Adding private_cluster #1250
Adding private_cluster #1250
Conversation
There was a problem hiding this comment.
Thanks @lenartj, this looks great!
I ran the tests and they failed because of the interpolation typo I commented on. Fixing that led to a different bug I found. If you wouldn't mind just adding this:
if len(c.CidrBlocks) == 0 {
return nil
}
to the beginning of flattenMasterAuthorizedNetworksConfig that'll fix it.
Also, feel free to run the tests yourself- there are some instructions at https://github.com/terraform-providers/terraform-provider-google/blob/master/.github/CONTRIBUTING.md#tests. Let me know if you have any questions!
google/resource_container_cluster.go
Outdated
| Default: false, | ||
| }, | ||
|
|
||
| "master_ipv4_cidr": { |
There was a problem hiding this comment.
Let's actually call this master_ipv4_cider_block to be consistent with the cidr_blocks attribute from master_authorized_networks_config
There was a problem hiding this comment.
Sure, cider sounds good :-)
| private_cluster = true | ||
| master_ipv4_cidr = "10.42.0.0/28" | ||
| ip_allocation_policy { | ||
| cluster_secondary_range_name = "${google_compute_subnetwork.container_network.secondary_ip_range.0.range_name}" |
There was a problem hiding this comment.
think you meant container_subnetwork :)
(and the line below)
| network = "${google_compute_network.container_network.name}" | ||
| ip_cidr_range = "10.0.36.0/24" | ||
| region = "us-central1" | ||
|
|
There was a problem hiding this comment.
I ran the tests, and it looks like private_ip_google_access is getting enabled automatically on the subnetwork when the cluster is created in it. Mind just setting that to true from the beginning?
| ResourceName: "google_container_cluster.with_private_cluster", | ||
| ImportStateIdPrefix: "us-central1-a/", | ||
| ImportState: true, | ||
| ImportStateVerify: true, |
There was a problem hiding this comment.
The import tests won't actually work for this, because we don't have import support for beta attributes yet. You can just set ImportStateVerifyIgnore for the new fields.
|
|
Thanks for the comments @danawillow, fixed it up. Apologies for not running the tests, I had a really bad internet connection at sea ⛴ when I wrote this |
|
Thanks @lenartj, looks good! And lol good catch about the cider thing, thanks for not taking my suggestion too literally :) |
|
Resolved #1174 |
* Updated google.golang.org/api/container/v1beta1 * Added support for private_cluster and master_ipv4_cidr This is to implement hashicorp#1174. See https://groups.google.com/forum/#!topic/google-cloud-sdk-announce/GGW3SQSANIc * Added simple test for private_cluster and master_ipv4_cidr * Review replies * Added some documentation for private_cluster
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
ghost
locked and limited conversation to collaborators
This is to implement #1174, support for Private Clusters on Google Kubernetes Engine (Container Engine; GKE).
private_cluster(bool) andmaster_ipv4_cidr(cidr) under thegoogle_container _clusterI am not familiar with the codebase, please be patient :-)
@danawillow, can you look at this please?