Skip to content

Commit

Permalink
Support for GKE intranode visibility
Browse files Browse the repository at this point in the history
Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
chrisst authored and modular-magician committed Jun 3, 2019
1 parent 3199d14 commit 6e55859
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 24 deletions.
63 changes: 40 additions & 23 deletions google/resource_container_cluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,7 @@ func resourceContainerCluster() *schema.Resource {
},
},
},
},
},
},
},

Expand Down Expand Up @@ -256,9 +256,10 @@ func resourceContainerCluster() *schema.Resource {

"enable_binary_authorization": {
Removed: "This field is in beta. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
Computed: true,
Computed: true,
Type: schema.TypeBool,
Optional: true,

},

"enable_kubernetes_alpha": {
Expand Down Expand Up @@ -452,10 +453,10 @@ func resourceContainerCluster() *schema.Resource {

"pod_security_policy_config": {
// Remove return nil from expand when this is removed for good.
Removed: "This field is in beta. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Removed: "This field is in beta. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"enabled": {
Expand Down Expand Up @@ -521,7 +522,7 @@ func resourceContainerCluster() *schema.Resource {
ConflictsWith: ipAllocationRangeFields,
},

"subnetwork_name": {
"subnetwork_name": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Expand All @@ -546,11 +547,11 @@ func resourceContainerCluster() *schema.Resource {
DiffSuppressFunc: cidrOrSizeDiffSuppress,
},
"node_ipv4_cidr_block": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
ConflictsWith: ipAllocationRangeFields,
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
ConflictsWith: ipAllocationRangeFields,
DiffSuppressFunc: cidrOrSizeDiffSuppress,
},

Expand Down Expand Up @@ -587,15 +588,15 @@ func resourceContainerCluster() *schema.Resource {
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"enable_private_endpoint": {
Type: schema.TypeBool,
Optional: true,
ForceNew: true,
Type: schema.TypeBool,
Optional: true,
ForceNew: true,
DiffSuppressFunc: containerClusterPrivateClusterConfigSuppress,
},
"enable_private_nodes": {
Type: schema.TypeBool,
Optional: true,
ForceNew: true,
Type: schema.TypeBool,
Optional: true,
ForceNew: true,
DiffSuppressFunc: containerClusterPrivateClusterConfigSuppress,
},
"master_ipv4_cidr_block": {
Expand All @@ -621,6 +622,10 @@ func resourceContainerCluster() *schema.Resource {
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
},


"enable_intranode_visibility": {
"This field is in beta. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.",
},
}
}
Expand Down Expand Up @@ -697,10 +702,11 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
EnableKubernetesAlpha: d.Get("enable_kubernetes_alpha").(bool),
IpAllocationPolicy: expandIPAllocationPolicy(d.Get("ip_allocation_policy")),
PodSecurityPolicyConfig: expandPodSecurityPolicyConfig(d.Get("pod_security_policy_config")),
MasterAuth: expandMasterAuth(d.Get("master_auth")),
ResourceLabels: expandStringMap(d, "resource_labels"),
MasterAuth: expandMasterAuth(d.Get("master_auth")),
ResourceLabels: expandStringMap(d, "resource_labels"),
}


// Only allow setting node_version on create if it's set to the equivalent master version,
// since `InitialClusterVersion` only accepts valid master-style versions.
if v, ok := d.GetOk("node_version"); ok {
Expand Down Expand Up @@ -782,6 +788,7 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
cluster.PrivateClusterConfig = expandPrivateClusterConfig(v)
}


req := &containerBeta.CreateClusterRequest{
Cluster: cluster,
}
Expand Down Expand Up @@ -809,7 +816,7 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
_, getErr := config.clientContainerBeta.Projects.Locations.Clusters.Get(containerClusterFullName(project, location, clusterName)).Do()
if getErr != nil {
// Make errcheck happy
log.Printf("[WARN] Cluster %s was created in an error state and not found", clusterName)
log.Printf("[WARN] Cluster %s was created in an error state and not found", clusterName)
}

if deleteErr := cleanFailedContainerCluster(d, meta); deleteErr != nil {
Expand Down Expand Up @@ -943,6 +950,7 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
return err
}


d.Set("resource_labels", cluster.ResourceLabels)
return nil
}
Expand Down Expand Up @@ -1406,6 +1414,7 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
d.SetPartial("master_auth")
}


if d.HasChange("resource_labels") {
resourceLabels := d.Get("resource_labels").(map[string]interface{})
req := &containerBeta.SetLabelsRequest{
Expand Down Expand Up @@ -1610,6 +1619,7 @@ func expandClusterAddonsConfig(configured interface{}) *containerBeta.AddonsConf
}
}


return ac
}

Expand All @@ -1629,11 +1639,11 @@ func expandIPAllocationPolicy(configured interface{}) *containerBeta.IPAllocatio

ClusterIpv4CidrBlock: config["cluster_ipv4_cidr_block"].(string),
ServicesIpv4CidrBlock: config["services_ipv4_cidr_block"].(string),
NodeIpv4CidrBlock: config["node_ipv4_cidr_block"].(string),
NodeIpv4CidrBlock: config["node_ipv4_cidr_block"].(string),

ClusterSecondaryRangeName: config["cluster_secondary_range_name"].(string),
ServicesSecondaryRangeName: config["services_secondary_range_name"].(string),
ForceSendFields: []string{"UseIpAliases"},
ForceSendFields: []string{"UseIpAliases"},
}
}

Expand All @@ -1655,6 +1665,7 @@ func expandMaintenancePolicy(configured interface{}) *containerBeta.MaintenanceP
}
}


func expandMasterAuth(configured interface{}) *containerBeta.MasterAuth {
l := configured.([]interface{})
if len(l) == 0 || l[0] == nil {
Expand Down Expand Up @@ -1734,12 +1745,14 @@ func expandPrivateClusterConfig(configured interface{}) *containerBeta.PrivateCl
}
}


func expandPodSecurityPolicyConfig(configured interface{}) *containerBeta.PodSecurityPolicyConfig {
// Removing lists is hard - the element count (#) will have a diff from nil -> computed
// If we set this to empty on Read, it will be stable.
return nil
}


func flattenNetworkPolicy(c *containerBeta.NetworkPolicy) []map[string]interface{} {
result := []map[string]interface{}{}
if c != nil {
Expand Down Expand Up @@ -1823,6 +1836,7 @@ func flattenPrivateClusterConfig(c *containerBeta.PrivateClusterConfig) []map[st
}
}


func flattenIPAllocationPolicy(c *containerBeta.Cluster, d *schema.ResourceData, config *Config) []map[string]interface{} {
if c == nil || c.IpAllocationPolicy == nil {
return nil
Expand Down Expand Up @@ -1901,6 +1915,7 @@ func flattenMasterAuth(ma *containerBeta.MasterAuth) []map[string]interface{} {
return masterAuth
}


func flattenMasterAuthorizedNetworksConfig(c *containerBeta.MasterAuthorizedNetworksConfig) []map[string]interface{} {
if c == nil {
return nil
Expand All @@ -1919,6 +1934,8 @@ func flattenMasterAuthorizedNetworksConfig(c *containerBeta.MasterAuthorizedNetw
return []map[string]interface{}{result}
}



func resourceContainerClusterStateImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
config := meta.(*Config)

Expand Down
6 changes: 5 additions & 1 deletion website/docs/r/container_cluster.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -283,9 +283,13 @@ to the datasource. A `region` can have a different set of supported versions tha
* `subnetwork` - (Optional) The name or self_link of the Google Compute Engine subnetwork in
which the cluster's instances are launched.

* `vertical_pod_autoscaling` - Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.
* `vertical_pod_autoscaling` - (Optional, [Beta](https://terraform.io/docs/providers/google/provider_versions.html))
Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.
Structure is documented below.

* `enable_intranode_visibility` - (Optional, [Beta](https://terraform.io/docs/providers/google/provider_versions.html))
Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.

The `addons_config` block supports:

* `horizontal_pod_autoscaling` - (Optional) The status of the Horizontal Pod Autoscaling
Expand Down

0 comments on commit 6e55859

Please sign in to comment.