min_master_version not sufficient

[pankajkumar229]

we need to pin Kubernetes version to a particular version. Otherwise we wont even realize and our yaml files become obsolete. Can we get to configure the exact kubernetes version?

IF there is something already that can be used, please point us to it. IT is a blocker for us. Please help.

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

New or Affected Resource(s)

• google_XXXXX

Potential Terraform Configuration

# Propose what you think the configuration to take advantage of this feature should look like.
# We may not use it verbatim, but it's helpful in understanding your intent.

References

• #0000

[slevenick]

Is this possible with the REST APIs as they exist today? If not, you may be better off filing a request against the API team via: https://cloud.google.com/support/docs/issue-trackers

I don't believe this is currently a supported functionality of the GKE API

[datacabinet]

Yes, I think it is possible via APIs . google cloud's terraform module supports specifying exact value.

[slevenick]

What do you mean by that? Can you show me an example?

[datacabinet]

Please see on this page the description for kubernetes_version : https://github.com/terraform-google-modules/terraform-google-kubernetes-engine

[slevenick]

Yeah, that module is using this provider. Which means it can only specify things that are available through this provider. I believe that is using min_master_version at some level

[datacabinet]

Is there anything that this provider provides that we can use if our module is using this provider? I don't think min_master_version can be used to implement kubernetes_version

[slevenick]

min_master_version is used to implement kubernetes_version in the module you linked.

See:
https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/master/main.tf#L43

and

https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/master/cluster.tf#L54

[pankajkumar229]

Hi sorry for the distraction with the other module. But it does have a REST equivalent where we can set Kuberntes version (please see version and initial_cluster_version):

POST https://container.googleapis.com/v1beta1/projects/datacabinet-backend/zones/us-central1-c/clusters
{
"cluster": {
"name": "cluster-1",
"masterAuth": {
"clientCertificateConfig": {}
},
"network": "projects/datacabinet-backend/global/networks/default",
"addonsConfig": {
"httpLoadBalancing": {},
"horizontalPodAutoscaling": {},
"kubernetesDashboard": {
"disabled": true
},
"dnsCacheConfig": {},
"gcePersistentDiskCsiDriverConfig": {
"enabled": true
}
},
"subnetwork": "projects/datacabinet-backend/regions/us-central1/subnetworks/default-9a4782a8b926377a",
"nodePools": [
{
"name": "default-pool",
"config": {
"machineType": "e2-medium",
"diskSizeGb": 100,
"oauthScopes": [
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
"https://www.googleapis.com/auth/servicecontrol",
"https://www.googleapis.com/auth/service.management.readonly",
"https://www.googleapis.com/auth/trace.append"
],
"metadata": {
"disable-legacy-endpoints": "true"
},
"imageType": "COS_CONTAINERD",
"diskType": "pd-standard",
"shieldedInstanceConfig": {
"enableIntegrityMonitoring": true
}
},
"initialNodeCount": 3,
"autoscaling": {},
"management": {
"autoUpgrade": true,
"autoRepair": true
},
"maxPodsConstraint": {
"maxPodsPerNode": "110"
},
"version": "1.19.14-gke.301",
"upgradeSettings": {
"maxSurge": 1
}
}
],
"locations": [
"us-central1-c"
],
"networkPolicy": {},
"ipAllocationPolicy": {
"useIpAliases": true
},
"masterAuthorizedNetworksConfig": {},
"autoscaling": {},
"networkConfig": {
"datapathProvider": "LEGACY_DATAPATH"
},
"defaultMaxPodsConstraint": {
"maxPodsPerNode": "110"
},
"authenticatorGroupsConfig": {},
"databaseEncryption": {
"state": "DECRYPTED"
},
"shieldedNodes": {
"enabled": true
},
"releaseChannel": {},
"notificationConfig": {
"pubsub": {}
},
"initialClusterVersion": "1.19.14-gke.301",
"location": "us-central1-c",
"loggingConfig": {
"componentConfig": {
"enableComponents": [
"SYSTEM_COMPONENTS",
"WORKLOADS"
]
}
},
"monitoringConfig": {
"componentConfig": {
"enableComponents": [
"SYSTEM_COMPONENTS"
]
}
}
}
}

[slevenick]

So version specifically belongs to a node pool rather than the cluster. It is documented here: https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters.nodePools and can be set via the google_container_node_pool resource as documented here: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool#version

Does this solve your issue?

[slevenick]

You can set the same value via the main cluster rather than specifying it on individual node pools via the node_version field, but I want to note this is not exactly what you are asking for in setting the Kubernetes version of the entire cluster. The version of the master can be somewhat specified via min_master_version, but I don't believe you can pin it

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#node_version

[slevenick]

Based on the discussion here and my previous comments I don't believe the requested behavior is possible in GKE. GKE does not allow specifying a specific version of Kubernetes to run in the cluster. It allows specifying this on a node pool level, which we currently support in the Terraform provider.

I'm closing this for now. If this behavior is possible in GKE you can comment here or make a new ticket explaining how this behavior is possible via either the REST API or gcloud command

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.