Specify CIDR block sizes for GKE cluster subnets (#3145)

Signed-off-by: Modular Magician <magic-modules@google.com>
2024-07-03 08:42:39 +00:00 · 2019-02-28 21:19:29 -08:00 · 2019-02-28 21:19:29 -08:00 · 1a5624c8ea
commit 1a5624c8ea
parent b7eda7b151
3 changed files with 104 additions and 74 deletions
--- a/google/resource_container_cluster.go
+++ b/google/resource_container_cluster.go
@ -44,7 +44,7 @@ var (
 	}

 	ipAllocationSubnetFields    = []string{"ip_allocation_policy.0.create_subnetwork", "ip_allocation_policy.0.subnetwork_name"}
-	ipAllocationCidrBlockFields = []string{"ip_allocation_policy.0.cluster_ipv4_cidr_block", "ip_allocation_policy.0.services_ipv4_cidr_block"}
+	ipAllocationCidrBlockFields = []string{"ip_allocation_policy.0.cluster_ipv4_cidr_block", "ip_allocation_policy.0.services_ipv4_cidr_block", "ip_allocation_policy.0.node_ipv4_cidr_block"}
 	ipAllocationRangeFields     = []string{"ip_allocation_policy.0.cluster_secondary_range_name", "ip_allocation_policy.0.services_secondary_range_name"}
 )

@ -487,13 +487,13 @@ func resourceContainerCluster() *schema.Resource {
 							Type:          schema.TypeBool,
 							Optional:      true,
 							ForceNew:      true,
-							ConflictsWith: append(ipAllocationCidrBlockFields, ipAllocationRangeFields...),
+							ConflictsWith: ipAllocationRangeFields,
 						},
 						"subnetwork_name": {
 							Type:          schema.TypeString,
 							Optional:      true,
 							ForceNew:      true,
-							ConflictsWith: append(ipAllocationCidrBlockFields, ipAllocationRangeFields...),
+							ConflictsWith: ipAllocationRangeFields,
 						},

 						// GKE creates/deletes secondary ranges in VPC
@ -502,7 +502,7 @@ func resourceContainerCluster() *schema.Resource {
 							Optional:         true,
 							Computed:         true,
 							ForceNew:         true,
-							ConflictsWith:    append(ipAllocationSubnetFields, ipAllocationRangeFields...),
+							ConflictsWith:    ipAllocationRangeFields,
 							DiffSuppressFunc: cidrOrSizeDiffSuppress,
 						},
 						"services_ipv4_cidr_block": {
@ -510,7 +510,14 @@ func resourceContainerCluster() *schema.Resource {
 							Optional:         true,
 							Computed:         true,
 							ForceNew:         true,
-							ConflictsWith:    append(ipAllocationSubnetFields, ipAllocationRangeFields...),
+							ConflictsWith:    ipAllocationRangeFields,
+							DiffSuppressFunc: cidrOrSizeDiffSuppress,
+						},
+						"node_ipv4_cidr_block": {
+							Type:             schema.TypeString,
+							Optional:         true,
+							ForceNew:         true,
+							ConflictsWith:    ipAllocationRangeFields,
 							DiffSuppressFunc: cidrOrSizeDiffSuppress,
 						},

@ -833,7 +840,7 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
 		return err
 	}

-	if err := d.Set("ip_allocation_policy", flattenIPAllocationPolicy(cluster.IpAllocationPolicy)); err != nil {
+	if err := d.Set("ip_allocation_policy", flattenIPAllocationPolicy(cluster.IpAllocationPolicy, d, config)); err != nil {
 		return err
 	}

@ -1485,6 +1492,7 @@ func expandIPAllocationPolicy(configured interface{}) *containerBeta.IPAllocatio

 		ClusterIpv4CidrBlock:  config["cluster_ipv4_cidr_block"].(string),
 		ServicesIpv4CidrBlock: config["services_ipv4_cidr_block"].(string),
+		NodeIpv4CidrBlock:     config["node_ipv4_cidr_block"].(string),

 		ClusterSecondaryRangeName:  config["cluster_secondary_range_name"].(string),
 		ServicesSecondaryRangeName: config["services_secondary_range_name"].(string),
@ -1676,10 +1684,22 @@ func flattenPrivateClusterConfig(c *containerBeta.PrivateClusterConfig) []map[st
 	}
 }

-func flattenIPAllocationPolicy(c *containerBeta.IPAllocationPolicy) []map[string]interface{} {
+func flattenIPAllocationPolicy(c *containerBeta.IPAllocationPolicy, d *schema.ResourceData, config *Config) []map[string]interface{} {
 	if c == nil {
 		return nil
 	}
+	node_cidr_block := ""
+	if c.SubnetworkName != "" {
+		subnetwork, err := ParseSubnetworkFieldValue(c.SubnetworkName, d, config)
+		if err == nil {
+			sn, err := config.clientCompute.Subnetworks.Get(subnetwork.Project, subnetwork.Region, subnetwork.Name).Do()
+			if err == nil {
+				node_cidr_block = sn.IpCidrRange
+			}
+		} else {
+			log.Printf("[WARN] Unable to parse subnetwork name, got error while trying to get new subnetwork: %s", err)
+		}
+	}
 	return []map[string]interface{}{
 		{
 			"create_subnetwork": c.CreateSubnetwork,
@ -1687,6 +1707,7 @@ func flattenIPAllocationPolicy(c *containerBeta.IPAllocationPolicy) []map[string

 			"cluster_ipv4_cidr_block":  c.ClusterIpv4CidrBlock,
 			"services_ipv4_cidr_block": c.ServicesIpv4CidrBlock,
+			"node_ipv4_cidr_block":     node_cidr_block,

 			"cluster_secondary_range_name":  c.ClusterSecondaryRangeName,
 			"services_secondary_range_name": c.ServicesSecondaryRangeName,
--- a/google/resource_container_cluster_test.go
+++ b/google/resource_container_cluster_test.go
@ -1846,41 +1846,41 @@ resource "google_container_cluster" "with_net_ref_by_name" {
 func testAccContainerCluster_backendRef() string {
 	return fmt.Sprintf(`
 resource "google_compute_backend_service" "my-backend-service" {
-  name      = "terraform-test-%s"
+  name		= "terraform-test-%s"
  port_name = "http"
-  protocol  = "HTTP"
+  protocol	= "HTTP"

  backend {
-    group = "${element(google_container_cluster.primary.instance_group_urls, 1)}"
+	group = "${element(google_container_cluster.primary.instance_group_urls, 1)}"
  }

  health_checks = ["${google_compute_http_health_check.default.self_link}"]
 }

 resource "google_compute_http_health_check" "default" {
-  name               = "terraform-test-%s"
-  request_path       = "/"
+  name				 = "terraform-test-%s"
+  request_path		 = "/"
  check_interval_sec = 1
-  timeout_sec        = 1
+  timeout_sec		 = 1
 }

 resource "google_container_cluster" "primary" {
-  name               = "terraform-test-%s"
-  zone               = "us-central1-a"
+  name				 = "terraform-test-%s"
+  zone				 = "us-central1-a"
  initial_node_count = 3

  additional_zones = [
-    "us-central1-b",
-    "us-central1-c",
+	"us-central1-b",
+	"us-central1-c",
  ]

  node_config {
-    oauth_scopes = [
-      "https://www.googleapis.com/auth/compute",
-      "https://www.googleapis.com/auth/devstorage.read_only",
-      "https://www.googleapis.com/auth/logging.write",
-      "https://www.googleapis.com/auth/monitoring",
-    ]
+	oauth_scopes = [
+	  "https://www.googleapis.com/auth/compute",
+	  "https://www.googleapis.com/auth/devstorage.read_only",
+	  "https://www.googleapis.com/auth/logging.write",
+	  "https://www.googleapis.com/auth/monitoring",
+	]
  }
 }
 `, acctest.RandString(10), acctest.RandString(10), acctest.RandString(10))
@ -1889,8 +1889,8 @@ resource "google_container_cluster" "primary" {
 func testAccContainerCluster_withLogging(clusterName string) string {
 	return fmt.Sprintf(`
 resource "google_container_cluster" "with_logging" {
-	name               = "cluster-test-%s"
-	zone               = "us-central1-a"
+	name			   = "cluster-test-%s"
+	zone			   = "us-central1-a"
 	initial_node_count = 1

 	logging_service = "logging.googleapis.com"
@ -1900,8 +1900,8 @@ resource "google_container_cluster" "with_logging" {
 func testAccContainerCluster_updateLogging(clusterName string) string {
 	return fmt.Sprintf(`
 resource "google_container_cluster" "with_logging" {
-	name               = "cluster-test-%s"
-	zone               = "us-central1-a"
+	name			   = "cluster-test-%s"
+	zone			   = "us-central1-a"
 	initial_node_count = 1

 	logging_service = "none"
@ -1911,8 +1911,8 @@ resource "google_container_cluster" "with_logging" {
 func testAccContainerCluster_withMonitoring(clusterName string) string {
 	return fmt.Sprintf(`
 resource "google_container_cluster" "with_monitoring" {
-	name               = "cluster-test-%s"
-	zone               = "us-central1-a"
+	name			   = "cluster-test-%s"
+	zone			   = "us-central1-a"
 	initial_node_count = 1

 	monitoring_service = "monitoring.googleapis.com"
@ -1922,8 +1922,8 @@ resource "google_container_cluster" "with_monitoring" {
 func testAccContainerCluster_updateMonitoring(clusterName string) string {
 	return fmt.Sprintf(`
 resource "google_container_cluster" "with_monitoring" {
-	name               = "cluster-test-%s"
-	zone               = "us-central1-a"
+	name			   = "cluster-test-%s"
+	zone			   = "us-central1-a"
 	initial_node_count = 1

 	monitoring_service = "none"
@ -1937,7 +1937,7 @@ resource "google_container_cluster" "with_node_pool" {
 	zone = "us-central1-a"

 	node_pool {
-		name               = "%s"
+		name			   = "%s"
 		initial_node_count = 2
 	}
 }`, cluster, nodePool)
@ -1956,9 +1956,9 @@ resource "google_container_cluster" "with_node_pool" {
 	min_master_version = "${data.google_container_engine_versions.central1a.valid_master_versions.1}"

 	node_pool {
-		name               = "%s"
+		name			   = "%s"
 		initial_node_count = 2
-		version            = "${data.google_container_engine_versions.central1a.valid_node_versions.2}"
+		version			   = "${data.google_container_engine_versions.central1a.valid_node_versions.2}"
 	}
 }`, cluster, nodePool)
 }
@ -1976,9 +1976,9 @@ resource "google_container_cluster" "with_node_pool" {
 	min_master_version = "${data.google_container_engine_versions.central1a.valid_master_versions.1}"

 	node_pool {
-		name               = "%s"
+		name			   = "%s"
 		initial_node_count = 2
-		version            = "${data.google_container_engine_versions.central1a.valid_node_versions.1}"
+		version			   = "${data.google_container_engine_versions.central1a.valid_node_versions.1}"
 	}
 }`, cluster, nodePool)
 }
@ -1995,7 +1995,7 @@ resource "google_container_cluster" "with_node_pool" {
 	]

 	node_pool {
-		name       = "%s"
+		name	   = "%s"
 		node_count = 2
 	}
 }`, cluster, nodePool)
@ -2013,7 +2013,7 @@ resource "google_container_cluster" "with_node_pool" {
 	]

 	node_pool {
-		name       = "%s"
+		name	   = "%s"
 		node_count = 3
 	}
 }`, cluster, nodePool)
@ -2026,7 +2026,7 @@ resource "google_container_cluster" "with_node_pool" {
 	zone = "us-central1-a"

 	node_pool {
-		name               = "%s"
+		name			   = "%s"
 		initial_node_count = 2
 		autoscaling {
 			min_node_count = 1
@ -2043,7 +2043,7 @@ resource "google_container_cluster" "with_node_pool" {
 	zone = "us-central1-a"

 	node_pool {
-		name               = "%s"
+		name			   = "%s"
 		initial_node_count = 2
 		autoscaling {
 			min_node_count = 1
@ -2061,7 +2061,7 @@ resource "google_container_cluster" "with_node_pool_name_prefix" {

 	node_pool {
 		name_prefix = "tf-np-test"
-		node_count  = 2
+		node_count	= 2
 	}
 }`, acctest.RandString(10))
 }
@ -2073,12 +2073,12 @@ resource "google_container_cluster" "with_node_pool_multiple" {
 	zone = "us-central1-a"

 	node_pool {
-		name       = "tf-cluster-nodepool-test-%s"
+		name	   = "tf-cluster-nodepool-test-%s"
 		node_count = 2
 	}

 	node_pool {
-		name       = "tf-cluster-nodepool-test-%s"
+		name	   = "tf-cluster-nodepool-test-%s"
 		node_count = 3
 	}
 }`, acctest.RandString(10), acctest.RandString(10), acctest.RandString(10))
@ -2092,9 +2092,9 @@ resource "google_container_cluster" "with_node_pool_multiple" {

 	node_pool {
 		# ERROR: name and name_prefix cannot be both specified
-		name        = "tf-cluster-nodepool-test-%s"
+		name		= "tf-cluster-nodepool-test-%s"
 		name_prefix = "tf-cluster-nodepool-test-"
-		node_count  = 1
+		node_count	= 1
 	}
 }`, acctest.RandString(10), acctest.RandString(10))
 }
@ -2137,8 +2137,8 @@ resource "google_container_cluster" "with_node_pool_node_config" {
 func testAccContainerCluster_withDefaultNodePoolRemoved() string {
 	return fmt.Sprintf(`
 resource "google_container_cluster" "with_default_node_pool_removed" {
-	name               = "cluster-test-%s"
-	zone               = "us-central1-a"
+	name			   = "cluster-test-%s"
+	zone			   = "us-central1-a"
 	initial_node_count = 1

 	remove_default_node_pool = true
@ -2175,18 +2175,18 @@ resource "google_compute_network" "container_network" {
 }

 resource "google_compute_subnetwork" "container_subnetwork" {
-	name          = "${google_compute_network.container_network.name}"
-	network       = "${google_compute_network.container_network.name}"
+	name		  = "${google_compute_network.container_network.name}"
+	network		  = "${google_compute_network.container_network.name}"
 	ip_cidr_range = "10.0.0.0/24"
-	region        = "us-central1"
+	region		  = "us-central1"

 	secondary_ip_range {
-	    range_name    = "pods"
-	    ip_cidr_range = "10.1.0.0/16"
+		range_name	  = "pods"
+		ip_cidr_range = "10.1.0.0/16"
 	}
 	secondary_ip_range {
-	    range_name    = "services"
-	    ip_cidr_range = "10.2.0.0/20"
+		range_name	  = "services"
+		ip_cidr_range = "10.2.0.0/20"
 	}
 }

@ -2213,15 +2213,15 @@ resource "google_compute_network" "container_network" {
 }

 resource "google_compute_subnetwork" "container_subnetwork" {
-	name          = "${google_compute_network.container_network.name}"
-	network       = "${google_compute_network.container_network.name}"
+	name		  = "${google_compute_network.container_network.name}"
+	network		  = "${google_compute_network.container_network.name}"
 	ip_cidr_range = "10.128.0.0/9"
-	region        = "us-central1"
+	region		  = "us-central1"
 }

 resource "google_container_cluster" "with_ip_allocation_policy" {
-	name       = "%s"
-	zone       = "us-central1-a"
+	name	   = "%s"
+	zone	   = "us-central1-a"
 	network    = "${google_compute_network.container_network.name}"
 	subnetwork = "${google_compute_subnetwork.container_subnetwork.name}"

@ -2229,6 +2229,7 @@ resource "google_container_cluster" "with_ip_allocation_policy" {
 	ip_allocation_policy {
 		cluster_ipv4_cidr_block  = "10.0.0.0/16"
 		services_ipv4_cidr_block = "10.1.0.0/16"
+		node_ipv4_cidr_block = "10.2.0.0/16"
 	}
 }`, cluster, cluster)
 }
@ -2241,10 +2242,10 @@ resource "google_compute_network" "container_network" {
 }

 resource "google_compute_subnetwork" "container_subnetwork" {
-	name          = "${google_compute_network.container_network.name}"
-	network       = "${google_compute_network.container_network.name}"
+	name		  = "${google_compute_network.container_network.name}"
+	network		  = "${google_compute_network.container_network.name}"
 	ip_cidr_range = "10.0.0.0/24"
-	region        = "us-central1"
+	region		  = "us-central1"
 }

 resource "google_container_cluster" "with_ip_allocation_policy" {
@ -2252,14 +2253,16 @@ resource "google_container_cluster" "with_ip_allocation_policy" {
 	zone = "us-central1-a"

 	network = "${google_compute_network.container_network.name}"
-	subnetwork = "${google_compute_subnetwork.container_subnetwork.name}"

 	initial_node_count = 1
 	ip_allocation_policy {
+		create_subnetwork = true
+		subnetwork_name = "tf-test-%s"
 		cluster_ipv4_cidr_block = "/16"
 		services_ipv4_cidr_block = "/22"
+		node_ipv4_cidr_block = "/22"
 	}
-}`, cluster, cluster)
+}`, cluster, cluster, cluster)
 }

 func testAccContainerCluster_withIPAllocationPolicy_createSubnetwork(cluster string) string {
@ -2283,19 +2286,19 @@ resource "google_compute_network" "container_network" {
 }

 resource "google_compute_subnetwork" "container_subnetwork" {
-	name                     = "${google_compute_network.container_network.name}"
-	network                  = "${google_compute_network.container_network.name}"
-	ip_cidr_range            = "10.0.36.0/24"
-	region                   = "us-central1"
+	name					 = "${google_compute_network.container_network.name}"
+	network					 = "${google_compute_network.container_network.name}"
+	ip_cidr_range			 = "10.0.36.0/24"
+	region					 = "us-central1"
 	private_ip_google_access = true

 	secondary_ip_range {
-		range_name    = "pod"
+		range_name	  = "pod"
 		ip_cidr_range = "10.0.0.0/19"
 	}

 	secondary_ip_range {
-		range_name    = "svc"
+		range_name	  = "svc"
 		ip_cidr_range = "10.0.32.0/22"
 	}
 }
@ -2354,8 +2357,8 @@ resource "google_container_cluster" "cidr_error_preempt" {
  initial_node_count = 1

  ip_allocation_policy {
-    cluster_ipv4_cidr_block = "10.3.0.0/19"
-    services_ipv4_cidr_block = "10.4.0.0/19"
+	cluster_ipv4_cidr_block = "10.3.0.0/19"
+	services_ipv4_cidr_block = "10.4.0.0/19"
  }
 }
 `, clusterName)
@ -2372,8 +2375,8 @@ resource "google_container_cluster" "cidr_error_overlap" {
  initial_node_count = 1

  ip_allocation_policy {
-    cluster_ipv4_cidr_block = "10.3.0.0/19"
-    services_ipv4_cidr_block = "10.4.0.0/19"
+	cluster_ipv4_cidr_block = "10.3.0.0/19"
+	services_ipv4_cidr_block = "10.4.0.0/19"
  }
 }
 `, initConfig, secondCluster)
--- a/website/docs/r/container_cluster.html.markdown
+++ b/website/docs/r/container_cluster.html.markdown
@ -366,6 +366,12 @@ The `ip_allocation_policy` block supports:
    from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to
    pick a specific range to use.

+* `node_ipv4_cidr_block` - (Optional) The IP address range of the node IPs in this cluster.
+    Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14)
+    to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14)
+    from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to
+    pick a specific range to use.
+
 * `services_ipv4_cidr_block` - (Optional) The IP address range of the services IPs in this cluster.
    Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14)
    to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14)