From b8b854793410473f4f7469d2675d8a58aaffd18a Mon Sep 17 00:00:00 2001 From: Tomas Gareau Date: Wed, 12 Jan 2022 17:58:19 -0600 Subject: [PATCH] fix: Allow users to specify network tags for the default node pool (#1123) * Modify cluster template to allow setting network tags on default-pool This adds the following tags to the default pool: * the cluster_network_tag (gke-${var.name}) * the pool-specific network tag (gke-${var.name}-default-pool) * user-specified tags from var.node_pools_tags["all"]\ * user-specified tags from var.node_pools_tags["default-pool"] * Build autogen template to apply changes in cluster.tf.impl * Use network tags from the first node pool --- autogen/main/cluster.tf.tmpl | 7 +++++++ cluster.tf | 7 +++++++ modules/beta-private-cluster-update-variant/cluster.tf | 7 +++++++ modules/beta-private-cluster/cluster.tf | 7 +++++++ modules/beta-public-cluster-update-variant/cluster.tf | 7 +++++++ modules/beta-public-cluster/cluster.tf | 7 +++++++ modules/private-cluster-update-variant/cluster.tf | 7 +++++++ modules/private-cluster/cluster.tf | 7 +++++++ 8 files changed, 56 insertions(+) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index a580e7ea9..b15947ff6 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -288,6 +288,13 @@ resource "google_container_cluster" "primary" { service_account = lookup(var.node_pools[0], "service_account", local.service_account) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) + dynamic "workload_metadata_config" { for_each = local.cluster_node_metadata_config diff --git a/cluster.tf b/cluster.tf index 29c4e6581..4385913d1 100644 --- a/cluster.tf +++ b/cluster.tf @@ -152,6 +152,13 @@ resource "google_container_cluster" "primary" { service_account = lookup(var.node_pools[0], "service_account", local.service_account) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) + dynamic "workload_metadata_config" { for_each = local.cluster_node_metadata_config diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 21e2a7232..b66778722 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -253,6 +253,13 @@ resource "google_container_cluster" "primary" { service_account = lookup(var.node_pools[0], "service_account", local.service_account) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) + dynamic "workload_metadata_config" { for_each = local.cluster_node_metadata_config diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index d5204d6cf..96a66fcc4 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -253,6 +253,13 @@ resource "google_container_cluster" "primary" { service_account = lookup(var.node_pools[0], "service_account", local.service_account) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) + dynamic "workload_metadata_config" { for_each = local.cluster_node_metadata_config diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 904aa0326..6800ab701 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -253,6 +253,13 @@ resource "google_container_cluster" "primary" { service_account = lookup(var.node_pools[0], "service_account", local.service_account) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) + dynamic "workload_metadata_config" { for_each = local.cluster_node_metadata_config diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 01f0f8db7..574b89e02 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -253,6 +253,13 @@ resource "google_container_cluster" "primary" { service_account = lookup(var.node_pools[0], "service_account", local.service_account) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) + dynamic "workload_metadata_config" { for_each = local.cluster_node_metadata_config diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index e0543b203..2de7575db 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -152,6 +152,13 @@ resource "google_container_cluster" "primary" { service_account = lookup(var.node_pools[0], "service_account", local.service_account) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) + dynamic "workload_metadata_config" { for_each = local.cluster_node_metadata_config diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index a6233716e..bf6596abb 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -152,6 +152,13 @@ resource "google_container_cluster" "primary" { service_account = lookup(var.node_pools[0], "service_account", local.service_account) + tags = concat( + lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], + lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [], + lookup(local.node_pools_tags, "all", []), + lookup(local.node_pools_tags, var.node_pools[0].name, []), + ) + dynamic "workload_metadata_config" { for_each = local.cluster_node_metadata_config