diff --git a/blueprints/apigee/hybrid-gke/gke.tf b/blueprints/apigee/hybrid-gke/gke.tf
index 6ae38433a1..701384b941 100644
--- a/blueprints/apigee/hybrid-gke/gke.tf
+++ b/blueprints/apigee/hybrid-gke/gke.tf
@@ -20,12 +20,9 @@ module "cluster" {
name = "cluster"
location = var.region
vpc_config = {
- network = module.vpc.self_link
- subnetwork = module.vpc.subnet_self_links["${var.region}/subnet-apigee"]
- secondary_range_names = {
- pods = "pods"
- services = "services"
- }
+ network = module.vpc.self_link
+ subnetwork = module.vpc.subnet_self_links["${var.region}/subnet-apigee"]
+ secondary_range_names = {}
master_authorized_ranges = var.cluster_network_config.master_authorized_cidr_blocks
master_ipv4_cidr_block = var.cluster_network_config.master_cidr_block
}
@@ -79,4 +76,4 @@ module "apigee-runtime-nodepool" {
create = true
}
tags = ["node"]
-}
\ No newline at end of file
+}
diff --git a/blueprints/gke/autopilot/cluster.tf b/blueprints/gke/autopilot/cluster.tf
index ed6fa66122..a823a894ca 100644
--- a/blueprints/gke/autopilot/cluster.tf
+++ b/blueprints/gke/autopilot/cluster.tf
@@ -20,12 +20,9 @@ module "cluster" {
name = "cluster"
location = var.region
vpc_config = {
- network = module.vpc.self_link
- subnetwork = module.vpc.subnet_self_links["${var.region}/subnet-cluster"]
- secondary_range_names = {
- pods = "pods"
- services = "services"
- }
+ network = module.vpc.self_link
+ subnetwork = module.vpc.subnet_self_links["${var.region}/subnet-cluster"]
+ secondary_range_names = {}
master_authorized_ranges = var.cluster_network_config.master_authorized_cidr_blocks
master_ipv4_cidr_block = var.cluster_network_config.master_cidr_block
}
@@ -51,4 +48,4 @@ module "node_sa" {
source = "../../../modules/iam-service-account"
project_id = module.project.project_id
name = "sa-node"
-}
\ No newline at end of file
+}
diff --git a/fast/stages/3-gke-multitenant/dev/README.md b/fast/stages/3-gke-multitenant/dev/README.md
index 23572297ca..411c4bc410 100644
--- a/fast/stages/3-gke-multitenant/dev/README.md
+++ b/fast/stages/3-gke-multitenant/dev/README.md
@@ -167,7 +167,7 @@ Leave all these variables unset (or set to `null`) to disable fleet management.
| [host_project_ids](variables.tf#L174) | Host project for the shared VPC. | object({…}) | ✓ | | 2-networking |
| [prefix](variables.tf#L227) | Prefix used for resources that need unique names. | string | ✓ | | |
| [vpc_self_links](variables.tf#L243) | Self link for the shared VPC. | object({…}) | ✓ | | 2-networking |
-| [clusters](variables.tf#L42) | Clusters configuration. Refer to the gke-cluster module for type details. | map(object({…})) | | {} | |
+| [clusters](variables.tf#L42) | Clusters configuration. Refer to the gke-cluster module for type details. | map(object({…})) | | {} | |
| [fleet_configmanagement_clusters](variables.tf#L96) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | map(list(string)) | | {} | |
| [fleet_configmanagement_templates](variables.tf#L104) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | map(object({…})) | | {} | |
| [fleet_features](variables.tf#L139) | Enable and configure fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | object({…}) | | null | |
diff --git a/fast/stages/3-gke-multitenant/dev/variables.tf b/fast/stages/3-gke-multitenant/dev/variables.tf
index 11e32ed6ae..dffca0bf22 100644
--- a/fast/stages/3-gke-multitenant/dev/variables.tf
+++ b/fast/stages/3-gke-multitenant/dev/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -82,9 +82,9 @@ variable "clusters" {
services = string
}))
secondary_range_names = optional(object({
- pods = string
- services = string
- }), { pods = "pods", services = "services" })
+ pods = optional(string, "pods")
+ services = optional(string, "services")
+ }))
master_authorized_ranges = optional(map(string))
master_ipv4_cidr_block = optional(string)
})
diff --git a/modules/gke-cluster-autopilot/README.md b/modules/gke-cluster-autopilot/README.md
index a110e8f748..2c0083108f 100644
--- a/modules/gke-cluster-autopilot/README.md
+++ b/modules/gke-cluster-autopilot/README.md
@@ -64,7 +64,7 @@ module "cluster-1" {
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
- secondary_range_names = { pods = "pods", services = "services" }
+ secondary_range_names = {} # use default names "pods" and "services"
}
enable_features = {
dns = {
@@ -91,8 +91,9 @@ module "cluster-1" {
name = "cluster-1"
location = "europe-west1"
vpc_config = {
- network = var.vpc.self_link
- subnetwork = var.subnet.self_link
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ secondary_range_names = {} # use default names "pods" and "services"
}
logging_config = {
enable_api_server_logs = true
@@ -120,8 +121,9 @@ module "cluster-1" {
name = "cluster-1"
location = "europe-west1"
vpc_config = {
- network = var.vpc.self_link
- subnetwork = var.subnet.self_link
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ secondary_range_names = {} # use default names "pods" and "services"
}
monitoring_config = {
enable_api_server_metrics = true
@@ -155,7 +157,7 @@ module "cluster-1" {
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
- secondary_range_names = { pods = "pods", services = "services" }
+ secondary_range_names = {}
}
backup_configs = {
enable_backup_agent = true
@@ -177,7 +179,7 @@ module "cluster-1" {
| [location](variables.tf#L110) | Autopilot cluster are always regional. | string | ✓ | |
| [name](variables.tf#L170) | Cluster name. | string | ✓ | |
| [project_id](variables.tf#L196) | Cluster project id. | string | ✓ | |
-| [vpc_config](variables.tf#L225) | VPC-level configuration. | object({…}) | ✓ | |
+| [vpc_config](variables.tf#L225) | VPC-level configuration. | object({…}) | ✓ | |
| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | object({…}) | | {} |
| [description](variables.tf#L37) | Cluster description. | string | | null |
| [enable_addons](variables.tf#L43) | Addons enabled in the cluster (true means enabled). | object({…}) | | {…} |
diff --git a/modules/gke-cluster-autopilot/main.tf b/modules/gke-cluster-autopilot/main.tf
index 13317f469b..9af26acdf8 100644
--- a/modules/gke-cluster-autopilot/main.tf
+++ b/modules/gke-cluster-autopilot/main.tf
@@ -108,7 +108,7 @@ resource "google_container_cluster" "cluster" {
content {
cluster_ipv4_cidr_block = var.vpc_config.secondary_range_blocks.pods
services_ipv4_cidr_block = var.vpc_config.secondary_range_blocks.services
- stack_type = try(var.vpc_config.stack_type, null)
+ stack_type = var.vpc_config.stack_type
}
}
@@ -117,7 +117,7 @@ resource "google_container_cluster" "cluster" {
content {
cluster_secondary_range_name = var.vpc_config.secondary_range_names.pods
services_secondary_range_name = var.vpc_config.secondary_range_names.services
- stack_type = try(var.vpc_config.stack_type, null)
+ stack_type = var.vpc_config.stack_type
}
}
diff --git a/modules/gke-cluster-autopilot/variables.tf b/modules/gke-cluster-autopilot/variables.tf
index 3f623347d9..37c054e344 100644
--- a/modules/gke-cluster-autopilot/variables.tf
+++ b/modules/gke-cluster-autopilot/variables.tf
@@ -233,9 +233,9 @@ variable "vpc_config" {
services = string
}))
secondary_range_names = optional(object({
- pods = string
- services = string
- }), { pods = "pods", services = "services" })
+ pods = optional(string, "pods")
+ services = optional(string, "services")
+ }))
master_authorized_ranges = optional(map(string))
stack_type = optional(string)
})
diff --git a/modules/gke-cluster-standard/README.md b/modules/gke-cluster-standard/README.md
index e80a4e6d43..0dfd6636f3 100644
--- a/modules/gke-cluster-standard/README.md
+++ b/modules/gke-cluster-standard/README.md
@@ -45,12 +45,9 @@ module "cluster-1" {
name = "cluster-dataplane-v2"
location = "europe-west1-b"
vpc_config = {
- network = var.vpc.self_link
- subnetwork = var.subnet.self_link
- secondary_range_names = {
- pods = "pods"
- services = "services"
- }
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ secondary_range_names = {} # use default names "pods" and "services"
master_authorized_ranges = {
internal-vms = "10.0.0.0/8"
}
@@ -84,8 +81,9 @@ module "cluster-1" {
name = "cluster-1"
location = "europe-west1-b"
vpc_config = {
- network = var.vpc.self_link
- subnetwork = var.subnet.self_link
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ secondary_range_names = {}
}
logging_config = {
enable_workloads_logs = true
@@ -113,8 +111,9 @@ module "cluster-1" {
name = "cluster-1"
location = "europe-west1-b"
vpc_config = {
- network = var.vpc.self_link
- subnetwork = var.subnet.self_link
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ secondary_range_names = {}
}
logging_config = {
enable_system_logs = false
@@ -136,7 +135,7 @@ module "cluster-1" {
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
- secondary_range_names = { pods = "pods", services = "services" }
+ secondary_range_names = {}
}
enable_features = {
dns = {
@@ -162,7 +161,7 @@ module "cluster-1" {
vpc_config = {
network = var.vpc.self_link
subnetwork = var.subnet.self_link
- secondary_range_names = { pods = "pods", services = "services" }
+ secondary_range_names = {}
}
backup_configs = {
enable_backup_agent = true
@@ -176,6 +175,29 @@ module "cluster-1" {
}
# tftest modules=1 resources=2 inventory=backup.yaml
```
+
+### Automatic creation of new secondary ranges
+
+You can use `var.vpc_config.secondary_range_blocks` to let GKE create new secondary ranges for the cluster. The example below reserves an available /14 block for pods and a /20 for services.
+
+```hcl
+module "cluster-1" {
+ source = "./fabric/modules/gke-cluster-standard"
+ project_id = var.project_id
+ name = "cluster-1"
+ location = "europe-west1-b"
+ vpc_config = {
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ secondary_range_blocks = {
+ pods = ""
+ services = "/20" # can be an empty string as well
+ }
+ }
+}
+# tftest modules=1 resources=1
+```
+
## Variables
@@ -184,7 +206,7 @@ module "cluster-1" {
| [location](variables.tf#L138) | Cluster zone or region. | string | ✓ | |
| [name](variables.tf#L210) | Cluster name. | string | ✓ | |
| [project_id](variables.tf#L236) | Cluster project id. | string | ✓ | |
-| [vpc_config](variables.tf#L253) | VPC-level configuration. | object({…}) | ✓ | |
+| [vpc_config](variables.tf#L253) | VPC-level configuration. | object({…}) | ✓ | |
| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | object({…}) | | {} |
| [cluster_autoscaling](variables.tf#L37) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({…}) | | null |
| [description](variables.tf#L58) | Cluster description. | string | | null |
diff --git a/modules/gke-cluster-standard/main.tf b/modules/gke-cluster-standard/main.tf
index 8f0df84f78..57d5454f38 100644
--- a/modules/gke-cluster-standard/main.tf
+++ b/modules/gke-cluster-standard/main.tf
@@ -169,7 +169,7 @@ resource "google_container_cluster" "cluster" {
content {
cluster_ipv4_cidr_block = var.vpc_config.secondary_range_blocks.pods
services_ipv4_cidr_block = var.vpc_config.secondary_range_blocks.services
- stack_type = try(var.vpc_config.stack_type, null)
+ stack_type = var.vpc_config.stack_type
}
}
dynamic "ip_allocation_policy" {
@@ -177,7 +177,7 @@ resource "google_container_cluster" "cluster" {
content {
cluster_secondary_range_name = var.vpc_config.secondary_range_names.pods
services_secondary_range_name = var.vpc_config.secondary_range_names.services
- stack_type = try(var.vpc_config.stack_type, null)
+ stack_type = var.vpc_config.stack_type
}
}
diff --git a/modules/gke-cluster-standard/variables.tf b/modules/gke-cluster-standard/variables.tf
index b9c4a1136c..cc1cb63f17 100644
--- a/modules/gke-cluster-standard/variables.tf
+++ b/modules/gke-cluster-standard/variables.tf
@@ -261,9 +261,9 @@ variable "vpc_config" {
services = string
}))
secondary_range_names = optional(object({
- pods = string
- services = string
- }), { pods = "pods", services = "services" })
+ pods = optional(string, "pods")
+ services = optional(string, "services")
+ }))
master_authorized_ranges = optional(map(string))
stack_type = optional(string)
})