Skip to content
This repository has been archived by the owner on Mar 29, 2023. It is now read-only.

v0.8.0
Compare
Choose a tag to compare
@robmorgan robmorgan released this 21 Apr 02:47
· 11 commits to master since this release
v0.8.0
c174b3a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Modules affected

  • gke-cluster [BACKWARDS INCOMPATIBLE]

Description

This release fixes an issue (see #118) when creating GKE clusters using the gke-cluster module by using var.services_secondary_range_name instead of defaulting to var.cluster_secondary_range_name. It also adds additional options for the vpc-network module to each example in order to support backwards compatibility.

Background

Before March 3, 2021, GCP had no validation check for clusters using the same secondary range for Pods and Services on user-managed Secondary range assignment methods. This causes the cluster to be created with Pods and Services having the same IP address. If this happens, traffic destined to a Service will reach the Pod and the traffic will not work. Since then GCP has added a validation check during cluster creation that prevents this invalid configuration.

In order to prevent issues derived from clusters with Pods and Services having the same IP, you will need to delete your existing cluster if it was created with the same secondary range and recreate the cluster by using a different secondary range IPs for Pods and another different one for Services as soon as possible for your operation.

Migration Guide

With this update, you must set the following variables to their old values if you have already deployed a GKE cluster using one of the examples. Important: Failing to do this will recreate your existing GKE cluster!

  • var.public_subnetwork_secondary_range_name
  • var.public_services_secondary_range_name
  • var.vpc_secondary_cidr_block
  • var.public_services_secondary_cidr_block
  • var.private_services_secondary_cidr_block
  • var.secondary_cidr_subnetwork_spacing
  • var.secondary_cidr_subnetwork_width_delta

You can find the values for each of these variables by simply running terraform plan within the respective example's folder. Once you have the values they can be updated in a terraform.tfvars file before running terraform apply:

public_subnetwork_secondary_range_name = "public-cluster-old"
public_services_secondary_range_name   = "gke-example-private-cluster-services-39652167"
vpc_secondary_cidr_block               = "10.4.0.0/20"
public_services_secondary_cidr_block   = "10.114.208.0/20"
private_services_secondary_cidr_block  = "10.4.16.0/20"
secondary_cidr_subnetwork_spacing      = 4
secondary_cidr_subnetwork_width_delta  = 0

This new release will add additional secondary_ip_range resources and also modify the firewall rules.

Note: If these variables weren't specified in the past then GCP may have automatically assigned values.

Special thanks

Special thanks to @brianpham for their contributions!

Related links

Assets 2
Loading