kiranchavala commented on issue #241:
URL:
https://github.com/apache/cloudstack-terraform-provider/issues/241#issuecomment-3380710287
@Pearl1594 able to reproduce the issue on main branch as well as the
0.6.0-rc2
config that I used is
```
resource "cloudstack_network" "k8s_nw_01" {
name = "terraform-net2"
cidr = "10.0.0.0/16"
network_offering = "DefaultIsolatedNetworkOfferingWithSourceNatService"
zone = "fe54a4ca-6ca8-4ac9-9769-dbc1244f138b"
project = "3f3828d5-5dba-452f-87e6-a7662f93f110"
}
# Egress firewall and rules for outside communication
resource "cloudstack_egress_firewall" "default_egress_fw_01" {
network_id = cloudstack_network.k8s_nw_01.id
depends_on = [
cloudstack_network.k8s_nw_01,cloudstack_ipaddress.k8s_ips01 ]
rule {
cidr_list = ["10.0.0.0/16"]
protocol = "tcp"
ports = ["53", "80", "443"]
}
rule {
cidr_list = ["10.0.0.0/16"]
protocol = "udp"
ports = ["53", "123"]
}
# TODO: Find out where to limit this rule to the destination ip of the
Cloudstack API
rule {
cidr_list = ["10.0.0.0/16"]
ports = ["8443"]
protocol = "tcp"
}
}
# SNAT ip address
resource "cloudstack_ipaddress" "k8s_ips01" {
network_id = cloudstack_network.k8s_nw_01.id
project = "3f3828d5-5dba-452f-87e6-a7662f93f110"
}
# Load balancer for K8s API
resource "cloudstack_loadbalancer_rule" "k8s_lb_k8s_api" {
depends_on = [
cloudstack_instance.controller,cloudstack_ipaddress.k8s_ips01]
project = "3f3828d5-5dba-452f-87e6-a7662f93f110"
algorithm = "roundrobin"
ip_address_id = cloudstack_ipaddress.k8s_ips01.id
member_ids = [ cloudstack_instance.controller.id ]
name = "lb-k8s-api"
private_port = 6443
public_port = 6443
}
# Loadbalancer for Talos API
resource "cloudstack_loadbalancer_rule" "k8s_lb_talos_api" {
depends_on = [
cloudstack_instance.controller,cloudstack_ipaddress.k8s_ips01 ]
project = "3f3828d5-5dba-452f-87e6-a7662f93f110"
algorithm = "roundrobin"
ip_address_id = cloudstack_ipaddress.k8s_ips01.id
member_ids = [cloudstack_instance.controller.id]
name = "lb-talos-api"
private_port = 50000
public_port = 50000
}
# Firewall for accessing the SNAT ip address
# TODO: set a valid range
resource "cloudstack_firewall" "default_lbfw01" {
ip_address_id = cloudstack_ipaddress.k8s_ips01.id
depends_on = [ cloudstack_network.k8s_nw_01,cloudstack_ipaddress.k8s_ips01
]
rule {
cidr_list = ["0.0.0.0/0"]
protocol = "tcp"
ports = ["6443", "50000"]
}
}
resource "cloudstack_instance" "controller" {
depends_on = [ cloudstack_network.k8s_nw_01 ]
name = "server-1"
service_offering = "Small Instance"
network_id = cloudstack_network.k8s_nw_01.id
template = "ffeda7ce-9528-11f0-84b8-1e0097000114"
zone = "fe54a4ca-6ca8-4ac9-9769-dbc1244f138b"
project = "3f3828d5-5dba-452f-87e6-a7662f93f110"
}
```
error message
```
cloudstack_loadbalancer_rule.k8s_lb_k8s_api: Creation complete after 8s
[id=2cc2aea5-484a-4564-861b-daf39ed3b71b]
cloudstack_loadbalancer_rule.k8s_lb_talos_api: Creation complete after 8s
[id=554d7f0a-f76f-4ca4-81d7-5b80ac2fdad5]
╷
│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to cloudstack_firewall.default_lbfw01, provider
"provider[\"registry.terraform.io/cloudstack/cloudstack\"]" produced an
unexpected new value: Root object was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's
own issue tracker.
╵
╷
│ Error: 2 errors occurred:
│ * Undefined error: {"errorcode":530,"errortext":"Failed to create
firewall rule"}
│ * Undefined error: {"errorcode":530,"errortext":"Failed to create
firewall rule"}
│
│
│
│ with cloudstack_egress_firewall.default_egress_fw_01,
│ on main.tf line 24, in resource "cloudstack_egress_firewall"
"default_egress_fw_01":
│ 24: resource "cloudstack_egress_firewall" "default_egress_fw_01" {
│
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
