-
Notifications
You must be signed in to change notification settings - Fork 639
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to pass root key crn or support account_id in kms_config of ibm_container_vpc_cluster #4745
Comments
@Aashiq-J It looks like its already supported https://registry.terraform.io/providers/IBM-Cloud/ibm/1.55.0/docs/resources/container_vpc_cluster#kms_account_id |
Looking at the api (https://cloud.ibm.com/apidocs/kubernetes/containers-v1-v2#createkmsconfig), it supports optionally passing |
@hasan4791 Is this something you or your team could help with? |
Looks like the feature is in https://github.com/IBM-Cloud/terraform-provider-ibm/releases/tag/v1.60.0-beta1 |
@Aashiq-J the feature was released as part of https://github.com/IBM-Cloud/terraform-provider-ibm/releases/tag/v1.60.0 |
Thanks, we are rolling it out to our module terraform-ibm-modules/terraform-ibm-base-ocp-vpc#301 |
Community Note
Description
This is a feature request which is already available when deploying through UI.
https://registry.terraform.io/providers/IBM-Cloud/ibm/1.55.0/docs/resources/container_vpc_cluster#kms_config
According to the above terraform documentation, the only possible way to enable cluster encryption is by passing the
instance_id
and the keycrk_id
that means the kms has to be from the same account as the cluster. But from the UI we have two option either pass the instance and key details or pass the key crn.We have a use case of using the a common kms in another account for all the encryption.
The boot volume encryption supports passing kms from another account using the
kms_account_id
variable.https://registry.terraform.io/providers/IBM-Cloud/ibm/1.56.0/docs/resources/container_vpc_cluster#kms_account_id
We require a similar functionality for kms_config which is used for cluster encryption.
New or Affected Resource(s)
Potential Terraform Configuration
References
The text was updated successfully, but these errors were encountered: