Creation of ROSA cluster using AWS Private Link requires setting of undocumented argument 'private'
Closed this issue · 12 comments
The creation of a ROSA STS cluster with an AWS private link using provider version 1.3.0-prerelease.2
errors unless the undocumented resource argument private
is set to true
. Can the documentation be updated please.
resource "rhcs_cluster_rosa_classic" "rosa_sts_cluster" {
....
aws_private_link = true
multi_az = true
private = true
version = "4.12.27" # or 4.13.8
...
lifecycle {
ignore_changes = [
proxy.additional_trust_bundle
]
}
}
Hi @am90670
x-prerelease.x builds are intended for Dev/QE testing, the last tested release users should try is still v1.2.2, where you won't his this issue, unless your willing to live on the edge.
Private feature was partially added on 1.3.0-prerelease.1, but needed .2 to actually work, awaiting an additional fix probably 1.3.0-prerelease.4(?), before I can verify the feature, documentation would also be amended.
Tzach
Looks like v1.3.0 release still doesn't include the documentation for the new private
argument - is the expectation that users still use v1.2.x(?).
Also is there documentation somewhere showing what the "correct" version to use is? (the https://registry.terraform.io/providers/terraform-redhat/rhcs documentation isn't very useful for this)
Suppose i have deployed private link ROSA cluster using old module with below configuration
resource "rhcs_cluster_rosa_classic" "rosa" {
name = var.cluster_name
cloud_region = var.aws_region
aws_account_id = data.aws_caller_identity.current.account_id
tags = local.tags
replicas = var.replicas
availability_zones = var.availability_zones
aws_private_link = var.enable_private_link
aws_subnet_ids = var.enable_private_link ? module.rosa-vpc.private_subnets : concat(module.rosa-vpc.private_subnets, module.rosa-vpc.public_subnets)
compute_machine_type = var.compute_node_instance_type
multi_az = length(module.rosa-vpc.private_subnets) == 3 ? true : false
version = var.rosa_version
machine_cidr = module.rosa-vpc.vpc_cidr_block
properties = { rosa_creator_arn = data.aws_caller_identity.current.arn }
sts = var.enable_sts ? local.sts_roles : null
depends_on = [module.rosa-vpc]
}
Now, if i introduce/add private = true
in my existing code will it impact on the existing deployed ROSA clusters ?
Hi @vsomwanshi ,
The private
parameter cannot be changed in existing cluster.
In case you created a cluster in old version, before this attribute was added, you need to update your manifest accordingly to the value of aws_private_link
attribute
@nirarg For testing i added private
parameter in existing manifest file and rerun the terraform plan .. looks good it is not touching to existing cluster
resource "rhcs_cluster_rosa_classic" "rosa" {
name = var.cluster_name
cloud_region = var.aws_region
aws_account_id = data.aws_caller_identity.current.account_id
tags = local.tags
replicas = var.replicas
availability_zones = var.availability_zones
aws_private_link = var.enable_private_link
private = var.private
aws_subnet_ids = var.enable_private_link ? module.rosa-vpc.private_subnets : concat(module.rosa-vpc.private_subnets, module.rosa-vpc.public_subnets)
compute_machine_type = var.compute_node_instance_type
multi_az = length(module.rosa-vpc.private_subnets) == 3 ? true : false
version = var.rosa_version
machine_cidr = module.rosa-vpc.vpc_cidr_block
properties = { rosa_creator_arn = data.aws_caller_identity.current.arn }
sts = var.enable_sts ? local.sts_roles : null
depends_on = [module.rosa-vpc]
}
Earlier i was using aws_private_link
without private
parameter.
So can i use the above mentioned configuration and continue working with this one for upcoming clusters. because i am using the same file rosa_with_new_vpc.tf
to manage and deploy all the clusters.
here is my folder structure
├── backend.tf
├── cluster_deploy.log
├── datacenter
│ └── aws_account
│ ├── dev
│ │ └── dev.tf
│ ├── prod
│ │ └── prod.tf
│ ├── sre
│ │ ├── sre.tf
│ │ └── sre-pvt-link.tf
│ └── stage
│ ├── stage.tf
│ └── stage1.tf
├── errored.tfstate
├── main.tf
├── output.tf
├── rosa_with_new_vpc.tf
├── terraform.tfstate
├── terraform.tfstate.d
│ ├── dev
│ │ ├── terraform.tfstate
│ │ └── terraform.tfstate.backup
│ └── sre
│ ├── terraform.tfstate
│ └── terraform.tfstate.backup
├── vars.tf
└── vpc.tf
Yes, I don't see any reason why not
Thanks @nirarg for the confirmation.
I see it's there. Please see this link
Hi @manish-jangra ,
Thank you for confirming this
I'm closing this issue