Specify CIDR block sizes for GKE cluster subnets

Signed-off-by: Modular Magician <[email protected]>
hashicorp · Feb 28, 2019 · 3e6c859 · 3e6c859
1 parent 77c086d
commit 3e6c859
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 7 deletions.
diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go
@@ -44,7 +44,7 @@ var (
 	}
 
 	ipAllocationSubnetFields    = []string{"ip_allocation_policy.0.create_subnetwork", "ip_allocation_policy.0.subnetwork_name"}
-	ipAllocationCidrBlockFields = []string{"ip_allocation_policy.0.cluster_ipv4_cidr_block", "ip_allocation_policy.0.services_ipv4_cidr_block"}
+	ipAllocationCidrBlockFields = []string{"ip_allocation_policy.0.cluster_ipv4_cidr_block", "ip_allocation_policy.0.services_ipv4_cidr_block", "ip_allocation_policy.0.node_ipv4_cidr_block"}
 	ipAllocationRangeFields     = []string{"ip_allocation_policy.0.cluster_secondary_range_name", "ip_allocation_policy.0.services_secondary_range_name"}
 )
 
@@ -487,13 +487,13 @@ func resourceContainerCluster() *schema.Resource {
 							Type:          schema.TypeBool,
 							Optional:      true,
 							ForceNew:      true,
-							ConflictsWith: append(ipAllocationCidrBlockFields, ipAllocationRangeFields...),
+							ConflictsWith: ipAllocationRangeFields,
 						},
 						"subnetwork_name": {
 							Type:          schema.TypeString,
 							Optional:      true,
 							ForceNew:      true,
-							ConflictsWith: append(ipAllocationCidrBlockFields, ipAllocationRangeFields...),
+							ConflictsWith: ipAllocationRangeFields,
 						},
 
 						// GKE creates/deletes secondary ranges in VPC
@@ -502,15 +502,22 @@ func resourceContainerCluster() *schema.Resource {
 							Optional:         true,
 							Computed:         true,
 							ForceNew:         true,
-							ConflictsWith:    append(ipAllocationSubnetFields, ipAllocationRangeFields...),
+							ConflictsWith:    ipAllocationRangeFields,
 							DiffSuppressFunc: cidrOrSizeDiffSuppress,
 						},
 						"services_ipv4_cidr_block": {
 							Type:             schema.TypeString,
 							Optional:         true,
 							Computed:         true,
 							ForceNew:         true,
-							ConflictsWith:    append(ipAllocationSubnetFields, ipAllocationRangeFields...),
+							ConflictsWith:    ipAllocationRangeFields,
+							DiffSuppressFunc: cidrOrSizeDiffSuppress,
+						},
+						"node_ipv4_cidr_block": {
+							Type:             schema.TypeString,
+							Optional:         true,
+							ForceNew:         true,
+							ConflictsWith:    ipAllocationRangeFields,
 							DiffSuppressFunc: cidrOrSizeDiffSuppress,
 						},
 
@@ -1485,6 +1492,7 @@ func expandIPAllocationPolicy(configured interface{}) *containerBeta.IPAllocatio
 
 		ClusterIpv4CidrBlock:  config["cluster_ipv4_cidr_block"].(string),
 		ServicesIpv4CidrBlock: config["services_ipv4_cidr_block"].(string),
+		NodeIpv4CidrBlock:     config["node_ipv4_cidr_block"].(string),
 
 		ClusterSecondaryRangeName:  config["cluster_secondary_range_name"].(string),
 		ServicesSecondaryRangeName: config["services_secondary_range_name"].(string),
@@ -1687,6 +1695,7 @@ func flattenIPAllocationPolicy(c *containerBeta.IPAllocationPolicy) []map[string
 
 			"cluster_ipv4_cidr_block":  c.ClusterIpv4CidrBlock,
 			"services_ipv4_cidr_block": c.ServicesIpv4CidrBlock,
+			"node_ipv4_cidr_block":     c.NodeIpv4CidrBlock,
 
 			"cluster_secondary_range_name":  c.ClusterSecondaryRangeName,
 			"services_secondary_range_name": c.ServicesSecondaryRangeName,

diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go
@@ -2229,6 +2229,7 @@ resource "google_container_cluster" "with_ip_allocation_policy" {
 	ip_allocation_policy {
 		cluster_ipv4_cidr_block  = "10.0.0.0/16"
 		services_ipv4_cidr_block = "10.1.0.0/16"
+        node_ipv4_cidr_block = "10.2.0.0/16"
 	}
 }`, cluster, cluster)
 }
@@ -2252,14 +2253,16 @@ resource "google_container_cluster" "with_ip_allocation_policy" {
 	zone = "us-central1-a"
 
 	network = "${google_compute_network.container_network.name}"
-	subnetwork = "${google_compute_subnetwork.container_subnetwork.name}"
+    create_subnetwork = true
+    subnetwork_name = "tf-test-%s"
 
 	initial_node_count = 1
 	ip_allocation_policy {
 		cluster_ipv4_cidr_block = "/16"
 		services_ipv4_cidr_block = "/22"
+        node_ipv4_cidr_block = "/22"
 	}
-}`, cluster, cluster)
+}`, cluster, cluster, cluster)
 }
 
 func testAccContainerCluster_withIPAllocationPolicy_createSubnetwork(cluster string) string {

diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown
@@ -366,6 +366,12 @@ The `ip_allocation_policy` block supports:
     from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to
     pick a specific range to use.
 
+* `node_ipv4_cidr_block` - (Optional) The IP address range of the node IPs in this cluster.
+    Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14)
+    to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14)
+    from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to
+    pick a specific range to use.
+
 * `services_ipv4_cidr_block` - (Optional) The IP address range of the services IPs in this cluster.
     Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14)
     to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14)