Router Public IP for Cluster as terraform Attribute

[FloSchick]

Hello maintainers and community,

There is currently no built-in mechanism to automatically extract the public IP of the router associated with a given Kubernetes cluster. This is critical for scenarios where we need to whitelist specific IP addresses for accessing external resources. For example, I need the router's public IP to be added to the ACL IP list of my PostgreSQL database wich is also created with terraform, ensuring that only my cluster can access it.

The ip should be exposed as an attribute in the relevant cluster resource. By doing this, it would facilitate easier integration with other terraform resources, especially in scenarios where IP whitelisting is required.

[vicentepinto98]

Hi @FloSchick ,

As you pointed out, this is not supported by our official terraform provider currently. We are on it to make it possible, but unfortunately I cannot provide a timeline yet.

In the meantime you can use the terraform-provider-openstack in conjunction with our STACKIT Infrastructure API to get the IP of your SKE cluster and manage whitelisting directly in Terraform.

If you need more support, let us know 😃

[PeterStolz]

Hi I did not want to create a new Issue as this is closely related.
It would be awesome if this would not become a readonly attribute but an actual param for the SKE so I can set the publicIP/externalIP to an openstack one I have reserved.
I have a similar problem with IP whitelisting, but I can't control the whitelist and therefore require a floatingIP that I already control.

[GokceGK]

Hi @PeterStolz ,
thanks for reaching out.

We have verified the request and it is unlikely that it will be possible to set the IP as the limitation is coming from the Openstack.

[joaopalet]

Hi @FloSchick,

@h3adex wrote a guide in #476 on how to extract the outgoing IP address of the SKE cluster, covering the case where the cluster is deployed in a STACKIT Network Area (SNA) and the case where it's not.

This will be included in the guides section of the Terraform registry in the next release.

[joaopalet]

After discussing with colleagues from the SKE team, we've decided against releasing the guide to the public. Even though the suggested approach works currently, it's not a proper solution and more a workaround which at some point will break. The SKE team is currently already working on providing the egressIPs via the SKE API, although there is no planned release date yet.

[FloSchick]

@joaopalet thanks for the update, still looking forward to this feature.

[bm-skutzke]

Anything new here? Would be great to get rid of the workaround using the openstack provider.

[vicentepinto98]

Thank you for your feedback. We are planning to work on this starting next year, so we estimate that the router public IP will be available within the terraform provider until the end of Q1/2025