https://rancher.com/ logo
Docs
Join the conversationJoin Slack
Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Powered by Linen
terraform-provider-rancher2
  • c

    colossal-dentist-5939

    11/09/2022, 6:14 PM
    hey all, running into a weird issue. We're provisioning an rke_cluster using provider v1.17.2 (rancher v2.5) and terraform is just hanging indefinitely. The cluster is created in rancher and in the state of "provisioning". We have 6 other clusters built the same way and haven't hit this before. I should note that we have cancelled, deleted, and recreated the cluster in Rancher multiple times so this is very repeatable. Anybody hit this before?
    • 1
    • 1
  • f

    freezing-holiday-13112

    11/10/2022, 9:32 PM
    Anyone familiar with this? When I use rancher2_project_role_binding_template the form of url I use to set the user_principal_id looks like this user_principal_id = openldap_user://uid=cbay,ou=team,ou=users,dc=company,dc=com I forget where I got that from but it works. So I presume that goup_principal_id = openldap_group://cn=group,ou=team,ou=users,dc=company,dc=com would work. But it's not. Any thoughts on why?
  • m

    most-sunset-36476

    11/14/2022, 4:53 PM
    Is it planned to add the possibility to label nodes in AKS node pools ? The only way atm is to create a job that runs a script to labels the AKS nodes for removing them from the load balancer 😕
  • m

    many-area-51777

    11/15/2022, 3:24 PM
    is there a way to change clusters labels while some of the clusters are not available? currently terraform fails if one of them is in unavailable state
  • f

    freezing-holiday-13112

    11/21/2022, 6:30 PM
    Has anyone tried this? It looks like if I wanted to have a script create an aws, or gcp, or vsphere cluster that all my code for creating the cluster can essentially be the same except this code piece If that is true is there a way to make terraform code as a variable? Is there another way to do this?
  • j

    jolly-area-75887

    11/22/2022, 1:31 PM
    Cannot import AKS to rancher via rancher cli and also using rancher2 terraform
    FATA[0001] Bad response statusCode [403]. Status [403 Forbidden]. Body: [baseType=error, code=Forbidden, message=<http://clusters.management.cattle.io|clusters.management.cattle.io> "test" is forbidden: User "u-v8qr9" cannot get resource "clusters" in API group "<http://management.cattle.io|management.cattle.io>" at the cluster scope: Azure does not have opinion for this non AAD user. If you are an AAD user, please set Extra:oid parameter for impersonated user in the kubeconfig] from [<https://rancher/v3/clusters/test>]
    Can someone help with this?
  • j

    jolly-area-75887

    11/22/2022, 1:32 PM
    │ Error: Bad response statusCode [401]. Status [401 Unauthorized]. Body: [baseType=error, code=Unauthorized, message=admission webhook "<http://rancher.cattle.io|rancher.cattle.io>" denied the request: Azure does not have opinion for this non AAD user. If you are an AAD user, please set Extra:oid parameter for impersonated user in the kubeconfig] from [<https://rancher/v3/clusters>]
  • p

    plain-refrigerator-80586

    12/01/2022, 8:41 AM
    Hello, I'm also looking for a solution to manage built-in roles properly. I want to uncheck the 'New User Default' option set on the Standard User global role. Did anyone found a solution?
  • g

    glamorous-painting-54907

    12/06/2022, 11:54 AM
    I try to remove podsecurity policies, but this does not work as I would expect: https://github.com/rancher/terraform-provider-rancher2/issues/1043
  • a

    adorable-photographer-68517

    12/07/2022, 7:03 PM
    hi
  • g

    gray-laptop-20554

    12/12/2022, 12:04 PM
    Hello! How can we push the review of this PR?
  • a

    agreeable-pager-80720

    12/13/2022, 7:36 AM
    how could I lookup rancher2_principal for an Azure AD group? I have tried using its AD name, azuread_group://UUID and UUID on its own and get "principal "...." of type "group" not found
  • m

    mammoth-postman-10874

    12/13/2022, 8:55 AM
    @agreeable-pager-80720 we use
    group_principal_id = "azuread_group://${each.value}"
  • a

    agreeable-pager-80720

    12/13/2022, 8:56 AM
    @mammoth-postman-10874 and the
    each.value
    comes from ...?
  • m

    mammoth-postman-10874

    12/13/2022, 8:56 AM
    azuread_group_ids = toset(distinct(flatten(values(data.azuread_groups.groups)[*][“object_ids”])))
    ❤️ 1
  • m

    mammoth-postman-10874

    12/13/2022, 8:56 AM
    and groups are searched by name by azuread provider
  • a

    agreeable-pager-80720

    12/13/2022, 8:56 AM
    ok, thanks, then I'm on the right track (started checking out the azuread provider now)
  • a

    agreeable-pager-80720

    12/13/2022, 9:03 AM
    perfect, it works 😉
  • m

    mammoth-postman-10874

    12/19/2022, 11:54 AM
    Is there a way to get cluster list managed by rancher through terraform?
  • b

    boundless-dog-9864

    12/21/2022, 2:04 PM
    We have clusters provisioned through the provider that implement the vsphere csi and cpi. I can’t see what the process for defining the cpi and csi versions so that we can perform an upgrade. Does it happen when rancher itself is upgraded? Or is it triggered on a per cluster basis? I am guessing the latter but how? We have full cluster provisioning and management happening In IAC but I can’t see how to fill this gap
  • m

    microscopic-diamond-94749

    01/02/2023, 1:21 PM
    Hi guys, is it possible to use
    resource "rancher2_cluster_v2" "external-cloud-provider" {
      name = "external-cloud-provider"
        machine_selector_config {
          config = {
            cloud-provider-name = "external"
          }
    and install a custom cloud provider (openstack cloud controller manager) via a helm chart in the terraform config? I saw examples for harvester cloud provider but that seems to be an included chart?
  • b

    blue-controller-9088

    01/11/2023, 11:25 PM
    Can somebody share an example of rke2_config to create a custom RKE2 cluster? Unfortunately, there is not much in resource documentation.
    s
    m
    • 3
    • 13
  • a

    abundant-jordan-68523

    01/23/2023, 2:42 PM
    We are using terraform-provider-rancher2 to create an azure rancher cluster in our local (on-prem/non-cloud) rancher environment using the latest terraform rancher2 provider 1.25.0. We are able to have terraform successfully create virtual machine resources in azure as well as the rke2 cluster and virtual machine resources in our local rancher. However, the machine resource in our local rancher is stuck in a waiting state with the status 'Waiting for agent to check in and apply initial plan' and the rancher machine resource is missing the azure node information. Our local rancher is currently private and therefore azure currently cannot communicate back to the local rancher. I believe this is why the node information is missing and it is stuck in a waiting state, although I am not able to verify this with a specific error message. Am I missing a setting, or perhaps some terraform code, to get this working with communication blocked from azure to our local cluster? Or, do we need to pursue unblocking the communication from azure to our local rancher to get this working? Thanks for any suggestions, insights or help!
  • c

    clever-processor-78736

    01/24/2023, 7:15 AM
    Hi! We are deploying clusters using the
    terraform-provider-rancher2
    , what we're trying to understand is what changes to e.g. the
    rancher_cluster_v2
    resource trigger drain and cordon operations. I understand that there's a couple of components involved here that may play a role in this. AFAICT we have: 1.
    terraform-provider-rancher2
    2. In Rancher Cluster API with the Cluster API Provider OpenStack since our cloud is built ontop OpenStack 3. OpenStack The Terraform provider might be the component in this that has the least to say in whether a instance gets recreated or cordon+drained due to a change. So on a higher level we're more or less asking: "What changes to resources in the Terraform provider triggers what operations on the instances?". Is there a deterministic way of knowing this in beforehand, is it documented somewhere? As an example, we enabled the etcd snapshot feature (to S3) with these settings in the
    rke_config
    of a
    rancher_cluster_v2
    in a already deployed cluster, somewhat surprising we noticed that this triggered a cordon + drain of all nodes including worker nodes. We expected this to trigger some kind of operation on the control plane nodes only. Some changes, that changes certain settings on an instance level in OpenStack might lead to a recreate VM operation, and that would be documented in OpenStack. But these more subtle changes is hard to find information on. Any insight in this would be highly appreciated!
    👀 1
  • w

    wonderful-shampoo-61843

    01/30/2023, 12:21 PM
    Hi guys, I'm trying to use the terraform resource in order to create rancher cluster and i have a private registry already existing and i want to point at it. But i'm stuck with the
    auth_config_secret_name
    , how can i create this type of secret in order to deploy the cluster with that private registry ? https://registry.terraform.io/providers/rancher/rancher2/latest/docs/resources/cluster_v2#auth_config_secret_name Thank you !
    c
    • 2
    • 1
  • b

    blue-controller-9088

    01/30/2023, 10:41 PM
    How to provide LocalClusterAuthEndpoint in terraform resource rancher2_cluster_v2? Tried this one below: ---
    local_cluster_auth_endpoint {
    ca_certs = fileexists("ssl/ca.pem") ? file("ssl/ca.pem") : ""
    enabled = true
    fqdn = var.rancher_config.cluster_api_server
    }
    --- It does not like it, getting “Unsupported block type”. --- Error: Unsupported block type │ │ on main.tf line 99, in resource “rancher2_cluster_v2” “cluster”: │ 99: local_cluster_auth_endpoint { │ │ Blocks of type “local_cluster_auth_endpoint” are not expected here. ---
  • s

    square-policeman-85866

    02/22/2023, 11:50 AM
    Hi we have built some rke2 caps here cluster via the rancher Ui. We are looking to use terraform now to maintain these cluster and make changes, is this possible to do even though the clusters were not originally created via terraform?
    g
    • 2
    • 2
  • l

    limited-spoon-91973

    03/10/2023, 9:24 AM
    Update please totally ignore this message: I can't find anything related on issues on Github, and I think I'm missing something small. Why with every deployment of
    rancher2_app_v2
    rersource of
    vsphere-csi
    chart or
    vsphere-cpi
    there's error about rancher-monitoring, but it's not a subchart of the main chart....
    ╷
    │ Error: [ERROR] installing App V2: helm upgrade --install=true --namespace=cattle-monitoring-system --no-hooks=true --timeout=10m0s --values=/home/shell/helm/values-rancher-monitoring-crd-101.0.0-up19.0.3.yaml --version=101.0.0+up19.0.3 --wait=true rancher-monitoring-crd /home/shell/helm/rancher-monitoring-crd-101.0.0-up19.0.3.tgz
    │ Error: UPGRADE FAILED: release: already exists
    │ 
    │ 
    │   with rancher2_app_v2.vsphere_cpi,
    │   on <http://main.tf|main.tf> line 31, in resource "rancher2_app_v2" "vsphere_cpi":
    │   31: resource "rancher2_app_v2" "vsphere_cpi" {
    │ 
    ╵
    Is this expected result or should I open a issue? Version of provider: "~> 1.24" and Chart: "101.0.0+up2.5.1-rancher1"
  • a

    adventurous-magazine-13224

    03/14/2023, 2:14 PM
    I'm using
    rancher2_cluster_v2
    , and am trying to configure an ordered list of registry mirrors using the below. I want to use my custom mirror, and then fallback to docker.io if it goes down. Terraform is ordering this endpoints list, and putting docker.io at the top of the mirror list, so my custom mirror is never used 😞 Has anyone gotten around this? Or could I omit docker.io from this list and it'd fall back to that by default?
    registries { 
      mirrors {
        hostname = "<http://docker.io|docker.io>"
        endpoints = [
          "<https://my-pullthrough-proxy.example.com>",
          "<https://docker.io>"
        ]
      }
    }
  • b

    best-address-42882

    03/14/2023, 6:43 PM
    Hi, what terraform providers available to deploy containers to Rancher?
    a
    • 2
    • 2
Powered by Linen
Title
b

best-address-42882

03/14/2023, 6:43 PM
Hi, what terraform providers available to deploy containers to Rancher?
a

adventurous-magazine-13224

03/15/2023, 9:40 AM
Rancher is an application that manage kubernetes for you. Do you mean how to deploy containers to kubernetes that rancher is managing? If so, hashicorp offer a terraform provider for applying k8s manifests. Here's a link to the deployment docs: https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/deployment
b

best-address-42882

03/15/2023, 3:03 PM
thank you @adventurous-magazine-13224 do you have code example? We currently use rancher2_app provider, but sometimes it doesn't read charts properly.
View count: 17