scaleway_k8s_pool - Add security group management inside Kapsule node pools

[jgalais]

Hello,

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Problem:
When you create a k8s node_pool a default security group is created but:

• You can't manage this security group
• You can't change the name of this security group
• You can't associate a security created previously with your node pool

Today you have only one solution:

• Create one security group with the namge "kubernetes + Cluster ID before node pool creation"
• This security group will automatically associate with your node pool after creation (Explicit dependency mandatory to create security group before node pool)

Documentation: https://www.scaleway.com/en/docs/containers/kubernetes/reference-content/secure-cluster-with-private-network/#how-can-i-access-my-cluster-via-my-nodes-public-ips-for-specific-use-cases

Can you add the security_group management inside "scaleway_k8s_pool" resource ?

Use cases example:

• If you want to open your security group to authorize SMTP (Enable SMTP) in console
• If you want to create a security group with specific name and rules for your node and associate this security rule on your k8s_pool

New or Affected Resource(s)

• scaleway_k8s_pool

Potential Terraform Configuration

Association example with existing security group:

# SG with SMTP unblock by default (enable_default_security = false)
resource "scaleway_instance_security_group" "my_awesome_sg" {
  name                    = "my_awesome_sg"
  inbound_default_policy  = "drop"
  outbound_default_policy = "accept"
  stateful                = true
  enable_default_security = false
}

resource "scaleway_k8s_pool" "pools" {
    security_group_id = scaleway_instance_security_group.my_awesome_sg.id
}

Default security group with basic switch to activate smtp feature:

resource "scaleway_k8s_pool" "pools" {
    default_security_group {
      description = "My Awesome default security group"
      enable_default_security = <true|false>
    }
}

Additional rule: If "security_group_id" is defined, "default_security_group" block is ignored.

Thank you and don't hesitate if you have question.

Regards,

[jtherin]

it's planned