https://rancher.com/ logo
Join the conversationJoin Slack
Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Powered by Linen
terraform-provider-rancher2
  • f

    freezing-holiday-13112

    09/01/2022, 4:39 PM
    I can't seem to find this anywhere. Does anyone know what the node VM image requirements are to create a rancher VSphere driver cluster using terraform?
    a
    • 2
    • 2
  • m

    most-sunset-36476

    09/06/2022, 8:17 AM
    Hi all, I opened an issue int he Rancher GitHub which is when creating an RKE1 cluster using node pools and external laod balancer using user addon, nodes are not added to the load balancer backend pool after load balancer is active. https://github.com/rancher/terraform-provider-rancher2/issues/987 I would like to try testing/fixing it myself in the meanwhile the issue gets more attention. I would appreciate it if someone could help me find where to start/look! Thanks 🙂
  • c

    clever-processor-78736

    09/08/2022, 8:49 PM
    Hi! Is there a way of fetching the node IP addresses (using a data source) from a cluster created using the
    rancher2_cluster_v2
    resource? We're trying to create a external loadbalancer and adding the control plane nodes into a LB backend-pool.
    a
    • 2
    • 2
  • w

    worried-rain-56725

    09/09/2022, 9:32 AM
    Rancher version: 2.6.8
    Installation method: Helm
    Helm repo: <https://releases.rancher.com/server-charts/stable>
    After installing rancher, I tried to bootstrap it, using rancher terraform provider and next tf configuration:
    resource "rancher2_bootstrap" "admin" {
      provider         = rancher2.bootstrap
      initial_password = "Password1"
      password         = local.rancher_bootstrap_password
      telemetry        = false
    }
    For some reason after few minutes, creating of this process fails with the following error log:
    │ **Error:** **[ERROR] Updating token: Bad response statusCode [403]. Status [403 Forbidden]. Body: [baseType=error, code=Forbidden, message=<http://settings.management.cattle.io|settings.management.cattle.io> "k8s-version" is forbidden: User "user-bfkj6" cannot get resource "settings" in API group "<http://management.cattle.io|management.cattle.io>" at the cluster scope] from [<https://rancher-internal.foo.bar.com/v3/settings/k8s-version]**>
    
    │
    
    │ with rancher2_bootstrap.admin,
    
    │ on <http://main.tf|main.tf> line 48, in resource "rancher2_bootstrap" "admin":
    
    │ 48: resource "rancher2_bootstrap" "admin" {
    That user has GlobalBindingRole to admin role, so it should has access to Setting CRD. Also there are a lot of such error messages in rancher pod:
    2022/09/09 09:07:41 [ERROR] Failed to connect to peer <wss://10.0.3.184/v3/connect> [local ID=10.0.1.59]: websocket: bad handshake
    I’ve also tried to bootstrap rancher via UI, but after entering bootstrap password the only thing I see is the white screen. Any ideas? (edited)
  • e

    eager-refrigerator-66976

    09/12/2022, 8:22 AM
    Hey guys, anyone had issue when updating RKE2 cluster provisioned using terraform occasionally destroys the cluster? exmaple: I am changing
    additional_manifest
    apply terraform and it deletes my cluster… I’ve created ticket with all the details: https://github.com/rancher/terraform-provider-rancher2/issues/993
  • b

    boundless-dog-9864

    09/13/2022, 3:49 PM
    Hi all. Is there a way to configure fleet repositories in rancher from the terraform provider?
  • m

    most-sunset-36476

    09/28/2022, 5:09 PM
    Is there a way to have Rancher delete the load balancer created by the user-addon ? When using terraform to create/destroy downstream rke clusters, the load balancer (which is created from the user-addon) is not destroyed together with the rke cluster and breaks the terraform destroy because it uses the cluster vnet.
  • g

    glamorous-painting-54907

    09/29/2022, 11:19 AM
    I just figured, that role_template does not allow you to specify "inherent from" - or at least I don't see it in the docu. So is the UI the only place or is there a way to do it with the provider?
  • g

    glamorous-painting-54907

    10/04/2022, 5:27 AM
    role_template only supports
    Cluster
    and
    project
    , how one can setup global role templates?
    • 1
    • 1
  • m

    mammoth-postman-10874

    10/17/2022, 9:41 AM
    Howdy, is there a way to override generated clusterrolebinding while processing globalrolebinding? remote user contains slashes and can’be us used as object name
  • m

    most-sunset-36476

    10/22/2022, 10:01 AM
    hi all, is there a way to add labels to aks nodes ? i am creating my aks cluster with the rancher2 provider and i can't find a way to label nodes. I need to exclude them from the load balancer.
  • m

    most-sunset-36476

    10/24/2022, 10:12 AM
    Is there a reason for not implementing labeling on node pools for AKS launched by Rancher ?
  • w

    worried-rain-56725

    10/25/2022, 8:30 AM
    Hi. I’m trying to create downstream EKS cluster using Rancher terraform provider. For some reason EKS nodes created by Rancher have only default EKS security group even though we provided list of additional security groups. These SGs are present in EKS configuration, but nodes still don’t have them. The strangest thing is that during creating EKS cluster, you can see in node group config that they will use auto-generated SG by Rancher, but after cluster became to Active state, config has been changed and there are now list of security groups we specified. We do not have custom launch template, nodes launched from LT created by Rancher as well. And that LT for some reason contains only the default EKS node group and no instance type specified. I thought it may be issue in 2.6.4 version, but after upgrading to 2.6.9 issue still here (edited)
  • p

    plain-refrigerator-80586

    10/25/2022, 11:04 AM
    Hi all, I'm building a downstream cluster with the rancher2_cluster_v2 resource. The cluster nodes are based on a VM template. A downstream cluster with one node works perfectly. When I create a cluster with more than one node, the installation hangs on the second node configuration because he has the same hostname like the previous one. With the rancher2_cluster resource it was possible to have a randomized hostname with hostname_prefix. Does anyone know how to set a randomized hostname for the nodes with rancher2_cluster_v2 resource?
  • g

    gifted-lizard-48491

    10/25/2022, 7:26 PM
    My team just started hitting this bug https://github.com/rancher/terraform-provider-rancher2/issues/1011 Was there a reason for the change from a map to a list? If so, why was this not a breaking version change or at least a minor version change?
    ✅ 1
  • f

    freezing-holiday-13112

    11/04/2022, 8:21 PM
    using rancher2 provider is there a way to enumerate groups? I'd like to be able to assign groups as members of projects. Has anyone done something like that?
  • c

    colossal-dentist-5939

    11/09/2022, 6:14 PM
    hey all, running into a weird issue. We're provisioning an rke_cluster using provider v1.17.2 (rancher v2.5) and terraform is just hanging indefinitely. The cluster is created in rancher and in the state of "provisioning". We have 6 other clusters built the same way and haven't hit this before. I should note that we have cancelled, deleted, and recreated the cluster in Rancher multiple times so this is very repeatable. Anybody hit this before?
    • 1
    • 1
  • f

    freezing-holiday-13112

    11/10/2022, 9:32 PM
    Anyone familiar with this? When I use rancher2_project_role_binding_template the form of url I use to set the user_principal_id looks like this user_principal_id = openldap_user://uid=cbay,ou=team,ou=users,dc=company,dc=com I forget where I got that from but it works. So I presume that goup_principal_id = openldap_group://cn=group,ou=team,ou=users,dc=company,dc=com would work. But it's not. Any thoughts on why?
  • m

    most-sunset-36476

    11/14/2022, 4:53 PM
    Is it planned to add the possibility to label nodes in AKS node pools ? The only way atm is to create a job that runs a script to labels the AKS nodes for removing them from the load balancer 😕
  • m

    many-area-51777

    11/15/2022, 3:24 PM
    is there a way to change clusters labels while some of the clusters are not available? currently terraform fails if one of them is in unavailable state
  • f

    freezing-holiday-13112

    11/21/2022, 6:30 PM
    Has anyone tried this? It looks like if I wanted to have a script create an aws, or gcp, or vsphere cluster that all my code for creating the cluster can essentially be the same except this code piece If that is true is there a way to make terraform code as a variable? Is there another way to do this?
  • j

    jolly-area-75887

    11/22/2022, 1:31 PM
    Cannot import AKS to rancher via rancher cli and also using rancher2 terraform
    FATA[0001] Bad response statusCode [403]. Status [403 Forbidden]. Body: [baseType=error, code=Forbidden, message=<http://clusters.management.cattle.io|clusters.management.cattle.io> "test" is forbidden: User "u-v8qr9" cannot get resource "clusters" in API group "<http://management.cattle.io|management.cattle.io>" at the cluster scope: Azure does not have opinion for this non AAD user. If you are an AAD user, please set Extra:oid parameter for impersonated user in the kubeconfig] from [<https://rancher/v3/clusters/test>]
    Can someone help with this?
  • j

    jolly-area-75887

    11/22/2022, 1:32 PM
    │ Error: Bad response statusCode [401]. Status [401 Unauthorized]. Body: [baseType=error, code=Unauthorized, message=admission webhook "<http://rancher.cattle.io|rancher.cattle.io>" denied the request: Azure does not have opinion for this non AAD user. If you are an AAD user, please set Extra:oid parameter for impersonated user in the kubeconfig] from [<https://rancher/v3/clusters>]
  • p

    plain-refrigerator-80586

    12/01/2022, 8:41 AM
    Hello, I'm also looking for a solution to manage built-in roles properly. I want to uncheck the 'New User Default' option set on the Standard User global role. Did anyone found a solution?
  • g

    glamorous-painting-54907

    12/06/2022, 11:54 AM
    I try to remove podsecurity policies, but this does not work as I would expect: https://github.com/rancher/terraform-provider-rancher2/issues/1043
  • a

    adorable-photographer-68517

    12/07/2022, 7:03 PM
    hi
  • g

    gray-laptop-20554

    12/12/2022, 12:04 PM
    Hello! How can we push the review of this PR?
  • a

    agreeable-pager-80720

    12/13/2022, 7:36 AM
    how could I lookup rancher2_principal for an Azure AD group? I have tried using its AD name, azuread_group://UUID and UUID on its own and get "principal "...." of type "group" not found
  • m

    mammoth-postman-10874

    12/13/2022, 8:55 AM
    @agreeable-pager-80720 we use
    group_principal_id = "azuread_group://${each.value}"
  • a

    agreeable-pager-80720

    12/13/2022, 8:56 AM
    @mammoth-postman-10874 and the
    each.value
    comes from ...?
Powered by Linen
Title
a

agreeable-pager-80720

12/13/2022, 8:56 AM
@mammoth-postman-10874 and the
each.value
comes from ...?
View count: 9