add support for ip aliasing in google_container_cluster
#654
Conversation
|
I can run the full acceptance suite later tonight, but for now: |
google/resource_container_cluster.go
Outdated
| Type: schema.TypeBool, | ||
| Optional: true, | ||
| Computed: true, | ||
| Default: nil, |
There was a problem hiding this comment.
Whoa, I'm surprised Terraform lets you set the default for a boolean type to nil. If you're looking for a false default, you don't really need to have one explicitly set.
google/resource_container_cluster.go
Outdated
| ForceNew: true, | ||
| DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool { | ||
| if new == "" { | ||
| return true |
There was a problem hiding this comment.
Why suppress the diff if new is empty?
google/resource_container_cluster.go
Outdated
| if new == "" { | ||
| return true | ||
| } | ||
| return ipCidrRangeDiffSuppress(k, old, new, d) |
There was a problem hiding this comment.
Isn't this field the name, not the range itself?
google/resource_container_cluster.go
Outdated
| return err | ||
| } | ||
|
|
||
| region := getRegionFromZone(zoneName) |
There was a problem hiding this comment.
I'm not sure we actually need these checks inside of Terraform. If I get rid of them I get this error from the API: Google Compute Engine: services secondary range "pods" not found in subnet "container-net-asdfafw" which serves the same purpose
There was a problem hiding this comment.
Sounds good to me.
google/resource_container_cluster.go
Outdated
| "services_secondary_range_name": c.ServicesSecondaryRangeName, | ||
| } | ||
|
|
||
| //if c.UseIpAliases { |
| } | ||
|
|
||
| resource "google_compute_subnetwork" "container_subnetwork" { | ||
| name = "${google_compute_network.container_network.name}" |
There was a problem hiding this comment.
can you fix the indentation here?
| }`, rangeName, cidr)) | ||
| } | ||
|
|
||
| var ipAllocationPolicy bytes.Buffer |
There was a problem hiding this comment.
I'm fine leaving this as is, but a potential alternative would be just passing in the configuration block as a string that looked like:
ip_allocation_policy {
use_ip_aliases = "true"
cluster_secondary_range_name = "pods"
services_secondary_range_name = "services"
}
google/resource_container_cluster.go
Outdated
| "ip_allocation_policy": { | ||
| Type: schema.TypeList, | ||
| Optional: true, | ||
| Computed: true, |
There was a problem hiding this comment.
Any reason why this is (and the others are) computed?
davidquarles
force-pushed
the
enable-ip-alias
branch
from
78fb4ac
to
d6cffe2
Compare
|
@danawillow My apologies for the shoddy / incomplete initial PR. I was a bit sleep-deprived that week; all of your comments were right on. I made all the changes you asked for, and I removed |
| @@ -184,6 +186,18 @@ maintenance_policy { | |||
| } | |||
| ``` | |||
|
|
|||
| The `ip_allocation_policy` block supports: | |||
|
|
|||
| * `cluster_secondary_range_name` - (Optional) The name of the secondary range to be | |||
There was a problem hiding this comment.
The last sentence of this (and the next) are no longer applicable.
| } | ||
|
|
||
| resource "google_container_cluster" "with_ip_allocation_policy" { | ||
| name = "with-ip-allocation-policy" |
There was a problem hiding this comment.
Can you give this a name with some randomness? We usually do that so if the test fails and the resource is lingering, we can still run the test before cleaning it up again.
google/resource_container_cluster.go
Outdated
| "ip_allocation_policy": { | ||
| Type: schema.TypeList, | ||
| Optional: true, | ||
| MaxItems: 1, |
There was a problem hiding this comment.
Not sure it really makes a difference, but let's make this ForceNew as well
google/resource_container_cluster.go
Outdated
| @@ -589,6 +609,10 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro | |||
| } | |||
| d.Set("node_pool", nps) | |||
|
|
|||
| if cluster.IpAllocationPolicy != nil && cluster.IpAllocationPolicy.UseIpAliases { | |||
There was a problem hiding this comment.
Actually I think we should set it no matter what (and this might be a bug elsewhere in the file). If I create a cluster with IP Aliasing, then remove IP Aliasing outside of Terraform, I would want my state to get updated. It's sort of a moot point since IPAllocationPolicy doesn't support update right now, but this will help future-proof it.
Here's what I think flattenIPAllocationPolicy should look like:
func flattenIPAllocationPolicy(c *container.IPAllocationPolicy) []map[string]interface{} {
result := []map[string]interface{}{}
if c != nil && c.UseIpAliases {
result = append(result, map[string]interface{}{
"cluster_secondary_range_name": c.ClusterSecondaryRangeName,
"services_secondary_range_name": c.ServicesSecondaryRangeName,
})
}
return result
}
and then the call to set it would be:
if err := d.Set("ip_allocation_policy", flattenIPAllocationPolicy(cluster.IpAllocationPolicy)); err != nil {
return err
}
There was a problem hiding this comment.
You still need to do the nil check, otherwise the code will panic when trying to access the struct's fields (you can prove it by running TestAccContainerCluster_basic)
There was a problem hiding this comment.
I just realized this comment slipped through the cracks and fixed it.
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./google -v -run=TestAccContainerCluster_basic -timeout 120m
=== RUN TestAccContainerCluster_basic
--- PASS: TestAccContainerCluster_basic (356.83s)
PASS
ok github.com/terraform-providers/terraform-provider-google/google 356.853s
| @@ -925,6 +949,30 @@ func expandClusterAddonsConfig(configured interface{}) *container.AddonsConfig { | |||
| return ac | |||
| } | |||
|
|
|||
| func expandIPAllocationPolicy(configured interface{}) (*container.IPAllocationPolicy, error) { | |||
There was a problem hiding this comment.
I think you accidentally got rid of the call to this function
There was a problem hiding this comment.
Yikes, yeah... Fixed!
| }, | ||
| ), | ||
| Check: resource.ComposeTestCheckFunc( | ||
| testAccCheckContainerCluster( |
There was a problem hiding this comment.
Can you add checks for ip_allocation_policy into testAccCheckContainerCluster? I also wouldn't mind seeing some resource.TestCheckResourceAttrs but I won't block on those
There was a problem hiding this comment.
$ make testacc TEST=./google TESTARGS='-run=TestAccContainerCluster_withIPAllocationPolicy'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./google -v -run=TestAccContainerCluster_withIPAllocationPolicy -timeout 120m
=== RUN TestAccContainerCluster_withIPAllocationPolicy
--- PASS: TestAccContainerCluster_withIPAllocationPolicy (914.36s)
PASS
ok github.com/terraform-providers/terraform-provider-google/google 914.391s
google/resource_container_cluster.go
Outdated
| "ip_allocation_policy": { | ||
| Type: schema.TypeList, | ||
| Optional: true, | ||
| MaxItems: 1, |
google/resource_container_cluster.go
Outdated
| @@ -589,6 +609,10 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro | |||
| } | |||
| d.Set("node_pool", nps) | |||
|
|
|||
| if cluster.IpAllocationPolicy != nil && cluster.IpAllocationPolicy.UseIpAliases { | |||
| @@ -925,6 +949,30 @@ func expandClusterAddonsConfig(configured interface{}) *container.AddonsConfig { | |||
| return ac | |||
| } | |||
|
|
|||
| func expandIPAllocationPolicy(configured interface{}) (*container.IPAllocationPolicy, error) { | |||
There was a problem hiding this comment.
Yikes, yeah... Fixed!
| @@ -184,6 +186,18 @@ maintenance_policy { | |||
| } | |||
| ``` | |||
|
|
|||
| The `ip_allocation_policy` block supports: | |||
|
|
|||
| * `cluster_secondary_range_name` - (Optional) The name of the secondary range to be | |||
davidquarles
force-pushed
the
enable-ip-alias
branch
from
d05e74b
to
a210966
Compare
|
Thanks @davidquarles! |
…end-service-changelog Add region_backend_service to CHANGELOG
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
ghost
locked and limited conversation to collaborators
Fixes #618.
Note that there are two mutually exclusive paths for GKE clusters with IP aliasing enabled:
I chose to implement only (1), for now, because:
ConflictsWithhalfway solves the problem, but AFAIK there's no good abstraction on the other side for dependencies/requirements, making it difficult to implement both strategies and detect failures at plan-time. There are cases where I wasn't able to do so even with the single strategy.