http_endpoint and http_tokens arguments missing from amazonec2_config node template block #943
Comments
|
Terraform tests for these EC2 fields will be added in a second PR. Then, once that is merged I believe QA can test this using the rancher2 provider. |
|
The tests have been implemented in 9f7ba67, (which is misnamed 944 vs 943), this should be good to test |
|
This issue can be tested with the latest terraform release. This change is related to rancher/rancher#37943 (comment), but does not require the IMDSv2 AWS policy to be enabled on your IAM user as this change relates to node templates.
|
Ticket #943 - Test Results - ✅With Docker on a single-node instance: Verified with rancher2 provider
Screenshots:
Terraform used:
terraform {
required_providers {
rancher2 = {
source = "rancher/rancher2"
version = "1.24.1"
}
}
}
provider "rancher2" {
api_url = var.rancher_api_url
token_key = var.rancher_admin_bearer_token
insecure = true
}
resource "rancher2_cluster" "rancher2_cluster" {
depends_on = [rancher2_node_template.rancher2_node_template]
name = var.cluster_name
rke_config {
kubernetes_version = "v1.24.4-rancher1-1"
network {
plugin = var.network_plugin
}
}
}
resource "rancher2_node_template" "rancher2_node_template" {
name = var.node_template_name
engine_install_url = var.engine_install_url
amazonec2_config {
access_key = var.aws_access_key
secret_key = var.aws_secret_key
ami = var.aws_ami
region = var.aws_region
security_group = [var.aws_security_group_name]
subnet_id = var.aws_subnet_id
vpc_id = var.aws_vpc_id
zone = var.aws_zone_letter
root_size = var.aws_root_size
instance_type = var.aws_instance_type
http_endpoint = "enabled"
http_tokens = "required"
}
}
resource "rancher2_node_pool" "pool1" {
depends_on = [rancher2_cluster.rancher2_cluster]
cluster_id = rancher2_cluster.rancher2_cluster.id
name = "pool1"
hostname_prefix = "${var.hostname_prefix}-tf-pool1"
node_template_id = rancher2_node_template.rancher2_node_template.id
quantity = 1
control_plane = false
etcd = true
worker = false
}
resource "rancher2_node_pool" "pool2" {
depends_on = [rancher2_cluster.rancher2_cluster]
cluster_id = rancher2_cluster.rancher2_cluster.id
name = "pool2"
hostname_prefix = "${var.hostname_prefix}-tf-pool2"
node_template_id = rancher2_node_template.rancher2_node_template.id
quantity = 1
control_plane = true
etcd = false
worker = false
}
resource "rancher2_node_pool" "pool3" {
depends_on = [rancher2_cluster.rancher2_cluster]
cluster_id = rancher2_cluster.rancher2_cluster.id
name = "pool3"
hostname_prefix = "${var.hostname_prefix}-tf-pool3"
node_template_id = rancher2_node_template.rancher2_node_template.id
quantity = 1
control_plane = false
etcd = false
worker = true
}
resource "rancher2_cluster_sync" "rancher2_cluster_sync" {
cluster_id = rancher2_cluster.rancher2_cluster.id
node_pool_ids = [rancher2_node_pool.pool1.id, rancher2_node_pool.pool2.id, rancher2_node_pool.pool3.id]
state_confirm = 2
}
// Variables
variable "rancher_api_url" {}
variable "rancher_admin_bearer_token" {}
variable "cluster_name" {}
variable "node_template_name" {}
variable "engine_install_url" {}
variable "aws_access_key" {}
variable "aws_secret_key" {}
variable "aws_ami" {}
variable "aws_region" {}
variable "aws_security_group_name" {}
variable "aws_subnet_id" {}
variable "aws_vpc_id" {}
variable "aws_zone_letter" {}
variable "aws_root_size" {}
variable "aws_instance_type" {}
variable "network_plugin" {}
variable "hostname_prefix" {} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Rancher EC2 Node Templates support IMDSv2 configuration via the http_endpoint and http_tokens arguments (rancher/rancher#25078).
Currently these options are exposed for the amazonec2_config block of the machine_config_v2 resource in the Rancher Terraform Provider, but not for the amazonec2_config block of the node_template resource.
SURE-4765
The text was updated successfully, but these errors were encountered: