From d126fb224fd8d239325110200f185affc534dfed Mon Sep 17 00:00:00 2001 From: The Magician Date: Tue, 30 Mar 2021 10:15:09 -0700 Subject: [PATCH] GKE L4 ILB Subsetting support (#4626) (#8798) * mark field as updatable Co-authored-by: upodroid * add l4 subsetting support Co-authored-by: upodroid * fix beta guarding * fix change typo * add more beta guards Signed-off-by: Modular Magician --- .changelog/4626.txt | 3 ++ google/resource_container_cluster.go | 42 +++++++++++++++++++ google/resource_container_cluster_test.go | 3 +- .../docs/r/container_cluster.html.markdown | 6 +++ 4 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 .changelog/4626.txt diff --git a/.changelog/4626.txt b/.changelog/4626.txt new file mode 100644 index 00000000000..97c02c8e99e --- /dev/null +++ b/.changelog/4626.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +container: added `enable_l4_ilb_subsetting` (beta) and `private_ipv6_google_access` fields to `google_container_cluster` +``` diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go index 410aa8a1072..ebafab4d784 100644 --- a/google/resource_container_cluster.go +++ b/google/resource_container_cluster.go @@ -958,6 +958,12 @@ func resourceContainerCluster() *schema.Resource { Optional: true, Description: `Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.`, }, + "private_ipv6_google_access": { + Type: schema.TypeString, + Optional: true, + Description: `The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).`, + Computed: true, + }, "resource_usage_export_config": { Type: schema.TypeList, @@ -1115,6 +1121,7 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er EnableIntraNodeVisibility: d.Get("enable_intranode_visibility").(bool), DefaultSnatStatus: expandDefaultSnatStatus(d.Get("default_snat_status")), DatapathProvider: d.Get("datapath_provider").(string), + PrivateIpv6GoogleAccess: d.Get("private_ipv6_google_access").(string), }, MasterAuth: expandMasterAuth(d.Get("master_auth")), ResourceLabels: expandStringMap(d, "resource_labels"), @@ -1452,6 +1459,9 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro if err := d.Set("enable_intranode_visibility", cluster.NetworkConfig.EnableIntraNodeVisibility); err != nil { return fmt.Errorf("Error setting enable_intranode_visibility: %s", err) } + if err := d.Set("private_ipv6_google_access", cluster.NetworkConfig.PrivateIpv6GoogleAccess); err != nil { + return fmt.Errorf("Error setting private_ipv6_google_access: %s", err) + } if err := d.Set("authenticator_groups_config", flattenAuthenticatorGroupsConfig(cluster.AuthenticatorGroupsConfig)); err != nil { return err } @@ -1725,6 +1735,38 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er log.Printf("[INFO] GKE cluster %s Intra Node Visibility has been updated to %v", d.Id(), enabled) } + if d.HasChange("private_ipv6_google_access") { + req := &containerBeta.UpdateClusterRequest{ + Update: &containerBeta.ClusterUpdate{ + DesiredPrivateIpv6GoogleAccess: d.Get("private_ipv6_google_access").(string), + }, + } + updateF := func() error { + log.Println("[DEBUG] updating private_ipv6_google_access") + name := containerClusterFullName(project, location, clusterName) + clusterUpdateCall := config.NewContainerBetaClient(userAgent).Projects.Locations.Clusters.Update(name, req) + if config.UserProjectOverride { + clusterUpdateCall.Header().Add("X-Goog-User-Project", project) + } + op, err := clusterUpdateCall.Do() + if err != nil { + return err + } + + // Wait until it's updated + err = containerOperationWait(config, op, project, location, "updating GKE Private IPv6 Google Access", userAgent, d.Timeout(schema.TimeoutUpdate)) + log.Println("[DEBUG] done updating private_ipv6_google_access") + return err + } + + // Call update serially. + if err := lockedCall(lockKey, updateF); err != nil { + return err + } + + log.Printf("[INFO] GKE cluster %s Private IPv6 Google Access has been updated", d.Id()) + } + if d.HasChange("default_snat_status") { req := &containerBeta.UpdateClusterRequest{ Update: &containerBeta.ClusterUpdate{ diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go index a9ced5ebae4..1369b68ae3b 100644 --- a/google/resource_container_cluster_test.go +++ b/google/resource_container_cluster_test.go @@ -2272,7 +2272,7 @@ resource "google_container_cluster" "with_intranode_visibility" { name = "%s" location = "us-central1-a" initial_node_count = 1 - enable_intranode_visibility = true + enable_intranode_visibility = true } `, clusterName) } @@ -2284,6 +2284,7 @@ resource "google_container_cluster" "with_intranode_visibility" { location = "us-central1-a" initial_node_count = 1 enable_intranode_visibility = false + private_ipv6_google_access = "PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL" } `, clusterName) } diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown index 3b434f15cd3..dccfb0af164 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -301,6 +301,12 @@ subnetwork in which the cluster's instances are launched. * `enable_intranode_visibility` - (Optional) Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. +* `enable_l4_ilb_subsetting` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) + Whether L4ILB Subsetting is enabled for this cluster. + +* `private_ipv6_google_access` - (Optional) + The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4). + * `datapath_provider` - (Optional) The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.