc_id = cloudstack_vpc.default.id
acl_id = cloudstack_network_acl.default.id
depends_on = [ cloudstack_vpc.default,cloudstack_network_acl.default ]
}
resource "cloudstack_network_acl" "default" {
name = "test-acl-cks"
vpc_id = cloudstack_vpc.default.id
depends_on = [ cloudstack_vpc.default ]
}
resource "cloudstack_network_acl_rule" "default" {
acl_id = cloudstack_network_acl.default.id
rule {
action = "allow"
cidr_list = ["10.0.0.0/16"]
protocol = "tcp"
ports = ["22"]
traffic_type = "ingress"
}
rule {
action = "allow"
cidr_list = ["10.0.0.0/16"]
protocol = "icmp"
traffic_type = "ingress"
}
}
resource "cloudstack_kubernetes_cluster" "example" {
name = "example-cluster"
zone = "4c5a0032-9270-4e4b-9dd0-4b861e8b7e19"
kubernetes_version = "v1.33.1"
service_offering = "CKS"
size = 1
control_nodes_size = 1
description = "An example Kubernetes cluster"
network_id = cloudstack_network.default.id
depends_on = [
cloudstack_vpc.default,cloudstack_network.default,cloudstack_network_acl.default
]
}
output "vpc_id" {
value= cloudstack_vpc.default.id
}
output "acl_id" {
value= cloudstack_network_acl.default.id
}
output "network_id" {
value= cloudstack_network.default.id
}
output "kubernetes_id" {
value= cloudstack_kubernetes_cluster.example.id
}
```
2. Terraform apply
```
terraform apply
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# cloudstack_kubernetes_cluster.example will be created
+ resource "cloudstack_kubernetes_cluster" "example" {
+ control_nodes_size = 1
+ description = "An example Kubernetes cluster"
+ id = (known after apply)
+ ip_address = (known after apply)
+ kubernetes_version = "v1.33.1"
+ name = "example-cluster"
+ network_id = (known after apply)
+ noderootdisksize = 8
+ service_offering = "CKS"
+ size = 1
+ state = (known after apply)
+ zone = "4c5a0032-9270-4e4b-9dd0-4b861e8b7e19"
}
# cloudstack_network.default will be created
+ resource "cloudstack_network" "default" {
+ acl_id = (known after apply)
+ cidr = "10.0.0.0/24"
+ display_text = (known after apply)
+ endip = (known after apply)
+ gateway = (known after apply)
+ id = (known after apply)
+ name = "test-network"
+ network_domain = (known after apply)
+ network_offering =
"DefaultIsolatedNetworkOfferingForVpcNetworks"
+ project = (known after apply)
+ source_nat_ip_address = (known after apply)
+ source_nat_ip_id = (known after apply)
+ startip = (known after apply)
+ tags = (known after apply)
+ vpc_id = (known after apply)
+ zone = "4c5a0032-9270-4e4b-9dd0-4b861e8b7e19"
}
# cloudstack_network_acl.default will be created
+ resource "cloudstack_network_acl" "default" {
+ description = (known after apply)
+ id = (known after apply)
+ name = "test-acl-cks"
+ vpc_id = (known after apply)
}
# cloudstack_network_acl_rule.default will be created
+ resource "cloudstack_network_acl_rule" "default" {
+ acl_id = (known after apply)
+ id = (known after apply)
+ managed = false
+ parallelism = 2
+ rule {
+ action = "allow"
+ cidr_list = [
+ "10.0.0.0/16",
]
+ icmp_code = (known after apply)
+ icmp_type = (known after apply)
+ ports = [
+ "22",
]
+ protocol = "tcp"
+ traffic_type = "ingress"
+ uuids = (known after apply)
}
+ rule {
+ action = "allow"
+ cidr_list = [
+ "10.0.0.0/16",
]
+ icmp_code = (known after apply)
+ icmp_type = (known after apply)
+ ports = []
+ protocol = "icmp"
+ traffic_type = "ingress"
+ uuids = (known after apply)
}
}
# cloudstack_vpc.default will be created
+ resource "cloudstack_vpc" "default" {
+ cidr = "10.0.0.0/16"
+ display_text = (known after apply)
+ id = (known after apply)
+ name = "test-vpc-cks3"
+ network_domain = (known after apply)
+ project = (known after apply)
+ source_nat_ip = (known after apply)
+ tags = (known after apply)
+ vpc_offering = "Default VPC offering"
+ zone = "4c5a0032-9270-4e4b-9dd0-4b861e8b7e19"
}
Plan: 5 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ acl_id = (known after apply)
+ kubernetes_id = (known after apply)
+ network_id = (known after apply)
+ vpc_id = (known after apply)
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
cloudstack_vpc.default: Creating...
cloudstack_vpc.default: Still creating... [00m10s elapsed]
cloudstack_vpc.default: Still creating... [00m20s elapsed]
cloudstack_vpc.default: Still creating... [00m30s elapsed]
cloudstack_vpc.default: Still creating... [00m40s elapsed]
cloudstack_vpc.default: Still creating... [00m50s elapsed]
cloudstack_vpc.default: Creation complete after 59s
[id=f00f04c6-abc4-454f-a91f-2846dda3fb55]
cloudstack_network_acl.default: Creating...
cloudstack_network_acl.default: Creation complete after 0s
[id=5bb5989d-5830-4fd3-9157-94bc7dfb524e]
cloudstack_network.default: Creating...
cloudstack_network_acl_rule.default: Creating...
cloudstack_network.default: Creation complete after 1s
[id=12d27633-7c32-4bcb-9c2c-3f8177fc3efe]
cloudstack_kubernetes_cluster.example: Creating...
cloudstack_network_acl_rule.default: Creation complete after 2s
[id=5bb5989d-5830-4fd3-9157-94bc7dfb524e]
cloudstack_kubernetes_cluster.example: Still creating... [00m10s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [00m20s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [00m30s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [00m40s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [00m50s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [01m00s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [01m10s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [01m20s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [01m30s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [01m40s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [01m50s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [02m00s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [02m10s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [02m20s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [02m30s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [02m40s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [02m50s elapsed]
cloudstack_kubernetes_cluster.example: Still creating... [03m00s elapsed]
cloudstack_kubernetes_cluster.example: Creation complete after 3m5s
[id=d96961fa-c742-4980-89c1-993d496d0fa0]
Apply complete! Resources: 5 added, 0 changed, 0 destroyed.
Outputs:
acl_id = "5bb5989d-5830-4fd3-9157-94bc7dfb524e"
kubernetes_id = "d96961fa-c742-4980-89c1-993d496d0fa0"
network_id = "12d27633-7c32-4bcb-9c2c-3f8177fc3efe"
vpc_id = "f00f04c6-abc4-454f-a91f-2846dda3fb55"
```
3. Upgrade the provider to the latest build for the pr
terraform init --upgrade
```
terraform init --upgrade
Initializing the backend...
Initializing provider plugins...
- Finding localdomain/provider/cloudstack versions matching "0.4.0"...
- Finding latest version of cloudstack/cloudstack...
- Installing localdomain/provider/cloudstack v0.4.0...
- Installed localdomain/provider/cloudstack v0.4.0 (unauthenticated)
- Using previously-installed cloudstack/cloudstack v0.5.0
Terraform has made some changes to the provider dependency selections
recorded
in the .terraform.lock.hcl file. Review those changes and commit them to your
version control system if they represent changes you intended to make.
╷
│ Warning: Incomplete lock file information for providers
│
│ Due to your customized provider installation methods, Terraform was forced
to calculate lock file checksums locally for the following providers:
│ - localdomain/provider/cloudstack
│
│ The current .terraform.lock.hcl file only includes checksums for
darwin_arm64, so Terraform running on another platform will fail to install
these providers.
│
│ To calculate additional checksums for another platform, run:
│ terraform providers lock -platform=linux_amd64
│ (where linux_amd64 is the platform to generate)
╵
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget,
other
commands will detect it and remind you to do so if necessary.
```
4. Change the value from ports to port for the acl rule
```
resource "cloudstack_network_acl_rule" "default" {
acl_id = cloudstack_network_acl.default.id
rule {
action = "allow"
cidr_list = ["10.0.0.0/16"]
protocol = "tcp"
port = "22"
traffic_type = "ingress"
}
rule {
action = "allow"
cidr_list = ["10.0.0.0/16"]
protocol = "icmp"
traffic_type = "ingress"
}
}
```
5. terraform apply
```
terraform apply
cloudstack_vpc.default: Refreshing state...
[id=f00f04c6-abc4-454f-a91f-2846dda3fb55]
cloudstack_network_acl.default: Refreshing state...
[id=5bb5989d-5830-4fd3-9157-94bc7dfb524e]
cloudstack_network.default: Refreshing state...
[id=12d27633-7c32-4bcb-9c2c-3f8177fc3efe]
cloudstack_network_acl_rule.default: Refreshing state...
[id=5bb5989d-5830-4fd3-9157-94bc7dfb524e]
cloudstack_kubernetes_cluster.example: Refreshing state...
[id=d96961fa-c742-4980-89c1-993d496d0fa0]
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# cloudstack_network_acl_rule.default will be updated in-place
~ resource "cloudstack_network_acl_rule" "default" {
id = "5bb5989d-5830-4fd3-9157-94bc7dfb524e"
# (3 unchanged attributes hidden)
~ rule {
+ port = "22"
~ ports = [
- "22",
]
# (9 unchanged attributes hidden)
}
# (1 unchanged block hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
cloudstack_network_acl_rule.default: Modifying...
[id=5bb5989d-5830-4fd3-9157-94bc7dfb524e]
cloudstack_network_acl_rule.default: Still modifying...
[id=5bb5989d-5830-4fd3-9157-94bc7dfb524e, 00m10s elapsed]
cloudstack_network_acl_rule.default: Modifications complete after 13s
[id=5bb5989d-5830-4fd3-9157-94bc7dfb524e]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
Outputs:
acl_id = "5bb5989d-5830-4fd3-9157-94bc7dfb524e"
kubernetes_id = "d96961fa-c742-4980-89c1-993d496d0fa0"
network_id = "12d27633-7c32-4bcb-9c2c-3f8177fc3efe"
vpc_id = "f00f04c6-abc4-454f-a91f-2846dda3fb55"
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
