Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vcd_nsxt_ip_set dependencies #1321

Open
Anchovy76 opened this issue Sep 11, 2024 · 0 comments
Open

vcd_nsxt_ip_set dependencies #1321

Anchovy76 opened this issue Sep 11, 2024 · 0 comments
Assignees
@Didainius

Comments

@Anchovy76
Copy link

Hello,

Terraform Version

1.7.2

Affected Resource(s)

  • vcd_nsxt_ip_set

Can you shed some light on why the following argument is required:
edge_gateway_id

In VCD UI, it is perfectly acceptable to create IP Sets even when no edge gateways have been created in a VDC group.

In our use case, we would refer to IP sets in mainly distributed firewall rules, to control east-west traffic. It therefore makes no sense to bind these objects to a single edge gateway from that point of view, since these IP Set objects would not even be used by any single edge gateway, but DFW rules controlling VM-to-VM traffic.

It appears that in order to use these IP Set objects, you have to create a VDC Group level edge gateway and bind these IP Sets to it, in order to use those IP Sets in distributed firewall rules. Would it not make more sense to bind these IP Sets to a particular VDC group, instead of a single edge gateway? I am asking because I see that the "vdc" argument in deprecated. Perhaps there is some dependency that I am missing.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Didainius Didainius

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Anchovy76 @Didainius