From 2f570d705fce243b90ad49801fd517d9a78bd3e5 Mon Sep 17 00:00:00 2001 From: The Magician Date: Fri, 7 Jul 2023 16:23:10 -0700 Subject: [PATCH] feat: add google_gkeonprem_bare_metal_admin_cluster resource (#8142) (#15099) * add bare_metal_admin_cluster resource * correct create verb * Correct create url * Add test example covering all fields * revert unintended changes in vmware cluster * Add newline at end of file --------- Signed-off-by: Modular Magician Co-authored-by: Thomas Rodgers --- .changelog/8142.txt | 3 + ...rem_bare_metal_admin_cluster.html.markdown | 724 ++++++++++++++++++ 2 files changed, 727 insertions(+) create mode 100644 .changelog/8142.txt create mode 100644 website/docs/r/gkeonprem_bare_metal_admin_cluster.html.markdown diff --git a/.changelog/8142.txt b/.changelog/8142.txt new file mode 100644 index 00000000000..49136e08a41 --- /dev/null +++ b/.changelog/8142.txt @@ -0,0 +1,3 @@ +```release-note:new-resource +`google_gkeonprem_bare_metal_admin_cluster` +``` diff --git a/website/docs/r/gkeonprem_bare_metal_admin_cluster.html.markdown b/website/docs/r/gkeonprem_bare_metal_admin_cluster.html.markdown new file mode 100644 index 00000000000..ed2d1c0e605 --- /dev/null +++ b/website/docs/r/gkeonprem_bare_metal_admin_cluster.html.markdown @@ -0,0 +1,724 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "Anthos On-Prem" +description: |- + A Google Bare Metal Admin Cluster. +--- + +# google\_gkeonprem\_bare\_metal\_admin\_cluster + +A Google Bare Metal Admin Cluster. + +~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + + +## Example Usage - Gkeonprem Bare Metal Admin Cluster Basic + + +```hcl +resource "google_gkeonprem_bare_metal_admin_cluster" "admin-cluster-basic" { + provider = google-beta + name = "basic" + location = "us-west1" + bare_metal_version = "1.13.4" + network_config { + island_mode_cidr { + service_address_cidr_blocks = ["172.26.0.0/16"] + pod_address_cidr_blocks = ["10.240.0.0/13"] + } + } + node_config { + max_pods_per_node = 250 + } + control_plane { + control_plane_node_pool_config { + node_pool_config { + labels = {} + operating_system = "LINUX" + node_configs { + labels = {} + node_ip = "10.200.0.2" + } + node_configs { + labels = {} + node_ip = "10.200.0.3" + } + node_configs { + labels = {} + node_ip = "10.200.0.4" + } + } + } + } + load_balancer { + port_config { + control_plane_load_balancer_port = 443 + } + vip_config { + control_plane_vip = "10.200.0.5" + } + } + storage { + lvp_share_config { + lvp_config { + path = "/mnt/localpv-share" + storage_class = "local-shared" + } + shared_path_pv_count = 5 + } + lvp_node_mounts_config { + path = "/mnt/localpv-disk" + storage_class = "local-disks" + } + } + node_access_config { + login_user = "root" + } +} +``` +## Example Usage - Gkeonprem Bare Metal Admin Cluster Full + + +```hcl +resource "google_gkeonprem_bare_metal_admin_cluster" "admin-cluster-basic" { + provider = google-beta + name = "basic" + location = "us-west1" + description = "test description" + bare_metal_version = "1.13.4" + annotations = {} + network_config { + island_mode_cidr { + service_address_cidr_blocks = ["172.26.0.0/16"] + pod_address_cidr_blocks = ["10.240.0.0/13"] + } + } + node_config { + max_pods_per_node = 250 + } + control_plane { + control_plane_node_pool_config { + node_pool_config { + labels = {} + operating_system = "LINUX" + node_configs { + labels = {} + node_ip = "10.200.0.2" + } + node_configs { + labels = {} + node_ip = "10.200.0.3" + } + node_configs { + labels = {} + node_ip = "10.200.0.4" + } + taints { + key = "test-key" + value = "test-value" + effect = "NO_EXECUTE" + } + } + } + api_server_args { + argument = "test argument" + value = "test value" + } + } + load_balancer { + port_config { + control_plane_load_balancer_port = 443 + } + vip_config { + control_plane_vip = "10.200.0.5" + } + manual_lb_config { + enabled = true + } + } + storage { + lvp_share_config { + lvp_config { + path = "/mnt/localpv-share" + storage_class = "local-shared" + } + shared_path_pv_count = 5 + } + lvp_node_mounts_config { + path = "/mnt/localpv-disk" + storage_class = "local-disks" + } + } + node_access_config { + login_user = "root" + } + security_config { + authorization { + admin_users { + username = "admin@hashicorptest.com" + } + } + } + maintenance_config { + maintenance_address_cidr_blocks = ["10.0.0.1/32", "10.0.0.2/32"] + } + cluster_operations { + enable_application_logs = true + } + proxy { + uri = "test proxy uri" + no_proxy = ["127.0.0.1"] + } +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `name` - + (Required) + The bare metal admin cluster name. + +* `location` - + (Required) + The location of the resource. + + +- - - + + +* `description` - + (Optional) + A human readable description of this Bare Metal Admin Cluster. + +* `bare_metal_version` - + (Optional) + A human readable description of this Bare Metal Admin Cluster. + +* `annotations` - + (Optional) + Annotations on the Bare Metal Admin Cluster. + This field has the same restrictions as Kubernetes annotations. + The total size of all keys and values combined is limited to 256k. + Key can have 2 segments: prefix (optional) and name (required), + separated by a slash (/). + Prefix must be a DNS subdomain. + Name must be 63 characters or less, begin and end with alphanumerics, + with dashes (-), underscores (_), dots (.), and alphanumerics between. + +* `network_config` - + (Optional) + Network configuration. + Structure is [documented below](#nested_network_config). + +* `control_plane` - + (Optional) + Specifies the control plane configuration. + Structure is [documented below](#nested_control_plane). + +* `load_balancer` - + (Optional) + Specifies the load balancer configuration. + Structure is [documented below](#nested_load_balancer). + +* `storage` - + (Optional) + Specifies the cluster storage configuration. + Structure is [documented below](#nested_storage). + +* `proxy` - + (Optional) + Specifies the cluster proxy configuration. + Structure is [documented below](#nested_proxy). + +* `cluster_operations` - + (Optional) + Specifies the Admin Cluster's observability infrastructure. + Structure is [documented below](#nested_cluster_operations). + +* `maintenance_config` - + (Optional) + Specifies the workload node configurations. + Structure is [documented below](#nested_maintenance_config). + +* `node_config` - + (Optional) + Specifies the workload node configurations. + Structure is [documented below](#nested_node_config). + +* `node_access_config` - + (Optional) + Specifies the node access related settings for the bare metal user cluster. + Structure is [documented below](#nested_node_access_config). + +* `security_config` - + (Optional) + Specifies the security related settings for the Bare Metal User Cluster. + Structure is [documented below](#nested_security_config). + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + + +The `network_config` block supports: + +* `island_mode_cidr` - + (Optional) + A nested object resource + Structure is [documented below](#nested_island_mode_cidr). + + +The `island_mode_cidr` block supports: + +* `service_address_cidr_blocks` - + (Required) + All services in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation. + +* `pod_address_cidr_blocks` - + (Required) + All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. This field cannot be changed after creation. + +The `control_plane` block supports: + +* `control_plane_node_pool_config` - + (Required) + Configures the node pool running the control plane. If specified the corresponding NodePool will be created for the cluster's control plane. The NodePool will have the same name and namespace as the cluster. + Structure is [documented below](#nested_control_plane_node_pool_config). + +* `api_server_args` - + (Optional) + Customizes the default API server args. Only a subset of + customized flags are supported. Please refer to the API server + documentation below to know the exact format: + https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/ + Structure is [documented below](#nested_api_server_args). + + +The `control_plane_node_pool_config` block supports: + +* `node_pool_config` - + (Required) + The generic configuration for a node pool running the control plane. + Structure is [documented below](#nested_node_pool_config). + + +The `node_pool_config` block supports: + +* `node_configs` - + (Optional) + The list of machine addresses in the Bare Metal Node Pool. + Structure is [documented below](#nested_node_configs). + +* `operating_system` - + (Optional) + Specifies the nodes operating system (default: LINUX). + +* `taints` - + (Optional) + The initial taints assigned to nodes of this node pool. + Structure is [documented below](#nested_taints). + +* `labels` - + (Optional) + The map of Kubernetes labels (key/value pairs) to be applied to + each node. These will added in addition to any default label(s) + that Kubernetes may apply to the node. In case of conflict in + label keys, the applied set may differ depending on the Kubernetes + version -- it's best to assume the behavior is undefined and + conflicts should be avoided. For more information, including usage + and the valid values, see: + http://kubernetes.io/v1.1/docs/user-guide/labels.html + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + + +The `node_configs` block supports: + +* `node_ip` - + (Optional) + The default IPv4 address for SSH access and Kubernetes node. + Example: 192.168.0.1 + +* `labels` - + (Optional) + The map of Kubernetes labels (key/value pairs) to be applied to + each node. These will added in addition to any default label(s) + that Kubernetes may apply to the node. In case of conflict in + label keys, the applied set may differ depending on the Kubernetes + version -- it's best to assume the behavior is undefined and + conflicts should be avoided. For more information, including usage + and the valid values, see: + http://kubernetes.io/v1.1/docs/user-guide/labels.html + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + +The `taints` block supports: + +* `key` - + (Optional) + Key associated with the effect. + +* `value` - + (Optional) + Value associated with the effect. + +* `effect` - + (Optional) + Specifies the nodes operating system (default: LINUX). + Possible values are: `EFFECT_UNSPECIFIED`, `PREFER_NO_SCHEDULE`, `NO_EXECUTE`. + +The `api_server_args` block supports: + +* `argument` - + (Required) + The argument name as it appears on the API Server command line please make sure to remove the leading dashes. + +* `value` - + (Required) + The value of the arg as it will be passed to the API Server command line. + +The `load_balancer` block supports: + +* `vip_config` - + (Required) + Specified the Bare Metal Load Balancer Config + Structure is [documented below](#nested_vip_config). + +* `port_config` - + (Required) + Specifies the load balancer ports. + Structure is [documented below](#nested_port_config). + +* `manual_lb_config` - + (Optional) + A nested object resource + Structure is [documented below](#nested_manual_lb_config). + + +The `vip_config` block supports: + +* `control_plane_vip` - + (Required) + The VIP which you previously set aside for the Kubernetes API of this Bare Metal Admin Cluster. + +The `port_config` block supports: + +* `control_plane_load_balancer_port` - + (Required) + The port that control plane hosted load balancers will listen on. + +The `manual_lb_config` block supports: + +* `enabled` - + (Required) + Whether manual load balancing is enabled. + +The `storage` block supports: + +* `lvp_share_config` - + (Required) + Specifies the config for local PersistentVolumes backed by + subdirectories in a shared filesystem. These subdirectores are + automatically created during cluster creation. + Structure is [documented below](#nested_lvp_share_config). + +* `lvp_node_mounts_config` - + (Required) + Specifies the config for local PersistentVolumes backed + by mounted node disks. These disks need to be formatted and mounted by the + user, which can be done before or after cluster creation. + Structure is [documented below](#nested_lvp_node_mounts_config). + + +The `lvp_share_config` block supports: + +* `lvp_config` - + (Required) + Defines the machine path and storage class for the LVP Share. + Structure is [documented below](#nested_lvp_config). + +* `shared_path_pv_count` - + (Optional) + The number of subdirectories to create under path. + + +The `lvp_config` block supports: + +* `path` - + (Required) + The host machine path. + +* `storage_class` - + (Required) + The StorageClass name that PVs will be created with. + +The `lvp_node_mounts_config` block supports: + +* `path` - + (Required) + The host machine path. + +* `storage_class` - + (Required) + The StorageClass name that PVs will be created with. + +The `proxy` block supports: + +* `uri` - + (Required) + Specifies the address of your proxy server. + Examples: http://domain + WARNING: Do not provide credentials in the format + http://(username:password@)domain these will be rejected by the server. + +* `no_proxy` - + (Optional) + A list of IPs, hostnames, and domains that should skip the proxy. + Examples: ["127.0.0.1", "example.com", ".corp", "localhost"]. + +The `cluster_operations` block supports: + +* `enable_application_logs` - + (Optional) + Whether collection of application logs/metrics should be enabled (in addition to system logs/metrics). + +The `maintenance_config` block supports: + +* `maintenance_address_cidr_blocks` - + (Required) + All IPv4 address from these ranges will be placed into maintenance mode. + Nodes in maintenance mode will be cordoned and drained. When both of these + are true, the "baremetal.cluster.gke.io/maintenance" annotation will be set + on the node resource. + +The `node_config` block supports: + +* `max_pods_per_node` - + (Optional) + The maximum number of pods a node can run. The size of the CIDR range + assigned to the node will be derived from this parameter. + +The `node_access_config` block supports: + +* `login_user` - + (Optional) + LoginUser is the user name used to access node machines. + It defaults to "root" if not set. + +The `security_config` block supports: + +* `authorization` - + (Optional) + Configures user access to the Bare Metal User cluster. + Structure is [documented below](#nested_authorization). + + +The `authorization` block supports: + +* `admin_users` - + (Required) + Users that will be granted the cluster-admin role on the cluster, providing full access to the cluster. + Structure is [documented below](#nested_admin_users). + + +The `admin_users` block supports: + +* `username` - + (Required) + The name of the user, e.g. `my-gcp-id@gmail.com`. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/bareMetalAdminClusters/{{name}}` + +* `uid` - + The unique identifier of the Bare Metal Admin Cluster. + +* `state` - + The current state of this cluster. + +* `endpoint` - + The IP address name of Bare Metal Admin Cluster's API server. + +* `reconciling` - + If set, there are currently changes in flight to the Bare Metal Admin Cluster. + +* `create_time` - + The time the cluster was created, in RFC3339 text format. + +* `update_time` - + The time the cluster was last updated, in RFC3339 text format. + +* `delete_time` - + The time the cluster was deleted, in RFC3339 text format. + +* `local_name` - + The object name of the Bare Metal Admin Cluster custom resource on the + associated admin cluster. This field is used to support conflicting + names when enrolling existing clusters to the API. When used as a part of + cluster enrollment, this field will differ from the ID in the resource + name. For new clusters, this field will match the user provided cluster ID + and be visible in the last component of the resource name. It is not + modifiable. + All users should use this name to access their cluster using gkectl or + kubectl and should expect to see the local name when viewing admin + cluster controller logs. + +* `etag` - + This checksum is computed by the server based on the value of other + fields, and may be sent on update and delete requests to ensure the + client has an up-to-date value before proceeding. + Allows clients to perform consistent read-modify-writes + through optimistic concurrency control. + +* `fleet` - + Fleet related configuration. + Fleets are a Google Cloud concept for logically organizing clusters, + letting you use and manage multi-cluster capabilities and apply + consistent policies across your systems. + See [Anthos Fleets](https://cloud.google.com/anthos/multicluster-management/fleets) for + more details on Anthos multi-cluster capabilities using Fleets. + Structure is [documented below](#nested_fleet). + +* `status` - + Specifies detailed cluster status. + Structure is [documented below](#nested_status). + +* `validation_check` - + Specifies the security related settings for the Bare Metal Admin Cluster. + Structure is [documented below](#nested_validation_check). + + +The `fleet` block contains: + +* `membership` - + (Output) + The name of the managed Hub Membership resource associated to this cluster. + Membership names are formatted as + `projects//locations//memberships/`. + +The `status` block contains: + +* `error_message` - + (Output) + Human-friendly representation of the error message from the admin cluster + controller. The error message can be temporary as the admin cluster + controller creates a cluster or node pool. If the error message persists + for a longer period of time, it can be used to surface error message to + indicate real problems requiring user intervention. + +* `conditions` - + (Output) + ResourceConditions provide a standard mechanism for higher-level status reporting from admin cluster controller. + Structure is [documented below](#nested_conditions). + + +The `conditions` block contains: + +* `type` - + (Optional) + Type of the condition. + (e.g., ClusterRunning, NodePoolRunning or ServerSidePreflightReady) + +* `reason` - + (Optional) + Machine-readable message indicating details about last transition. + +* `message` - + (Optional) + Human-readable message indicating details about last transition. + +* `last_transition_time` - + (Output) + Last time the condition transit from one status to another. + +* `state` - + (Output) + The lifecycle state of the condition. + +The `validation_check` block contains: + +* `options` - + (Output) + Options used for the validation check. + +* `status` - + (Output) + Specifies the detailed validation check status + Structure is [documented below](#nested_status). + +* `scenario` - + (Output) + The scenario when the preflight checks were run.. + + +The `status` block contains: + +* `result` - + (Output) + Individual checks which failed as part of the Preflight check execution. + Structure is [documented below](#nested_result). + + +The `result` block contains: + +* `options` - + (Output) + Options used for the validation check. + +* `description` - + (Output) + The description of the validation check. + +* `category` - + (Output) + The category of the validation. + +* `reason` - + (Output) + A human-readable message of the check failure. + +* `details` - + (Output) + Detailed failure information, which might be unformatted. + +## Timeouts + +This resource provides the following +[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options: + +- `create` - Default is 20 minutes. +- `update` - Default is 20 minutes. +- `delete` - Default is 20 minutes. + +## Import + + +BareMetalAdminCluster can be imported using any of these accepted formats: + +``` +$ terraform import google_gkeonprem_bare_metal_admin_cluster.default projects/{{project}}/locations/{{location}}/bareMetalAdminClusters/{{name}} +$ terraform import google_gkeonprem_bare_metal_admin_cluster.default {{project}}/{{location}}/{{name}} +$ terraform import google_gkeonprem_bare_metal_admin_cluster.default {{location}}/{{name}} +``` + +## User Project Overrides + +This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).