GoogleCloudPlatform · c2thorn · Oct 5, 2021 · Oct 5, 2021 · Oct 5, 2021 · Oct 5, 2021
diff --git a/mmv1/third_party/terraform/resources/resource_composer_environment.go.erb b/mmv1/third_party/terraform/resources/resource_composer_environment.go.erb
@@ -209,6 +209,13 @@ func resourceComposerEnvironment() *schema.Resource {
 										ValidateFunc:     validation.IntBetween(8, 110),
 										Description:      `The maximum pods per node in the GKE cluster allocated during environment creation. Lowering this value reduces IP address consumption by the Cloud Composer Kubernetes cluster. This value can only be set during environment creation, and only if the environment is VPC-Native. The range of possible values is 8-110, and the default is 32.`,
 									},
+									"enable_ip_masq_agent": {
+										Type:             schema.TypeBool,
+										Computed:         true,
+										Optional:         true,
+										ForceNew:         true,
+										Description:      `Deploys 'ip-masq-agent' daemon set in the GKE cluster and defines nonMasqueradeCIDRs equals to pod IP range so IP masquerading is used for all destination addresses, except between pods traffic. See: https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent`,
+									},
 <% end -%>
 									"tags": {
 										Type:     schema.TypeSet,
@@ -1019,6 +1026,7 @@ func flattenComposerEnvironmentConfigNodeConfig(nodeCfg *composer.NodeConfig) in
 	transformed["oauth_scopes"] = flattenComposerEnvironmentConfigNodeConfigOauthScopes(nodeCfg.OauthScopes)
 <% unless version == "ga" -%>
 	transformed["max_pods_per_node"] = nodeCfg.MaxPodsPerNode
+	transformed["enable_ip_masq_agent"] = nodeCfg.EnableIpMasqAgent
 <% end -%>
 	transformed["tags"] = flattenComposerEnvironmentConfigNodeConfigTags(nodeCfg.Tags)
 	transformed["ip_allocation_policy"] = flattenComposerEnvironmentConfigNodeConfigIPAllocationPolicy(nodeCfg.IpAllocationPolicy)
@@ -1313,6 +1321,10 @@ func expandComposerEnvironmentConfigNodeConfig(v interface{}, d *schema.Resource
 	if transformedMaxPodsPerNode, ok := original["max_pods_per_node"]; ok {
 		transformed.MaxPodsPerNode = int64(transformedMaxPodsPerNode.(int))
 	}
+
+	if transformedEnableIpMasqAgent, ok := original["enable_ip_masq_agent"]; ok {
+		transformed.EnableIpMasqAgent = transformedEnableIpMasqAgent.(bool)
+	}
 <% end -%>
 
 	var nodeConfigZone string

diff --git a/mmv1/third_party/terraform/tests/resource_composer_environment_test.go.erb b/mmv1/third_party/terraform/tests/resource_composer_environment_test.go.erb
@@ -1011,16 +1011,17 @@ func testAccComposerEnvironment_nodeCfg(environment, network, subnetwork, servic
 	return fmt.Sprintf(`
 resource "google_composer_environment" "test" {
 	name   = "%s"
-	region = "us-central1"
+	region = "us-east1"  # later should be changed to us-central1, when ip_masq_agent feature is accessible globally
 	config {
 		node_config {
 			network    = google_compute_network.test.self_link
 			subnetwork = google_compute_subnetwork.test.self_link
-			zone       = "us-central1-a"
+			zone       = "us-east1-b"   # later should be changed to us-central1-a, when ip_masq_agent feature is accessible globally
 
 			service_account = google_service_account.test.name
 <% unless version == "ga" -%>
 			max_pods_per_node = 33
+			enable_ip_masq_agent = true
 <% end -%>
 			ip_allocation_policy {
 				use_ip_aliases          = true
@@ -1039,7 +1040,7 @@ resource "google_compute_network" "test" {
 resource "google_compute_subnetwork" "test" {
 	name          = "%s"
 	ip_cidr_range = "10.2.0.0/16"
-	region        = "us-central1"
+	region        = "us-east1"  # later should be changed to us-central1, when ip_masq_agent feature is accessible globally
 	network       = google_compute_network.test.self_link
 }
 

diff --git a/mmv1/third_party/terraform/website/docs/r/composer_environment.html.markdown b/mmv1/third_party/terraform/website/docs/r/composer_environment.html.markdown
@@ -259,6 +259,13 @@ The `node_config` block supports:
   The range of possible values is 8-110, and the default is 32.
   Cannot be updated.
 
+* `enable_ip_masq_agent` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  Deploys 'ip-masq-agent' daemon set in the GKE cluster and defines
+  nonMasqueradeCIDRs equals to pod IP range so IP masquerading is used for
+  all destination addresses, except between pods traffic.
+  See the [documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent).
+
 The `software_config` block supports:
 
 * `airflow_config_overrides` -