diff --git a/.changelog/5277.txt b/.changelog/5277.txt new file mode 100644 index 0000000000..961d72055f --- /dev/null +++ b/.changelog/5277.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +composer: added field `enable_ip_masq_agent` to resource `google_composer_environment` (beta) +``` diff --git a/google-beta/resource_composer_environment.go b/google-beta/resource_composer_environment.go index 3cee7df174..b3d825a594 100644 --- a/google-beta/resource_composer_environment.go +++ b/google-beta/resource_composer_environment.go @@ -203,6 +203,13 @@ func resourceComposerEnvironment() *schema.Resource { ValidateFunc: validation.IntBetween(8, 110), Description: `The maximum pods per node in the GKE cluster allocated during environment creation. Lowering this value reduces IP address consumption by the Cloud Composer Kubernetes cluster. This value can only be set during environment creation, and only if the environment is VPC-Native. The range of possible values is 8-110, and the default is 32.`, }, + "enable_ip_masq_agent": { + Type: schema.TypeBool, + Computed: true, + Optional: true, + ForceNew: true, + Description: `Deploys 'ip-masq-agent' daemon set in the GKE cluster and defines nonMasqueradeCIDRs equals to pod IP range so IP masquerading is used for all destination addresses, except between pods traffic. See: https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent`, + }, "tags": { Type: schema.TypeSet, Optional: true, @@ -995,6 +1002,7 @@ func flattenComposerEnvironmentConfigNodeConfig(nodeCfg *composer.NodeConfig) in transformed["service_account"] = nodeCfg.ServiceAccount transformed["oauth_scopes"] = flattenComposerEnvironmentConfigNodeConfigOauthScopes(nodeCfg.OauthScopes) transformed["max_pods_per_node"] = nodeCfg.MaxPodsPerNode + transformed["enable_ip_masq_agent"] = nodeCfg.EnableIpMasqAgent transformed["tags"] = flattenComposerEnvironmentConfigNodeConfigTags(nodeCfg.Tags) transformed["ip_allocation_policy"] = flattenComposerEnvironmentConfigNodeConfigIPAllocationPolicy(nodeCfg.IpAllocationPolicy) return []interface{}{transformed} @@ -1273,6 +1281,10 @@ func expandComposerEnvironmentConfigNodeConfig(v interface{}, d *schema.Resource transformed.MaxPodsPerNode = int64(transformedMaxPodsPerNode.(int)) } + if transformedEnableIpMasqAgent, ok := original["enable_ip_masq_agent"]; ok { + transformed.EnableIpMasqAgent = transformedEnableIpMasqAgent.(bool) + } + var nodeConfigZone string if v, ok := original["zone"]; ok { transformedZone, err := expandComposerEnvironmentZone(v, d, config) diff --git a/google-beta/resource_composer_environment_test.go b/google-beta/resource_composer_environment_test.go index f370095903..347d029314 100644 --- a/google-beta/resource_composer_environment_test.go +++ b/google-beta/resource_composer_environment_test.go @@ -997,15 +997,16 @@ func testAccComposerEnvironment_nodeCfg(environment, network, subnetwork, servic return fmt.Sprintf(` resource "google_composer_environment" "test" { name = "%s" - region = "us-central1" + region = "us-east1" # later should be changed to us-central1, when ip_masq_agent feature is accessible globally config { node_config { network = google_compute_network.test.self_link subnetwork = google_compute_subnetwork.test.self_link - zone = "us-central1-a" + zone = "us-east1-b" # later should be changed to us-central1-a, when ip_masq_agent feature is accessible globally service_account = google_service_account.test.name max_pods_per_node = 33 + enable_ip_masq_agent = true ip_allocation_policy { use_ip_aliases = true cluster_ipv4_cidr_block = "10.0.0.0/16" @@ -1023,7 +1024,7 @@ resource "google_compute_network" "test" { resource "google_compute_subnetwork" "test" { name = "%s" ip_cidr_range = "10.2.0.0/16" - region = "us-central1" + region = "us-east1" # later should be changed to us-central1, when ip_masq_agent feature is accessible globally network = google_compute_network.test.self_link } diff --git a/google-beta/resource_gke_hub_feature_membership_test.go b/google-beta/resource_gke_hub_feature_membership_test.go index 32fa84c196..9e1f2ea64d 100644 --- a/google-beta/resource_gke_hub_feature_membership_test.go +++ b/google-beta/resource_gke_hub_feature_membership_test.go @@ -5,7 +5,7 @@ import ( "fmt" "testing" - dcl "github.com/GoogleCloudPlatform/declarative-resource-client-library/dcl" + "github.com/GoogleCloudPlatform/declarative-resource-client-library/dcl" gkehub "github.com/GoogleCloudPlatform/declarative-resource-client-library/services/google/gkehub/beta" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" diff --git a/website/docs/r/composer_environment.html.markdown b/website/docs/r/composer_environment.html.markdown index 2723a548d3..32798b772c 100644 --- a/website/docs/r/composer_environment.html.markdown +++ b/website/docs/r/composer_environment.html.markdown @@ -259,6 +259,13 @@ The `node_config` block supports: The range of possible values is 8-110, and the default is 32. Cannot be updated. +* `enable_ip_masq_agent` - + (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) + Deploys 'ip-masq-agent' daemon set in the GKE cluster and defines + nonMasqueradeCIDRs equals to pod IP range so IP masquerading is used for + all destination addresses, except between pods traffic. + See the [documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent). + The `software_config` block supports: * `airflow_config_overrides` -