-
Notifications
You must be signed in to change notification settings - Fork 213
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issues involving use of our own Vault KMS Key in this module #892
Labels
bug
Something isn't working
Comments
I have interest in submit a Pull Request with a solution propose. |
Hi, Thanks for bringing this to our attention. Can you please also share the error message so I can replicate the behaviour? Thanks. |
Hi @hyder , below is the error I'm running into:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Community Note
Terraform Version and Provider Version
terraform 1.5.7 and provider oracle/oci 5.27.0
Affected Resource(s)
module.iam.oci_identity_policy.cluster[0]
Terraform Configuration Files
Debug Output
Panic Output
Expected Behavior
When you have our own Vault with KMS Key to use in terraform-oci-oke module, you add values in variables
create_iam_resources = true
,create_iam_kms_policy = "always"
,cluster_kms_key_id = var.cluster_kms_key_id
andworker_volume_kms_key_id = var.worker_volume_kms_key_id
, in this way you'll use our own KMS Key in your OKE cluster.Actual Behavior
When a already existed Vault with our own KMS Key and a VCN created using the same terraform oke module (only-network-mode) and IAM resources for KMS. The terraform oke module (only-cluster-worker-mode) for a OKE cluster with worker nodes conflict the name of the policy for IAM resources.
If you put together network/cluster/worker you'll receive a error in creation of cluster OKE, because there won't be policy for cluster OKE to permit use our own KMS Key, because the chain of dependencies of resources and variables put the creation of
module.iam.oci_identity_policy.cluster[0]
aftermodule.cluster[0].oci_containerengine_cluster.k8s_cluster
, but the creation of cluster depends on permissions to use KMS Key.Steps to Reproduce
Important Factoids
I already tried apply terraform-oci-oke module put together network/cluster/worker and split in two pieces network and cluster/worker, but root cause of the error involving
module.iam.oci_identity_policy.cluster[0]
persist.References
The text was updated successfully, but these errors were encountered: