civo/terraform-provider-civo

Fails to create cluster in not default network

Tautcius opened this issue · 5 comments

Tautcius commented

When I try to creat cluster not in default network it fails.

# Create a network
resource "civo_network" "custom_net" {
  label = "${var.env}-network"
}

# Create a firewall with the default rules
resource "civo_firewall" "firewall" {
  name                 = "${var.env}-firewall"
  network_id           = civo_network.custom_net.id
  create_default_rules = false
}
resource "civo_firewall_rule" "kubernetes" {
  firewall_id = civo_firewall.firewall.id
  protocol    = "tcp"
  start_port  = "6443"
  end_port    = "6443"
  cidr        = var.kubernetes_api_access
  label       = "kubernetes-api-server"
  action      = "allow"
  direction   = "ingress"
}

Works when create in default

    civo = {
      source  = "civo/civo"
      version = ">= 1.0.25"
    }
alejandrojnm commented

Thanks, @Tautcius for the report I will check this more later, also you mean a firewall or cluster ?? also the civo_firewall_rule is deprecated you should use civo_firewall ingress and egress rules

Tautcius commented

@alejandrojnm yes I am aware of deprecation, just rewritten my code to new setup, but it is still working only in default network.

alejandrojnm commented

I will check this, thanks for the report, so you can not Crete a firewall in another network???

Tautcius commented

I will check this, thanks for the report, so you can not Crete a firewall in another network???

Yes that is correct, if I create not default network rules cannot be created and i get error

civo_network.custom_net: Creating...
civo_network.custom_net: Creation complete after 0s [id=7db332e0-194c-4c87-b894-1c2d0c7e5218]
civo_firewall.firewall: Creating...
civo_firewall.firewall-ingress: Creating...
civo_firewall.firewall-ingress: Creation complete after 2s [id=07750b4b-7b7a-4933-b797-c35011dea2cb]
civo_firewall.firewall: Creation complete after 2s [id=852c72b1-11d2-4c64-a8a3-ecc7d42956da]
civo_kubernetes_cluster.cluster: Creating...
╷
│ Error: [ERR] firewall 852c72b1-11d2-4c64-a8a3-ecc7d42956da is not part of network f1928271-fc5d-4cc2-836e-4d3420957237
│ 
│   with civo_kubernetes_cluster.cluster,
│   on civo.tf line 14, in resource "civo_kubernetes_cluster" "cluster":
│   14: resource "civo_kubernetes_cluster" "cluster" {

and code looks like this:

resource "civo_network" "custom_net" {
  label = "test_network"
}

resource "civo_firewall" "firewall" {
  name                 = "${var.env}-firewall"
  create_default_rules = false
  network_id           = civo_network.custom_net.id
  ingress_rule {
    protocol   = "tcp"
    port_range = "6443"
    cidr       = ["0.0.0.0/0"]
    label      = "kubernetes-api-server"
    action     = "allow"
  }
}
resource "civo_firewall" "firewall-ingress" {
  name                 = "${var.env}-firewall-ingress"
  create_default_rules = false
  network_id           = civo_network.custom_net.id
  ingress_rule {
    protocol   = "tcp"
    port_range = "443"
    cidr       = ["0.0.0.0/0"]
    label      = "websecure"
    action     = "allow"
  }
  ingress_rule {
    protocol   = "tcp"
    port_range = "80"
    cidr       = ["0.0.0.0/0"]
    label      = "web"
    action     = "allow"
  }
  egress_rule {
    label      = "all"
    protocol   = "tcp"
    port_range = "1-65535"
    cidr       = ["0.0.0.0/0"]
    action     = "allow"
  }
}
Tautcius commented

looks like it is my bad. missed in documentation to specify network_id if not using default network.

network_id (String) The network for the cluster, if not declare we use the default one

  • 👍1