Confusing upgrade instructions regarding container_cluster.ip_allocation_policy.use_ip_aliases

[eyalzek]

As per the upgrade instructions to v3.0.0 (https://www.terraform.io/docs/providers/google/guides/version_3_upgrade.html) I see conflicting information. First it says that the field ip_allocation_policy.use_ip_aliases is deprecated (https://www.terraform.io/docs/providers/google/guides/version_3_upgrade.html#detailed-changes-) and indeed I see the deprecation message already in earlier versions of the provider:

Warning: "ip_allocation_policy.0.use_ip_aliases": [DEPRECATED] This field is being removed in 3.0.0. If set to true, remove it from your config. If false, remove i.

then later in the same documentation (and also in the example), I see that this field is still set and is required (https://www.terraform.io/docs/providers/google/guides/version_3_upgrade.html#use_ip_aliases-is-now-required-on-block-google_container_cluster-ip_allocation_policy):

use_ip_aliases is now required on block google_container_cluster.ip_allocation_policy
Previously the default value of use_ip_aliases was true. In an attempt to avoid allowing empty blocks in config files, use_ip_aliases is now required on the ip_allocation_policy block.

Which one is true?

Moreover, since ip_allocation_policy.create_subnetwork is also deprecated, it means that my previous ip_allocation_policy block is now entirely deprecated:

ip_allocation_policy {
    create_subnetwork = true
    use_ip_aliases    = true
}

since according to the docs, creating VPC native GKE clusters is now dependent on the ip_allocation_policy block itself to exist, what is the way to go? should I leave an empty block in the configuration (this all depends on use_ip_aliases actually being deprecated....) ?

[megan07]

Hi @eyalzek! Thank you for opening this issue. I'm very sorry for the confusion. google_container_cluster.ip_allocation_policy.use_ip_aliases is indeed removed, I will update the upgrade guide accordingly. Thank you!

[eyalzek]

@megan07 just to be clear, with the latest version I would have to have an empty ip_allocation_policy block in order to create a vpc native cluster?

[megan07]

@eyalzek, sorry! I meant to respond to your question too and forgot. Yes, you are correct, you would leave the block empty. Thank you!

[dylanpiergies]

This breaks private clusters. Given the following:

resource "google_container_cluster" "cluster" {
  name = "rekindle"
  location = var.gcp_region
  provider = google-beta
  network = data.google_compute_network.default.name

  min_master_version = var.gke_version

  private_cluster_config {
    enable_private_endpoint = false
    enable_private_nodes = true
    master_ipv4_cidr_block = "172.16.0.0/28"
  }

//  ip_allocation_policy {
//    use_ip_aliases = true
//  }

  # We can't create a cluster with no node pool defined, but we want to only use
  # separately managed node pools. So we create the smallest possible default
  # node pool and immediately delete it.
  remove_default_node_pool = true
  initial_node_count = 1

  addons_config {
    istio_config {
      disabled = false
    }
  }
}

We get:

google_container_cluster.cluster: Creating...

Error: googleapi: Error 400: Alias IP addresses are required for private cluster, please make sure you enable alias IPs when creating a cluster., badRequest

  on gke-cluster.tf line 1, in resource "google_container_cluster" "cluster":
   1: resource "google_container_cluster" "cluster" {

But if we uncomment:

  ip_allocation_policy {
    use_ip_aliases = true
  }

then we get:

Error: "ip_allocation_policy.0.use_ip_aliases": [REMOVED] This field is removed as of 3.0.0. If previously set to true, remove it from your config. If false, remove it.

  on gke-cluster.tf line 1, in resource "google_container_cluster" "cluster":
   1: resource "google_container_cluster" "cluster" {

and still the same if (true) remove() else remove() thing going on in the error message.

[eyalzek]

@dylanpiergies did you try ip_allocation_policy {} ?

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!