mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-24 02:26:00 +00:00
Make removals in google_container_cluster (#2395)
This commit is contained in:
parent
6e97f6192f
commit
7c3445229c
|
@ -201,10 +201,10 @@ func resourceContainerCluster() *schema.Resource {
|
||||||
},
|
},
|
||||||
|
|
||||||
"enable_binary_authorization": {
|
"enable_binary_authorization": {
|
||||||
Deprecated: "This field is in beta and will be removed from this provider. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
|
Removed: "This field is in beta. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
|
||||||
|
Computed: true,
|
||||||
Type: schema.TypeBool,
|
Type: schema.TypeBool,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
Default: false,
|
|
||||||
},
|
},
|
||||||
|
|
||||||
"enable_kubernetes_alpha": {
|
"enable_kubernetes_alpha": {
|
||||||
|
@ -215,11 +215,11 @@ func resourceContainerCluster() *schema.Resource {
|
||||||
},
|
},
|
||||||
|
|
||||||
"enable_tpu": {
|
"enable_tpu": {
|
||||||
Deprecated: "This field is in beta and will be removed from this provider. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
|
|
||||||
Type: schema.TypeBool,
|
Type: schema.TypeBool,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
ForceNew: true,
|
ForceNew: true,
|
||||||
Default: false,
|
Removed: "This field is in beta. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
|
||||||
|
Computed: true,
|
||||||
},
|
},
|
||||||
|
|
||||||
"enable_legacy_abac": {
|
"enable_legacy_abac": {
|
||||||
|
@ -394,7 +394,8 @@ func resourceContainerCluster() *schema.Resource {
|
||||||
},
|
},
|
||||||
|
|
||||||
"pod_security_policy_config": {
|
"pod_security_policy_config": {
|
||||||
Deprecated: "This field is in beta and will be removed from this provider. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
|
// Remove return nil from expand when this is removed for good.
|
||||||
|
Removed: "This field is in beta. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
|
||||||
Type: schema.TypeList,
|
Type: schema.TypeList,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
MaxItems: 1,
|
MaxItems: 1,
|
||||||
|
@ -406,7 +407,6 @@ func resourceContainerCluster() *schema.Resource {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
DiffSuppressFunc: podSecurityPolicyCfgSuppress,
|
|
||||||
},
|
},
|
||||||
|
|
||||||
"project": {
|
"project": {
|
||||||
|
@ -504,8 +504,7 @@ func resourceContainerCluster() *schema.Resource {
|
||||||
},
|
},
|
||||||
|
|
||||||
"private_cluster": {
|
"private_cluster": {
|
||||||
Deprecated: "Use private_cluster_config.enable_private_nodes instead.",
|
Removed: "Use private_cluster_config.enable_private_nodes instead.",
|
||||||
ConflictsWith: []string{"private_cluster_config"},
|
|
||||||
Computed: true,
|
Computed: true,
|
||||||
Type: schema.TypeBool,
|
Type: schema.TypeBool,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
|
@ -549,11 +548,10 @@ func resourceContainerCluster() *schema.Resource {
|
||||||
},
|
},
|
||||||
|
|
||||||
"master_ipv4_cidr_block": {
|
"master_ipv4_cidr_block": {
|
||||||
Deprecated: "This field is in beta and will be removed from this provider. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
|
Removed: "Use private_cluster_config.master_ipv4_cidr_block instead.",
|
||||||
|
Computed: true,
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
ForceNew: true,
|
|
||||||
ValidateFunc: validation.CIDRNetwork(28, 28),
|
|
||||||
},
|
},
|
||||||
|
|
||||||
"resource_labels": {
|
"resource_labels": {
|
||||||
|
@ -602,14 +600,8 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
|
||||||
NetworkPolicy: expandNetworkPolicy(d.Get("network_policy")),
|
NetworkPolicy: expandNetworkPolicy(d.Get("network_policy")),
|
||||||
AddonsConfig: expandClusterAddonsConfig(d.Get("addons_config")),
|
AddonsConfig: expandClusterAddonsConfig(d.Get("addons_config")),
|
||||||
EnableKubernetesAlpha: d.Get("enable_kubernetes_alpha").(bool),
|
EnableKubernetesAlpha: d.Get("enable_kubernetes_alpha").(bool),
|
||||||
EnableTpu: d.Get("enable_tpu").(bool),
|
|
||||||
IpAllocationPolicy: expandIPAllocationPolicy(d.Get("ip_allocation_policy")),
|
IpAllocationPolicy: expandIPAllocationPolicy(d.Get("ip_allocation_policy")),
|
||||||
PodSecurityPolicyConfig: expandPodSecurityPolicyConfig(d.Get("pod_security_policy_config")),
|
PodSecurityPolicyConfig: expandPodSecurityPolicyConfig(d.Get("pod_security_policy_config")),
|
||||||
MasterIpv4CidrBlock: d.Get("master_ipv4_cidr_block").(string),
|
|
||||||
BinaryAuthorization: &containerBeta.BinaryAuthorization{
|
|
||||||
Enabled: d.Get("enable_binary_authorization").(bool),
|
|
||||||
ForceSendFields: []string{"Enabled"},
|
|
||||||
},
|
|
||||||
MasterAuth: expandMasterAuth(d.Get("master_auth")),
|
MasterAuth: expandMasterAuth(d.Get("master_auth")),
|
||||||
ResourceLabels: expandStringMap(d, "resource_labels"),
|
ResourceLabels: expandStringMap(d, "resource_labels"),
|
||||||
}
|
}
|
||||||
|
@ -676,17 +668,6 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
|
||||||
cluster.NodeConfig = expandNodeConfig(v)
|
cluster.NodeConfig = expandNodeConfig(v)
|
||||||
}
|
}
|
||||||
|
|
||||||
if v, ok := d.GetOk("private_cluster"); ok {
|
|
||||||
if cluster.PrivateCluster = v.(bool); cluster.PrivateCluster {
|
|
||||||
if cluster.MasterIpv4CidrBlock == "" {
|
|
||||||
return fmt.Errorf("master_ipv4_cidr_block is mandatory when private_cluster=true")
|
|
||||||
}
|
|
||||||
if cluster.IpAllocationPolicy == nil {
|
|
||||||
return fmt.Errorf("ip_allocation_policy is mandatory when private_cluster=true")
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if v, ok := d.GetOk("private_cluster_config"); ok {
|
if v, ok := d.GetOk("private_cluster_config"); ok {
|
||||||
cluster.PrivateClusterConfig = expandPrivateClusterConfig(v)
|
cluster.PrivateClusterConfig = expandPrivateClusterConfig(v)
|
||||||
}
|
}
|
||||||
|
@ -791,13 +772,11 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
|
||||||
d.Set("cluster_ipv4_cidr", cluster.ClusterIpv4Cidr)
|
d.Set("cluster_ipv4_cidr", cluster.ClusterIpv4Cidr)
|
||||||
d.Set("description", cluster.Description)
|
d.Set("description", cluster.Description)
|
||||||
d.Set("enable_kubernetes_alpha", cluster.EnableKubernetesAlpha)
|
d.Set("enable_kubernetes_alpha", cluster.EnableKubernetesAlpha)
|
||||||
d.Set("enable_tpu", cluster.EnableTpu)
|
|
||||||
d.Set("enable_legacy_abac", cluster.LegacyAbac.Enabled)
|
d.Set("enable_legacy_abac", cluster.LegacyAbac.Enabled)
|
||||||
d.Set("logging_service", cluster.LoggingService)
|
d.Set("logging_service", cluster.LoggingService)
|
||||||
d.Set("monitoring_service", cluster.MonitoringService)
|
d.Set("monitoring_service", cluster.MonitoringService)
|
||||||
d.Set("network", cluster.NetworkConfig.Network)
|
d.Set("network", cluster.NetworkConfig.Network)
|
||||||
d.Set("subnetwork", cluster.NetworkConfig.Subnetwork)
|
d.Set("subnetwork", cluster.NetworkConfig.Subnetwork)
|
||||||
d.Set("enable_binary_authorization", cluster.BinaryAuthorization != nil && cluster.BinaryAuthorization.Enabled)
|
|
||||||
if err := d.Set("node_config", flattenNodeConfig(cluster.NodeConfig)); err != nil {
|
if err := d.Set("node_config", flattenNodeConfig(cluster.NodeConfig)); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -829,14 +808,7 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := d.Set("pod_security_policy_config", flattenPodSecurityPolicyConfig(cluster.PodSecurityPolicyConfig)); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
d.Set("private_cluster", cluster.PrivateCluster)
|
|
||||||
d.Set("master_ipv4_cidr_block", cluster.MasterIpv4CidrBlock)
|
|
||||||
d.Set("resource_labels", cluster.ResourceLabels)
|
d.Set("resource_labels", cluster.ResourceLabels)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -962,28 +934,6 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if d.HasChange("enable_binary_authorization") {
|
|
||||||
enabled := d.Get("enable_binary_authorization").(bool)
|
|
||||||
req := &containerBeta.UpdateClusterRequest{
|
|
||||||
Update: &containerBeta.ClusterUpdate{
|
|
||||||
DesiredBinaryAuthorization: &containerBeta.BinaryAuthorization{
|
|
||||||
Enabled: enabled,
|
|
||||||
ForceSendFields: []string{"Enabled"},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
updateF := updateFunc(req, "updating GKE binary authorization")
|
|
||||||
// Call update serially.
|
|
||||||
if err := lockedCall(lockKey, updateF); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
log.Printf("[INFO] GKE cluster %s's binary authorization has been updated to %v", d.Id(), enabled)
|
|
||||||
|
|
||||||
d.SetPartial("enable_binary_authorization")
|
|
||||||
}
|
|
||||||
|
|
||||||
if d.HasChange("maintenance_policy") {
|
if d.HasChange("maintenance_policy") {
|
||||||
var req *containerBeta.SetMaintenancePolicyRequest
|
var req *containerBeta.SetMaintenancePolicyRequest
|
||||||
if mp, ok := d.GetOk("maintenance_policy"); ok {
|
if mp, ok := d.GetOk("maintenance_policy"); ok {
|
||||||
|
@ -1256,31 +1206,6 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
|
||||||
d.SetPartial("master_auth")
|
d.SetPartial("master_auth")
|
||||||
}
|
}
|
||||||
|
|
||||||
if d.HasChange("pod_security_policy_config") {
|
|
||||||
c := d.Get("pod_security_policy_config")
|
|
||||||
req := &containerBeta.UpdateClusterRequest{
|
|
||||||
Update: &containerBeta.ClusterUpdate{
|
|
||||||
DesiredPodSecurityPolicyConfig: expandPodSecurityPolicyConfig(c),
|
|
||||||
},
|
|
||||||
}
|
|
||||||
|
|
||||||
updateF := func() error {
|
|
||||||
name := containerClusterFullName(project, location, clusterName)
|
|
||||||
op, err := config.clientContainerBeta.Projects.Locations.Clusters.Update(name, req).Do()
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
// Wait until it's updated
|
|
||||||
return containerSharedOperationWait(config, op, project, location, "updating GKE cluster pod security policy config", timeoutInMinutes, 2)
|
|
||||||
}
|
|
||||||
if err := lockedCall(lockKey, updateF); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
log.Printf("[INFO] GKE cluster %s pod security policy config has been updated", d.Id())
|
|
||||||
|
|
||||||
d.SetPartial("pod_security_policy_config")
|
|
||||||
}
|
|
||||||
|
|
||||||
if d.HasChange("resource_labels") {
|
if d.HasChange("resource_labels") {
|
||||||
resourceLabels := d.Get("resource_labels").(map[string]interface{})
|
resourceLabels := d.Get("resource_labels").(map[string]interface{})
|
||||||
req := &containerBeta.SetLabelsRequest{
|
req := &containerBeta.SetLabelsRequest{
|
||||||
|
@ -1572,16 +1497,9 @@ func expandPrivateClusterConfig(configured interface{}) *containerBeta.PrivateCl
|
||||||
}
|
}
|
||||||
|
|
||||||
func expandPodSecurityPolicyConfig(configured interface{}) *containerBeta.PodSecurityPolicyConfig {
|
func expandPodSecurityPolicyConfig(configured interface{}) *containerBeta.PodSecurityPolicyConfig {
|
||||||
l := configured.([]interface{})
|
// Removing lists is hard - the element count (#) will have a diff from nil -> computed
|
||||||
if len(l) == 0 || l[0] == nil {
|
// If we set this to empty on Read, it will be stable.
|
||||||
return nil
|
return nil
|
||||||
}
|
|
||||||
|
|
||||||
config := l[0].(map[string]interface{})
|
|
||||||
return &containerBeta.PodSecurityPolicyConfig{
|
|
||||||
Enabled: config["enabled"].(bool),
|
|
||||||
ForceSendFields: []string{"Enabled"},
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func flattenNetworkPolicy(c *containerBeta.NetworkPolicy) []map[string]interface{} {
|
func flattenNetworkPolicy(c *containerBeta.NetworkPolicy) []map[string]interface{} {
|
||||||
|
@ -1740,17 +1658,6 @@ func flattenMasterAuthorizedNetworksConfig(c *containerBeta.MasterAuthorizedNetw
|
||||||
return []map[string]interface{}{result}
|
return []map[string]interface{}{result}
|
||||||
}
|
}
|
||||||
|
|
||||||
func flattenPodSecurityPolicyConfig(c *containerBeta.PodSecurityPolicyConfig) []map[string]interface{} {
|
|
||||||
if c == nil {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
return []map[string]interface{}{
|
|
||||||
{
|
|
||||||
"enabled": c.Enabled,
|
|
||||||
},
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func resourceContainerClusterStateImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
|
func resourceContainerClusterStateImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
|
||||||
parts := strings.Split(d.Id(), "/")
|
parts := strings.Split(d.Id(), "/")
|
||||||
|
|
||||||
|
@ -1827,17 +1734,3 @@ func masterAuthClientCertCfgSuppress(k, old, new string, r *schema.ResourceData)
|
||||||
|
|
||||||
return strings.HasSuffix(k, ".issue_client_certificate") && old == "" && new == "true"
|
return strings.HasSuffix(k, ".issue_client_certificate") && old == "" && new == "true"
|
||||||
}
|
}
|
||||||
|
|
||||||
func podSecurityPolicyCfgSuppress(k, old, new string, r *schema.ResourceData) bool {
|
|
||||||
if k == "pod_security_policy_config.#" && old == "1" && new == "0" {
|
|
||||||
if v, ok := r.GetOk("pod_security_policy_config"); ok {
|
|
||||||
cfgList := v.([]interface{})
|
|
||||||
if len(cfgList) > 0 {
|
|
||||||
d := cfgList[0].(map[string]interface{})
|
|
||||||
// Suppress if old value was {enabled == false}
|
|
||||||
return !d["enabled"].(bool)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
|
@ -458,57 +458,6 @@ func TestAccContainerCluster_withKubernetesAlpha(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestAccContainerCluster_withTpu(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
|
|
||||||
|
|
||||||
resource.Test(t, resource.TestCase{
|
|
||||||
PreCheck: func() { testAccPreCheck(t) },
|
|
||||||
Providers: testAccProviders,
|
|
||||||
CheckDestroy: testAccCheckContainerClusterDestroy,
|
|
||||||
Steps: []resource.TestStep{
|
|
||||||
{
|
|
||||||
Config: testAccContainerCluster_withTpu(clusterName),
|
|
||||||
Check: resource.ComposeTestCheckFunc(
|
|
||||||
resource.TestCheckResourceAttr("google_container_cluster.with_tpu", "enable_tpu", "true"),
|
|
||||||
),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
ResourceName: "google_container_cluster.with_tpu",
|
|
||||||
ImportStateIdPrefix: "us-central1-b/",
|
|
||||||
ImportState: true,
|
|
||||||
ImportStateVerify: true,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestAccContainerCluster_withPrivateCluster(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
|
|
||||||
|
|
||||||
resource.Test(t, resource.TestCase{
|
|
||||||
PreCheck: func() { testAccPreCheck(t) },
|
|
||||||
Providers: testAccProviders,
|
|
||||||
CheckDestroy: testAccCheckContainerClusterDestroy,
|
|
||||||
Steps: []resource.TestStep{
|
|
||||||
{
|
|
||||||
Config: testAccContainerCluster_withPrivateCluster(clusterName),
|
|
||||||
Check: resource.ComposeTestCheckFunc(
|
|
||||||
resource.TestCheckResourceAttr("google_container_cluster.with_private_cluster", "private_cluster", "true"),
|
|
||||||
),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
ResourceName: "google_container_cluster.with_private_cluster",
|
|
||||||
ImportStateIdPrefix: "us-central1-a/",
|
|
||||||
ImportState: true,
|
|
||||||
ImportStateVerify: true,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
}
|
|
||||||
func TestAccContainerCluster_withPrivateClusterConfig(t *testing.T) {
|
func TestAccContainerCluster_withPrivateClusterConfig(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
|
@ -1188,46 +1137,6 @@ func TestAccContainerCluster_withIPAllocationPolicy_createSubnetwork(t *testing.
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestAccContainerCluster_withPodSecurityPolicy(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
|
|
||||||
|
|
||||||
resource.Test(t, resource.TestCase{
|
|
||||||
PreCheck: func() { testAccPreCheck(t) },
|
|
||||||
Providers: testAccProviders,
|
|
||||||
CheckDestroy: testAccCheckContainerClusterDestroy,
|
|
||||||
Steps: []resource.TestStep{
|
|
||||||
{
|
|
||||||
Config: testAccContainerCluster_withPodSecurityPolicy(clusterName, true),
|
|
||||||
Check: resource.ComposeTestCheckFunc(
|
|
||||||
resource.TestCheckResourceAttr("google_container_cluster.with_pod_security_policy",
|
|
||||||
"pod_security_policy_config.0.enabled", "true"),
|
|
||||||
),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
ResourceName: "google_container_cluster.with_pod_security_policy",
|
|
||||||
ImportStateIdPrefix: "us-central1-a/",
|
|
||||||
ImportState: true,
|
|
||||||
ImportStateVerify: true,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Config: testAccContainerCluster_withPodSecurityPolicy(clusterName, false),
|
|
||||||
Check: resource.ComposeTestCheckFunc(
|
|
||||||
resource.TestCheckResourceAttr("google_container_cluster.with_pod_security_policy",
|
|
||||||
"pod_security_policy_config.0.enabled", "false"),
|
|
||||||
),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
ResourceName: "google_container_cluster.with_pod_security_policy",
|
|
||||||
ImportStateIdPrefix: "us-central1-a/",
|
|
||||||
ImportState: true,
|
|
||||||
ImportStateVerify: true,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
func TestAccContainerCluster_sharedVpc(t *testing.T) {
|
func TestAccContainerCluster_sharedVpc(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
|
@ -1303,38 +1212,6 @@ func TestAccContainerCluster_withResourceLabelsUpdate(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestAccContainerCluster_withBinaryAuthorization(t *testing.T) {
|
|
||||||
t.Parallel()
|
|
||||||
|
|
||||||
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
|
|
||||||
|
|
||||||
resource.Test(t, resource.TestCase{
|
|
||||||
PreCheck: func() { testAccPreCheck(t) },
|
|
||||||
Providers: testAccProviders,
|
|
||||||
CheckDestroy: testAccCheckContainerClusterDestroy,
|
|
||||||
Steps: []resource.TestStep{
|
|
||||||
{
|
|
||||||
Config: testAccContainerCluster_withBinaryAuthorization(clusterName, true),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
ResourceName: "google_container_cluster.with_binary_authorization",
|
|
||||||
ImportStateIdPrefix: "us-central1-a/",
|
|
||||||
ImportState: true,
|
|
||||||
ImportStateVerify: true,
|
|
||||||
},
|
|
||||||
{
|
|
||||||
Config: testAccContainerCluster_withBinaryAuthorization(clusterName, false),
|
|
||||||
},
|
|
||||||
{
|
|
||||||
ResourceName: "google_container_cluster.with_binary_authorization",
|
|
||||||
ImportStateIdPrefix: "us-central1-a/",
|
|
||||||
ImportState: true,
|
|
||||||
ImportStateVerify: true,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
func testAccCheckContainerClusterDestroy(s *terraform.State) error {
|
func testAccCheckContainerClusterDestroy(s *terraform.State) error {
|
||||||
config := testAccProvider.Meta().(*Config)
|
config := testAccProvider.Meta().(*Config)
|
||||||
|
|
||||||
|
@ -1750,49 +1627,6 @@ resource "google_container_cluster" "with_kubernetes_alpha" {
|
||||||
}`, clusterName)
|
}`, clusterName)
|
||||||
}
|
}
|
||||||
|
|
||||||
func testAccContainerCluster_withTpu(clusterName string) string {
|
|
||||||
return fmt.Sprintf(`
|
|
||||||
resource "google_compute_network" "container_network" {
|
|
||||||
name = "container-net-%s"
|
|
||||||
auto_create_subnetworks = false
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_compute_subnetwork" "container_subnetwork" {
|
|
||||||
name = "${google_compute_network.container_network.name}"
|
|
||||||
network = "${google_compute_network.container_network.name}"
|
|
||||||
ip_cidr_range = "10.0.35.0/24"
|
|
||||||
region = "us-central1"
|
|
||||||
|
|
||||||
secondary_ip_range {
|
|
||||||
range_name = "pod"
|
|
||||||
ip_cidr_range = "10.1.0.0/19"
|
|
||||||
}
|
|
||||||
|
|
||||||
secondary_ip_range {
|
|
||||||
range_name = "svc"
|
|
||||||
ip_cidr_range = "10.2.0.0/22"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_container_cluster" "with_tpu" {
|
|
||||||
name = "cluster-test-%s"
|
|
||||||
zone = "us-central1-b"
|
|
||||||
initial_node_count = 1
|
|
||||||
|
|
||||||
enable_tpu = true
|
|
||||||
|
|
||||||
network = "${google_compute_network.container_network.name}"
|
|
||||||
subnetwork = "${google_compute_subnetwork.container_subnetwork.name}"
|
|
||||||
|
|
||||||
master_ipv4_cidr_block = "10.42.0.0/28"
|
|
||||||
master_authorized_networks_config { cidr_blocks = [] }
|
|
||||||
ip_allocation_policy {
|
|
||||||
cluster_secondary_range_name = "${google_compute_subnetwork.container_subnetwork.secondary_ip_range.0.range_name}"
|
|
||||||
services_secondary_range_name = "${google_compute_subnetwork.container_subnetwork.secondary_ip_range.1.range_name}"
|
|
||||||
}
|
|
||||||
}`, clusterName, clusterName)
|
|
||||||
}
|
|
||||||
|
|
||||||
func testAccContainerCluster_defaultLegacyAbac(clusterName string) string {
|
func testAccContainerCluster_defaultLegacyAbac(clusterName string) string {
|
||||||
return fmt.Sprintf(`
|
return fmt.Sprintf(`
|
||||||
resource "google_container_cluster" "default_legacy_abac" {
|
resource "google_container_cluster" "default_legacy_abac" {
|
||||||
|
@ -2375,61 +2209,6 @@ resource "google_container_cluster" "with_ip_allocation_policy" {
|
||||||
}`, cluster)
|
}`, cluster)
|
||||||
}
|
}
|
||||||
|
|
||||||
func testAccContainerCluster_withPodSecurityPolicy(clusterName string, enabled bool) string {
|
|
||||||
return fmt.Sprintf(`
|
|
||||||
resource "google_container_cluster" "with_pod_security_policy" {
|
|
||||||
name = "cluster-test-%s"
|
|
||||||
zone = "us-central1-a"
|
|
||||||
initial_node_count = 1
|
|
||||||
|
|
||||||
pod_security_policy_config {
|
|
||||||
enabled = %v
|
|
||||||
}
|
|
||||||
}`, clusterName, enabled)
|
|
||||||
}
|
|
||||||
|
|
||||||
func testAccContainerCluster_withPrivateCluster(clusterName string) string {
|
|
||||||
return fmt.Sprintf(`
|
|
||||||
resource "google_compute_network" "container_network" {
|
|
||||||
name = "container-net-%s"
|
|
||||||
auto_create_subnetworks = false
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_compute_subnetwork" "container_subnetwork" {
|
|
||||||
name = "${google_compute_network.container_network.name}"
|
|
||||||
network = "${google_compute_network.container_network.name}"
|
|
||||||
ip_cidr_range = "10.0.36.0/24"
|
|
||||||
region = "us-central1"
|
|
||||||
private_ip_google_access = true
|
|
||||||
|
|
||||||
secondary_ip_range {
|
|
||||||
range_name = "pod"
|
|
||||||
ip_cidr_range = "10.0.0.0/19"
|
|
||||||
}
|
|
||||||
|
|
||||||
secondary_ip_range {
|
|
||||||
range_name = "svc"
|
|
||||||
ip_cidr_range = "10.0.32.0/22"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_container_cluster" "with_private_cluster" {
|
|
||||||
name = "cluster-test-%s"
|
|
||||||
zone = "us-central1-a"
|
|
||||||
initial_node_count = 1
|
|
||||||
|
|
||||||
network = "${google_compute_network.container_network.name}"
|
|
||||||
subnetwork = "${google_compute_subnetwork.container_subnetwork.name}"
|
|
||||||
|
|
||||||
private_cluster = true
|
|
||||||
master_ipv4_cidr_block = "10.42.0.0/28"
|
|
||||||
master_authorized_networks_config { cidr_blocks = [] }
|
|
||||||
ip_allocation_policy {
|
|
||||||
cluster_secondary_range_name = "${google_compute_subnetwork.container_subnetwork.secondary_ip_range.0.range_name}"
|
|
||||||
services_secondary_range_name = "${google_compute_subnetwork.container_subnetwork.secondary_ip_range.1.range_name}"
|
|
||||||
}
|
|
||||||
}`, clusterName, clusterName)
|
|
||||||
}
|
|
||||||
func testAccContainerCluster_withPrivateClusterConfig(clusterName string) string {
|
func testAccContainerCluster_withPrivateClusterConfig(clusterName string) string {
|
||||||
return fmt.Sprintf(`
|
return fmt.Sprintf(`
|
||||||
resource "google_compute_network" "container_network" {
|
resource "google_compute_network" "container_network" {
|
||||||
|
@ -2602,15 +2381,3 @@ resource "google_container_cluster" "with_resource_labels" {
|
||||||
}
|
}
|
||||||
`, clusterName)
|
`, clusterName)
|
||||||
}
|
}
|
||||||
|
|
||||||
func testAccContainerCluster_withBinaryAuthorization(clusterName string, enabled bool) string {
|
|
||||||
return fmt.Sprintf(`
|
|
||||||
resource "google_container_cluster" "with_binary_authorization" {
|
|
||||||
name = "%s"
|
|
||||||
zone = "us-central1-a"
|
|
||||||
initial_node_count = 1
|
|
||||||
|
|
||||||
enable_binary_authorization = %v
|
|
||||||
}
|
|
||||||
`, clusterName, enabled)
|
|
||||||
}
|
|
||||||
|
|
|
@ -136,13 +136,6 @@ output "cluster_ca_certificate" {
|
||||||
for master authorized networks. Omit the nested `cidr_blocks` attribute to disallow
|
for master authorized networks. Omit the nested `cidr_blocks` attribute to disallow
|
||||||
external access (except the cluster node IPs, which GKE automatically whitelists).
|
external access (except the cluster node IPs, which GKE automatically whitelists).
|
||||||
|
|
||||||
* `master_ipv4_cidr_block` - (Optional, Deprecated) Specifies a private
|
|
||||||
[RFC1918](https://tools.ietf.org/html/rfc1918) block for the master's VPC. The master range must not overlap with any subnet in your cluster's VPC.
|
|
||||||
The master and your cluster use VPC peering. Must be specified in CIDR notation and must be `/28` subnet.
|
|
||||||
This property is in beta, and should be used with the terraform-provider-google-beta provider.
|
|
||||||
See [Provider Versions](https://terraform.io/docs/providers/google/provider_versions.html) for more details on beta fields.
|
|
||||||
This field is deprecated, use `private_cluster_config.master_ipv4_cidr_block` instead.
|
|
||||||
|
|
||||||
* `min_master_version` - (Optional) The minimum version of the master. GKE
|
* `min_master_version` - (Optional) The minimum version of the master. GKE
|
||||||
will auto-update the master to new versions, so this does not guarantee the
|
will auto-update the master to new versions, so this does not guarantee the
|
||||||
current master version--use the read-only `master_version` field to obtain that.
|
current master version--use the read-only `master_version` field to obtain that.
|
||||||
|
@ -186,14 +179,6 @@ output "cluster_ca_certificate" {
|
||||||
This property is in beta, and should be used with the terraform-provider-google-beta provider.
|
This property is in beta, and should be used with the terraform-provider-google-beta provider.
|
||||||
See [Provider Versions](https://terraform.io/docs/providers/google/provider_versions.html) for more details on beta fields.
|
See [Provider Versions](https://terraform.io/docs/providers/google/provider_versions.html) for more details on beta fields.
|
||||||
|
|
||||||
* `private_cluster` - (Optional, Deprecated) If true, a
|
|
||||||
[private cluster](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters) will be created, meaning
|
|
||||||
nodes do not get public IP addresses. It is mandatory to specify `master_ipv4_cidr_block` and
|
|
||||||
`ip_allocation_policy` with this option.
|
|
||||||
This property is in beta, and should be used with the terraform-provider-google-beta provider.
|
|
||||||
See [Provider Versions](https://terraform.io/docs/providers/google/provider_versions.html) for more details on beta fields.
|
|
||||||
This field is deprecated, use `private_cluster_config.enable_private_nodes` instead.
|
|
||||||
|
|
||||||
* `project` - (Optional) The ID of the project in which the resource belongs. If it
|
* `project` - (Optional) The ID of the project in which the resource belongs. If it
|
||||||
is not provided, the provider project is used.
|
is not provided, the provider project is used.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user