From 29f72c901a4d7a86002b934fdf7eb8b43f6563d8 Mon Sep 17 00:00:00 2001 From: Morgante Pell Date: Wed, 4 Dec 2019 11:26:47 -0500 Subject: [PATCH 1/2] Switch to dynamic block for private_cluster_config --- autogen/cluster.tf.tmpl | 16 ++++++++++++---- .../cluster.tf | 16 ++++++++++++---- modules/beta-private-cluster/cluster.tf | 16 ++++++++++++---- .../private-cluster-update-variant/cluster.tf | 16 ++++++++++++---- modules/private-cluster/cluster.tf | 16 ++++++++++++---- 5 files changed, 60 insertions(+), 20 deletions(-) diff --git a/autogen/cluster.tf.tmpl b/autogen/cluster.tf.tmpl index dc19ed2d90..18db2b5859 100644 --- a/autogen/cluster.tf.tmpl +++ b/autogen/cluster.tf.tmpl @@ -191,10 +191,18 @@ resource "google_container_cluster" "primary" { } {% if private_cluster %} - private_cluster_config { - enable_private_endpoint = var.enable_private_endpoint - enable_private_nodes = var.enable_private_nodes - master_ipv4_cidr_block = var.master_ipv4_cidr_block + dynamic "private_cluster_config" { + for_each = var.enable_private_nodes ? [{ + enable_private_nodes = var.enable_private_nodes, + enable_private_endpoint = var.enable_private_endpoint + master_ipv4_cidr_block = var.master_ipv4_cidr_block + }] : [] + + content { + enable_private_endpoint = private_cluster_config.value.enable_private_endpoint + enable_private_nodes = private_cluster_config.value.enable_private_nodes + master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block + } } {% endif %} diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 10fcf764a3..2daaa9ee57 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -178,10 +178,18 @@ resource "google_container_cluster" "primary" { } } - private_cluster_config { - enable_private_endpoint = var.enable_private_endpoint - enable_private_nodes = var.enable_private_nodes - master_ipv4_cidr_block = var.master_ipv4_cidr_block + dynamic "private_cluster_config" { + for_each = var.enable_private_nodes ? [{ + enable_private_nodes = var.enable_private_nodes, + enable_private_endpoint = var.enable_private_endpoint + master_ipv4_cidr_block = var.master_ipv4_cidr_block + }] : [] + + content { + enable_private_endpoint = private_cluster_config.value.enable_private_endpoint + enable_private_nodes = private_cluster_config.value.enable_private_nodes + master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block + } } remove_default_node_pool = var.remove_default_node_pool diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index f2789bfd03..a0121e77b2 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -178,10 +178,18 @@ resource "google_container_cluster" "primary" { } } - private_cluster_config { - enable_private_endpoint = var.enable_private_endpoint - enable_private_nodes = var.enable_private_nodes - master_ipv4_cidr_block = var.master_ipv4_cidr_block + dynamic "private_cluster_config" { + for_each = var.enable_private_nodes ? [{ + enable_private_nodes = var.enable_private_nodes, + enable_private_endpoint = var.enable_private_endpoint + master_ipv4_cidr_block = var.master_ipv4_cidr_block + }] : [] + + content { + enable_private_endpoint = private_cluster_config.value.enable_private_endpoint + enable_private_nodes = private_cluster_config.value.enable_private_nodes + master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block + } } remove_default_node_pool = var.remove_default_node_pool diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 7027d766ce..15e64c823b 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -114,10 +114,18 @@ resource "google_container_cluster" "primary" { } } - private_cluster_config { - enable_private_endpoint = var.enable_private_endpoint - enable_private_nodes = var.enable_private_nodes - master_ipv4_cidr_block = var.master_ipv4_cidr_block + dynamic "private_cluster_config" { + for_each = var.enable_private_nodes ? [{ + enable_private_nodes = var.enable_private_nodes, + enable_private_endpoint = var.enable_private_endpoint + master_ipv4_cidr_block = var.master_ipv4_cidr_block + }] : [] + + content { + enable_private_endpoint = private_cluster_config.value.enable_private_endpoint + enable_private_nodes = private_cluster_config.value.enable_private_nodes + master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block + } } remove_default_node_pool = var.remove_default_node_pool diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index acb6f29a68..e5ce88da5f 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -114,10 +114,18 @@ resource "google_container_cluster" "primary" { } } - private_cluster_config { - enable_private_endpoint = var.enable_private_endpoint - enable_private_nodes = var.enable_private_nodes - master_ipv4_cidr_block = var.master_ipv4_cidr_block + dynamic "private_cluster_config" { + for_each = var.enable_private_nodes ? [{ + enable_private_nodes = var.enable_private_nodes, + enable_private_endpoint = var.enable_private_endpoint + master_ipv4_cidr_block = var.master_ipv4_cidr_block + }] : [] + + content { + enable_private_endpoint = private_cluster_config.value.enable_private_endpoint + enable_private_nodes = private_cluster_config.value.enable_private_nodes + master_ipv4_cidr_block = private_cluster_config.value.master_ipv4_cidr_block + } } remove_default_node_pool = var.remove_default_node_pool From 94d46777f3d5c74f0ff6dea62a24ad21eae96eb8 Mon Sep 17 00:00:00 2001 From: Morgante Pell Date: Wed, 4 Dec 2019 11:27:37 -0500 Subject: [PATCH 2/2] Fix cluster endpoint ouput when enable_private_nodes is false --- autogen/main.tf.tmpl | 5 ++--- main.tf | 3 +-- modules/beta-private-cluster-update-variant/main.tf | 3 +-- modules/beta-private-cluster/main.tf | 3 +-- modules/beta-public-cluster/main.tf | 3 +-- modules/private-cluster-update-variant/main.tf | 3 +-- modules/private-cluster/main.tf | 3 +-- 7 files changed, 8 insertions(+), 15 deletions(-) diff --git a/autogen/main.tf.tmpl b/autogen/main.tf.tmpl index a9dc61b013..5c79b2bea5 100644 --- a/autogen/main.tf.tmpl +++ b/autogen/main.tf.tmpl @@ -101,9 +101,9 @@ locals { cluster_output_zones = local.cluster_output_regional_zones {% if private_cluster %} - cluster_output_endpoint = var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint + cluster_endpoint = var.enable_private_nodes ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint) : google_container_cluster.primary.endpoint {% else %} - cluster_output_endpoint = google_container_cluster.primary.endpoint + cluster_endpoint = google_container_cluster.primary.endpoint {% endif %} cluster_output_master_auth = concat(google_container_cluster.primary.*.master_auth, []) @@ -141,7 +141,6 @@ locals { cluster_zones = sort(local.cluster_output_zones) cluster_name = local.cluster_output_name - cluster_endpoint = local.cluster_output_endpoint cluster_ca_certificate = local.cluster_master_auth_map["cluster_ca_certificate"] cluster_master_version = local.cluster_output_master_version cluster_min_master_version = local.cluster_output_min_master_version diff --git a/main.tf b/main.tf index 5cd5b596bf..45a8cd6f2c 100644 --- a/main.tf +++ b/main.tf @@ -68,7 +68,7 @@ locals { cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : [] cluster_output_zones = local.cluster_output_regional_zones - cluster_output_endpoint = google_container_cluster.primary.endpoint + cluster_endpoint = google_container_cluster.primary.endpoint cluster_output_master_auth = concat(google_container_cluster.primary.*.master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version @@ -96,7 +96,6 @@ locals { cluster_zones = sort(local.cluster_output_zones) cluster_name = local.cluster_output_name - cluster_endpoint = local.cluster_output_endpoint cluster_ca_certificate = local.cluster_master_auth_map["cluster_ca_certificate"] cluster_master_version = local.cluster_output_master_version cluster_min_master_version = local.cluster_output_min_master_version diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index 1e126eca41..37e06e58f1 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -92,7 +92,7 @@ locals { cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : [] cluster_output_zones = local.cluster_output_regional_zones - cluster_output_endpoint = var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint + cluster_endpoint = var.enable_private_nodes ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint) : google_container_cluster.primary.endpoint cluster_output_master_auth = concat(google_container_cluster.primary.*.master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version @@ -127,7 +127,6 @@ locals { cluster_zones = sort(local.cluster_output_zones) cluster_name = local.cluster_output_name - cluster_endpoint = local.cluster_output_endpoint cluster_ca_certificate = local.cluster_master_auth_map["cluster_ca_certificate"] cluster_master_version = local.cluster_output_master_version cluster_min_master_version = local.cluster_output_min_master_version diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 1e126eca41..37e06e58f1 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -92,7 +92,7 @@ locals { cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : [] cluster_output_zones = local.cluster_output_regional_zones - cluster_output_endpoint = var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint + cluster_endpoint = var.enable_private_nodes ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint) : google_container_cluster.primary.endpoint cluster_output_master_auth = concat(google_container_cluster.primary.*.master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version @@ -127,7 +127,6 @@ locals { cluster_zones = sort(local.cluster_output_zones) cluster_name = local.cluster_output_name - cluster_endpoint = local.cluster_output_endpoint cluster_ca_certificate = local.cluster_master_auth_map["cluster_ca_certificate"] cluster_master_version = local.cluster_output_master_version cluster_min_master_version = local.cluster_output_min_master_version diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index b64c40cd15..2742594d87 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -92,7 +92,7 @@ locals { cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : [] cluster_output_zones = local.cluster_output_regional_zones - cluster_output_endpoint = google_container_cluster.primary.endpoint + cluster_endpoint = google_container_cluster.primary.endpoint cluster_output_master_auth = concat(google_container_cluster.primary.*.master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version @@ -127,7 +127,6 @@ locals { cluster_zones = sort(local.cluster_output_zones) cluster_name = local.cluster_output_name - cluster_endpoint = local.cluster_output_endpoint cluster_ca_certificate = local.cluster_master_auth_map["cluster_ca_certificate"] cluster_master_version = local.cluster_output_master_version cluster_min_master_version = local.cluster_output_min_master_version diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index c36ff21005..3955a61e13 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -68,7 +68,7 @@ locals { cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : [] cluster_output_zones = local.cluster_output_regional_zones - cluster_output_endpoint = var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint + cluster_endpoint = var.enable_private_nodes ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint) : google_container_cluster.primary.endpoint cluster_output_master_auth = concat(google_container_cluster.primary.*.master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version @@ -96,7 +96,6 @@ locals { cluster_zones = sort(local.cluster_output_zones) cluster_name = local.cluster_output_name - cluster_endpoint = local.cluster_output_endpoint cluster_ca_certificate = local.cluster_master_auth_map["cluster_ca_certificate"] cluster_master_version = local.cluster_output_master_version cluster_min_master_version = local.cluster_output_min_master_version diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index c36ff21005..3955a61e13 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -68,7 +68,7 @@ locals { cluster_output_zonal_zones = local.zone_count > 1 ? slice(var.zones, 1, local.zone_count) : [] cluster_output_zones = local.cluster_output_regional_zones - cluster_output_endpoint = var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint + cluster_endpoint = var.enable_private_nodes ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config.0.private_endpoint : google_container_cluster.primary.private_cluster_config.0.public_endpoint) : google_container_cluster.primary.endpoint cluster_output_master_auth = concat(google_container_cluster.primary.*.master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version @@ -96,7 +96,6 @@ locals { cluster_zones = sort(local.cluster_output_zones) cluster_name = local.cluster_output_name - cluster_endpoint = local.cluster_output_endpoint cluster_ca_certificate = local.cluster_master_auth_map["cluster_ca_certificate"] cluster_master_version = local.cluster_output_master_version cluster_min_master_version = local.cluster_output_min_master_version