From b4aa6b8f9a520decc8780306d5a39f9bec47c0fe Mon Sep 17 00:00:00 2001 From: Modular Magician Date: Sat, 27 Jun 2020 12:43:14 +0000 Subject: [PATCH] add networking_mode to google_container_cluster (#3709) * add to * review comment updates Signed-off-by: Modular Magician --- .changelog/3709.txt | 3 ++ google-beta/resource_container_cluster.go | 30 +++++++++++++++---- .../resource_container_cluster_test.go | 26 ++++++++++++---- .../docs/r/container_cluster.html.markdown | 4 +++ 4 files changed, 52 insertions(+), 11 deletions(-) create mode 100644 .changelog/3709.txt diff --git a/.changelog/3709.txt b/.changelog/3709.txt new file mode 100644 index 0000000000..4ebda03d64 --- /dev/null +++ b/.changelog/3709.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +container: added `networking_mode` to `google_container_cluster` (TPGB-only) +``` diff --git a/google-beta/resource_container_cluster.go b/google-beta/resource_container_cluster.go index 309991222a..ba814303d7 100644 --- a/google-beta/resource_container_cluster.go +++ b/google-beta/resource_container_cluster.go @@ -882,6 +882,15 @@ func resourceContainerCluster() *schema.Resource { }, }, + "networking_mode": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ValidateFunc: validation.StringInSlice([]string{"VPC_NATIVE", "ROUTES"}, false), + Description: `Determines whether alias IPs or routes will be used for pod IPs in the cluster.`, + }, + "remove_default_node_pool": { Type: schema.TypeBool, Optional: true, @@ -1190,6 +1199,11 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er clusterName := d.Get("name").(string) + ipAllocationBlock, err := expandIPAllocationPolicy(d.Get("ip_allocation_policy"), d.Get("networking_mode").(string)) + if err != nil { + return err + } + cluster := &containerBeta.Cluster{ Name: clusterName, InitialNodeCount: int64(d.Get("initial_node_count").(int)), @@ -1207,7 +1221,7 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er NetworkPolicy: expandNetworkPolicy(d.Get("network_policy")), AddonsConfig: expandClusterAddonsConfig(d.Get("addons_config")), EnableKubernetesAlpha: d.Get("enable_kubernetes_alpha").(bool), - IpAllocationPolicy: expandIPAllocationPolicy(d.Get("ip_allocation_policy")), + IpAllocationPolicy: ipAllocationBlock, PodSecurityPolicyConfig: expandPodSecurityPolicyConfig(d.Get("pod_security_policy_config")), Autoscaling: expandClusterAutoscaling(d.Get("cluster_autoscaling"), d), BinaryAuthorization: &containerBeta.BinaryAuthorization{ @@ -2480,25 +2494,29 @@ func expandClusterAddonsConfig(configured interface{}) *containerBeta.AddonsConf return ac } -func expandIPAllocationPolicy(configured interface{}) *containerBeta.IPAllocationPolicy { +func expandIPAllocationPolicy(configured interface{}, networking_mode string) (*containerBeta.IPAllocationPolicy, error) { l := configured.([]interface{}) if len(l) == 0 || l[0] == nil { + if networking_mode == "VPC_NATIVE" { + return nil, fmt.Errorf("`ip_allocation_policy` block is required for VPC_NATIVE clusters.") + } return &containerBeta.IPAllocationPolicy{ UseIpAliases: false, ForceSendFields: []string{"UseIpAliases"}, - } + }, nil } config := l[0].(map[string]interface{}) return &containerBeta.IPAllocationPolicy{ - UseIpAliases: true, + UseIpAliases: networking_mode == "VPC_NATIVE", ClusterIpv4CidrBlock: config["cluster_ipv4_cidr_block"].(string), ServicesIpv4CidrBlock: config["services_ipv4_cidr_block"].(string), ClusterSecondaryRangeName: config["cluster_secondary_range_name"].(string), ServicesSecondaryRangeName: config["services_secondary_range_name"].(string), ForceSendFields: []string{"UseIpAliases"}, - } + UseRoutes: networking_mode == "ROUTES", + }, nil } func expandMaintenancePolicy(d *schema.ResourceData, meta interface{}) *containerBeta.MaintenancePolicy { @@ -3042,8 +3060,10 @@ func flattenWorkloadIdentityConfig(c *containerBeta.WorkloadIdentityConfig) []ma func flattenIPAllocationPolicy(c *containerBeta.Cluster, d *schema.ResourceData, config *Config) []map[string]interface{} { // If IP aliasing isn't enabled, none of the values in this block can be set. if c == nil || c.IpAllocationPolicy == nil || !c.IpAllocationPolicy.UseIpAliases { + d.Set("networking_mode", "ROUTES") return nil } + d.Set("networking_mode", "VPC_NATIVE") p := c.IpAllocationPolicy return []map[string]interface{}{ diff --git a/google-beta/resource_container_cluster_test.go b/google-beta/resource_container_cluster_test.go index 67b29701f0..e0cd032f54 100644 --- a/google-beta/resource_container_cluster_test.go +++ b/google-beta/resource_container_cluster_test.go @@ -2351,6 +2351,7 @@ resource "google_container_cluster" "with_authenticator_groups" { security_group = "gke-security-groups@mydomain.tld" } + networking_mode = "VPC_NATIVE" ip_allocation_policy { cluster_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[0].range_name services_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[1].range_name @@ -2483,8 +2484,9 @@ resource "google_container_cluster" "with_tpu" { enable_tpu = true - network = google_compute_network.container_network.name - subnetwork = google_compute_subnetwork.container_subnetwork.name + network = google_compute_network.container_network.name + subnetwork = google_compute_subnetwork.container_subnetwork.name + networking_mode = "VPC_NATIVE" private_cluster_config { enable_private_endpoint = true @@ -3319,6 +3321,7 @@ resource "google_container_cluster" "with_ip_allocation_policy" { network = google_compute_network.container_network.name subnetwork = google_compute_subnetwork.container_subnetwork.name + networking_mode = "VPC_NATIVE" initial_node_count = 1 ip_allocation_policy { cluster_secondary_range_name = "pods" @@ -3350,6 +3353,8 @@ resource "google_container_cluster" "with_ip_allocation_policy" { subnetwork = google_compute_subnetwork.container_subnetwork.name initial_node_count = 1 + + networking_mode = "VPC_NATIVE" ip_allocation_policy { cluster_ipv4_cidr_block = "10.0.0.0/16" services_ipv4_cidr_block = "10.1.0.0/16" @@ -3380,6 +3385,8 @@ resource "google_container_cluster" "with_ip_allocation_policy" { subnetwork = google_compute_subnetwork.container_subnetwork.name initial_node_count = 1 + + networking_mode = "VPC_NATIVE" ip_allocation_policy { cluster_ipv4_cidr_block = "/16" services_ipv4_cidr_block = "/22" @@ -3457,6 +3464,7 @@ resource "google_container_cluster" "with_private_cluster" { location = "us-central1-a" initial_node_count = 1 + networking_mode = "VPC_NATIVE" network = google_compute_network.container_network.name subnetwork = google_compute_subnetwork.container_subnetwork.name @@ -3504,6 +3512,7 @@ resource "google_container_cluster" "with_private_cluster" { location = "us-central1-a" initial_node_count = 1 + networking_mode = "VPC_NATIVE" network = google_compute_network.container_network.name subnetwork = google_compute_subnetwork.container_subnetwork.name @@ -3673,8 +3682,9 @@ resource "google_container_cluster" "shared_vpc_cluster" { initial_node_count = 1 project = google_compute_shared_vpc_service_project.service_project.service_project - network = google_compute_network.shared_network.self_link - subnetwork = google_compute_subnetwork.shared_subnetwork.self_link + networking_mode = "VPC_NATIVE" + network = google_compute_network.shared_network.self_link + subnetwork = google_compute_subnetwork.shared_subnetwork.self_link ip_allocation_policy { cluster_secondary_range_name = google_compute_subnetwork.shared_subnetwork.secondary_ip_range[0].range_name @@ -3732,8 +3742,9 @@ resource "google_container_cluster" "with_flexible_cidr" { location = "us-central1-a" initial_node_count = 3 - network = google_compute_network.container_network.name - subnetwork = google_compute_subnetwork.container_subnetwork.name + networking_mode = "VPC_NATIVE" + network = google_compute_network.container_network.name + subnetwork = google_compute_subnetwork.container_subnetwork.name private_cluster_config { enable_private_endpoint = true @@ -3771,6 +3782,7 @@ resource "google_container_cluster" "cidr_error_preempt" { name = "%s" location = "us-central1-a" + networking_mode = "VPC_NATIVE" network = google_compute_network.container_network.name subnetwork = google_compute_subnetwork.container_subnetwork.name @@ -3797,6 +3809,7 @@ resource "google_container_cluster" "cidr_error_overlap" { initial_node_count = 1 + networking_mode = "VPC_NATIVE" ip_allocation_policy { cluster_ipv4_cidr_block = "10.0.0.0/16" services_ipv4_cidr_block = "10.1.0.0/16" @@ -3878,6 +3891,7 @@ resource "google_container_cluster" "with_private_cluster" { location = "us-central1-a" initial_node_count = 1 + networking_mode = "VPC_NATIVE" network = google_compute_network.container_network.name subnetwork = google_compute_subnetwork.container_subnetwork.name diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown index 1067bde6b1..1e94923f69 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -186,6 +186,10 @@ VPC-native clusters. Adding this block enables [IP aliasing](https://cloud.googl making the cluster VPC-native instead of routes-based. Structure is documented below. +* `networking_mode` - (Optional, [Beta]) Determines whether alias IPs or routes will be used for pod IPs in the cluster. +Options are `VPC_NATIVE` or `ROUTES`. `VPC_NATIVE` enables [IP aliasing](https://cloud.google.com/kubernetes-engine/docs/how-to/ip-aliases), +and requires the `ip_allocation_policy` block to be defined. By default when this field is unspecified, GKE will create a `ROUTES`-based cluster. + * `logging_service` - (Optional) The logging service that the cluster should write logs to. Available options include `logging.googleapis.com`(Legacy Stackdriver), `logging.googleapis.com/kubernetes`(Stackdriver Kubernetes Engine Logging), and `none`. Defaults to `logging.googleapis.com/kubernetes`