diff --git a/google/data_source_google_container_cluster_test.go b/google/data_source_google_container_cluster_test.go index 88e35cb8..414735f2 100644 --- a/google/data_source_google_container_cluster_test.go +++ b/google/data_source_google_container_cluster_test.go @@ -66,6 +66,7 @@ func testAccDataSourceGoogleContainerClusterCheck(dataSourceName string, resourc "cluster_ipv4_cidr", "description", "enable_kubernetes_alpha", + "enable_tpu", "enable_legacy_abac", "endpoint", "enable_legacy_abac", diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go index c8cbf387..373bfb51 100644 --- a/google/resource_container_cluster.go +++ b/google/resource_container_cluster.go @@ -213,6 +213,13 @@ func resourceContainerCluster() *schema.Resource { Default: false, }, + "enable_tpu": { + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + Default: false, + }, + "enable_legacy_abac": { Type: schema.TypeBool, Optional: true, @@ -553,6 +560,7 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er NetworkPolicy: expandNetworkPolicy(d.Get("network_policy")), AddonsConfig: expandClusterAddonsConfig(d.Get("addons_config")), EnableKubernetesAlpha: d.Get("enable_kubernetes_alpha").(bool), + EnableTpu: d.Get("enable_tpu").(bool), IpAllocationPolicy: expandIPAllocationPolicy(d.Get("ip_allocation_policy")), PodSecurityPolicyConfig: expandPodSecurityPolicyConfig(d.Get("pod_security_policy_config")), MasterIpv4CidrBlock: d.Get("master_ipv4_cidr_block").(string), @@ -733,6 +741,7 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro d.Set("cluster_ipv4_cidr", cluster.ClusterIpv4Cidr) d.Set("description", cluster.Description) d.Set("enable_kubernetes_alpha", cluster.EnableKubernetesAlpha) + d.Set("enable_tpu", cluster.EnableTpu) d.Set("enable_legacy_abac", cluster.LegacyAbac.Enabled) d.Set("logging_service", cluster.LoggingService) d.Set("monitoring_service", cluster.MonitoringService) diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go index b1dc4f01..8b7a2c76 100644 --- a/google/resource_container_cluster_test.go +++ b/google/resource_container_cluster_test.go @@ -460,6 +460,32 @@ func TestAccContainerCluster_withKubernetesAlpha(t *testing.T) { }) } +func TestAccContainerCluster_withTpu(t *testing.T) { + t.Parallel() + + clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckContainerClusterDestroy, + Steps: []resource.TestStep{ + { + Config: testAccContainerCluster_withTpu(clusterName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("google_container_cluster.with_tpu", "enable_tpu", "true"), + ), + }, + { + ResourceName: "google_container_cluster.with_tpu", + ImportStateIdPrefix: "us-central1-b/", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func TestAccContainerCluster_withPrivateCluster(t *testing.T) { t.Parallel() @@ -1743,6 +1769,49 @@ resource "google_container_cluster" "with_kubernetes_alpha" { }`, clusterName) } +func testAccContainerCluster_withTpu(clusterName string) string { + return fmt.Sprintf(` +resource "google_compute_network" "container_network" { + name = "container-net-%s" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "container_subnetwork" { + name = "${google_compute_network.container_network.name}" + network = "${google_compute_network.container_network.name}" + ip_cidr_range = "10.0.35.0/24" + region = "us-central1" + + secondary_ip_range { + range_name = "pod" + ip_cidr_range = "10.1.0.0/19" + } + + secondary_ip_range { + range_name = "svc" + ip_cidr_range = "10.2.0.0/22" + } +} + +resource "google_container_cluster" "with_tpu" { + name = "cluster-test-%s" + zone = "us-central1-b" + initial_node_count = 1 + + enable_tpu = true + + network = "${google_compute_network.container_network.name}" + subnetwork = "${google_compute_subnetwork.container_subnetwork.name}" + + master_ipv4_cidr_block = "10.42.0.0/28" + master_authorized_networks_config { cidr_blocks = [] } + ip_allocation_policy { + cluster_secondary_range_name = "${google_compute_subnetwork.container_subnetwork.secondary_ip_range.0.range_name}" + services_secondary_range_name = "${google_compute_subnetwork.container_subnetwork.secondary_ip_range.1.range_name}" + } +}`, clusterName, clusterName) +} + func testAccContainerCluster_defaultLegacyAbac(clusterName string) string { return fmt.Sprintf(` resource "google_container_cluster" "default_legacy_abac" { diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown index bd6df5de..127e21c4 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -101,6 +101,9 @@ output "cluster_ca_certificate" { this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. +* `enable_tpu` - (Optional) Whether to enable Cloud TPU resources in this cluster. + See the [official documentation](https://cloud.google.com/tpu/docs/kubernetes-engine-setup). + * `enable_legacy_abac` - (Optional) Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM.