Skip to content

Add FirewallID to NodePool #2169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: dev
Choose a base branch
from
Open

Add FirewallID to NodePool #2169

wants to merge 9 commits into from

Conversation

@rammanoj
Copy link
Contributor

@rammanoj rammanoj commented Nov 13, 2025

📝 Description

What does this PR do and why is this change necessary?

  • Add firewall_id to NodePool.

✔️ How to Test

  • Run make build. It generates a terraform-provider-linode.
  • Move the binary into ~/.terraform.d/plugins/local/lab/linode/99.0.0/darwin_arm64
  • Set LINODE_API_VERSION to v4beta.
  • Create 2 firewalls (firewall-1 and firewall-2)
  • Create a LKE-E Cluster and use the below config to create a nodePool with a firewall-1 ID.
terraform {
  required_providers {
    linode = {
      source  = "local/lab/linode"
      version = "~> 99.0.0"
    }
  }
}

provider "linode" {
  token = "<token>"
}

# New node pool managed as a separate resource
resource "linode_lke_node_pool" "gpu_pool" {
  cluster_id = "<cluster-id>"
  type       = "g6-dedicated-2" # example; use any valid Linode type

  node_count  = 4
  label       = "tmp-c"
  firewall_id = 3476976
}
  • After applying, ensure nodes are attached to firewall-1
  • Change the firewall ID to firewall-2 and apply. Ensure that the change is reflected in cloud-manager UI
  • Use the below config to perform same set of operation but using the linode_lke_cluster resource
terraform {
  required_providers {
    linode = {
      source  = "local/lab/linode"
      version = "~> 99.0.0"
    }
  }
}

provider "linode" {
  token = "<token>"
}

resource "linode_lke_cluster" "my-cluster" {
  label       = "my-cluster"
  k8s_version = "v1.31.9+lke7"
  region      = "us-ord"
  tags        = ["prod"]
  tier        = "enterprise"
  # update_strategy = "on_recycle"

  pool {
    type        = "g6-dedicated-2"
    count       = 3
    label       = "test-pool"
    firewall_id = 3476976
    # tags        = ["hello", "world"]
  }

  pool {
    type        = "g6-dedicated-2"
    count       = 3
  }
}

How do I run the relevant unit/integration tests?

📷 Preview

If applicable, include a screenshot or code snippet of this change. Otherwise, please remove this section.

@rammanoj rammanoj requested a review from a team as a code owner November 13, 2025 21:35
@rammanoj rammanoj requested review from ezilber-akamai and vshanthe and removed request for a team November 13, 2025 21:35
@vshanthe vshanthe requested a review from Copilot November 17, 2025 06:06
Copilot AI reviewed Nov 17, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for associating firewalls with LKE node pools by introducing a firewall_id field. This enables users to specify which firewall should be attached to nodes in a pool during creation or update operations.

Key Changes:

  • Added firewall_id field to node pool data models and schemas across both framework and SDK implementations
  • Implemented create and update logic to handle firewall assignment and changes
  • Updated documentation with examples showing firewall usage

Reviewed Changes

Copilot reviewed 14 out of 15 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
linode/lkenodepool/framework_resource_schema.go Added firewall_id schema attribute definition
linode/lkenodepool/framework_models.go Integrated firewall_id into model flattening, create/update operations
linode/lke/schema_resource.go Added firewall_id to pool schema with default value
linode/lke/resource.go Added firewall_id handling in cluster creation
linode/lke/framework_models.go Added firewall_id parsing for framework data model
linode/lke/cluster.go Implemented firewall_id reconciliation logic for create/update/match operations
linode/lkenodepool/tmpl/template.go Added FirewallID to template data structure
linode/lkenodepool/tmpl/lke_e_nodepool.gotf Added firewall_id to test template
linode/lke/framework_datasource_schema.go Added firewall_id to datasource schema
linode/lke/framework_resource_test.go Added test assertion for firewall_id
docs/resources/lke_node_pool.md Added documentation and example for firewall_id
docs/resources/lke_cluster.md Added documentation and example for firewall_id in pools
docs/data-sources/lke_cluster.md Documented firewall_id in datasource output
go.mod Updated dependencies and added local linodego replacement

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

linode/lke/schema_resource.go Outdated
Type: schema.TypeInt,
Description: "The ID of the Firewall to attach to nodes in this node pool.",
Optional: true,
Default: 0,
Copy link

Copilot AI Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Setting a default value of 0 for firewall_id can be misleading since 0 is being used as a sentinel value to mean 'no firewall' throughout the codebase. Consider removing the Default field to make the absence of a firewall explicit through a null value, which better aligns with the Optional semantics.

Suggested change
Default: 0,

Copilot uses AI. Check for mistakes.
go.mod

toolchain go1.24.1

replace github.com/linode/linodego => ../linodego/
Copy link

Copilot AI Nov 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Local module replacement should not be committed to the repository. This replace directive points to a local filesystem path that won't exist in other development environments or CI/CD pipelines. Remove this line before merging.

Suggested change
replace github.com/linode/linodego => ../linodego/

Copilot uses AI. Check for mistakes.
@vshanthe vshanthe requested a review from Copilot November 18, 2025 07:46
Copilot AI reviewed Nov 18, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 14 out of 15 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@vshanthe vshanthe Awaiting requested review from vshanthe vshanthe is a code owner automatically assigned from linode/dx

@ezilber-akamai ezilber-akamai Awaiting requested review from ezilber-akamai ezilber-akamai is a code owner automatically assigned from linode/dx

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rammanoj @rpotla-akam