-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add support for ip aliasing in google_container_cluster
#654
Changes from all commits
9cc4636
0ecb973
8825913
a210966
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -595,6 +595,64 @@ func TestAccContainerCluster_withMaintenanceWindow(t *testing.T) { | |
}) | ||
} | ||
|
||
func TestAccContainerCluster_withIPAllocationPolicy(t *testing.T) { | ||
t.Parallel() | ||
|
||
cluster := fmt.Sprintf("cluster-test-%s", acctest.RandString(10)) | ||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
Providers: testAccProviders, | ||
CheckDestroy: testAccCheckContainerClusterDestroy, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccContainerCluster_withIPAllocationPolicy( | ||
cluster, | ||
map[string]string{ | ||
"pods": "10.1.0.0/16", | ||
"services": "10.2.0.0/20", | ||
}, | ||
map[string]string{ | ||
"cluster_secondary_range_name": "pods", | ||
"services_secondary_range_name": "services", | ||
}, | ||
), | ||
Check: resource.ComposeTestCheckFunc( | ||
testAccCheckContainerCluster( | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can you add checks for There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done and done |
||
"google_container_cluster.with_ip_allocation_policy"), | ||
resource.TestCheckResourceAttr("google_container_cluster.with_ip_allocation_policy", | ||
"ip_allocation_policy.0.cluster_secondary_range_name", "pods"), | ||
resource.TestCheckResourceAttr("google_container_cluster.with_ip_allocation_policy", | ||
"ip_allocation_policy.0.services_secondary_range_name", "services"), | ||
), | ||
}, | ||
{ | ||
Config: testAccContainerCluster_withIPAllocationPolicy( | ||
cluster, | ||
map[string]string{ | ||
"pods": "10.1.0.0/16", | ||
"services": "10.2.0.0/20", | ||
}, | ||
map[string]string{}, | ||
), | ||
ExpectError: regexp.MustCompile("clusters using IP aliases must specify secondary ranges"), | ||
}, | ||
{ | ||
Config: testAccContainerCluster_withIPAllocationPolicy( | ||
cluster, | ||
map[string]string{ | ||
"pods": "10.1.0.0/16", | ||
}, | ||
map[string]string{ | ||
"cluster_secondary_range_name": "pods", | ||
"services_secondary_range_name": "services", | ||
}, | ||
), | ||
ExpectError: regexp.MustCompile("services secondary range \"pods\" not found in subnet"), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testAccCheckContainerClusterDestroy(s *terraform.State) error { | ||
config := testAccProvider.Meta().(*Config) | ||
|
||
|
@@ -709,6 +767,11 @@ func testAccCheckContainerCluster(n string) resource.TestCheckFunc { | |
clusterTests = append(clusterTests, clusterTestField{"maintenance_policy.0.daily_maintenance_window.0.duration", cluster.MaintenancePolicy.Window.DailyMaintenanceWindow.Duration}) | ||
} | ||
|
||
if cluster.IpAllocationPolicy != nil && cluster.IpAllocationPolicy.UseIpAliases { | ||
clusterTests = append(clusterTests, clusterTestField{"ip_allocation_policy.0.cluster_secondary_range_name", cluster.IpAllocationPolicy.ClusterSecondaryRangeName}) | ||
clusterTests = append(clusterTests, clusterTestField{"ip_allocation_policy.0.services_secondary_range_name", cluster.IpAllocationPolicy.ServicesSecondaryRangeName}) | ||
} | ||
|
||
for i, np := range cluster.NodePools { | ||
prefix := fmt.Sprintf("node_pool.%d.", i) | ||
clusterTests = append(clusterTests, clusterTestField{prefix + "name", np.Name}) | ||
|
@@ -1472,11 +1535,57 @@ resource "google_container_cluster" "with_maintenance_window" { | |
name = "cluster-test-%s" | ||
zone = "us-central1-a" | ||
initial_node_count = 1 | ||
|
||
maintenance_policy { | ||
daily_maintenance_window { | ||
start_time = "%s" | ||
} | ||
} | ||
}`, acctest.RandString(10), startTime) | ||
} | ||
|
||
func testAccContainerCluster_withIPAllocationPolicy(cluster string, ranges, policy map[string]string) string { | ||
|
||
var secondaryRanges bytes.Buffer | ||
for rangeName, cidr := range ranges { | ||
secondaryRanges.WriteString(fmt.Sprintf(` | ||
secondary_ip_range { | ||
range_name = "%s" | ||
ip_cidr_range = "%s" | ||
}`, rangeName, cidr)) | ||
} | ||
|
||
var ipAllocationPolicy bytes.Buffer | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm fine leaving this as is, but a potential alternative would be just passing in the configuration block as a string that looked like:
|
||
for key, value := range policy { | ||
ipAllocationPolicy.WriteString(fmt.Sprintf(` | ||
%s = "%s"`, key, value)) | ||
} | ||
|
||
return fmt.Sprintf(` | ||
resource "google_compute_network" "container_network" { | ||
name = "container-net-%s" | ||
auto_create_subnetworks = false | ||
} | ||
|
||
resource "google_compute_subnetwork" "container_subnetwork" { | ||
name = "${google_compute_network.container_network.name}" | ||
network = "${google_compute_network.container_network.name}" | ||
ip_cidr_range = "10.0.0.0/24" | ||
region = "us-central1" | ||
|
||
%s | ||
} | ||
|
||
resource "google_container_cluster" "with_ip_allocation_policy" { | ||
name = "%s" | ||
zone = "us-central1-a" | ||
|
||
network = "${google_compute_network.container_network.name}" | ||
subnetwork = "${google_compute_subnetwork.container_subnetwork.name}" | ||
|
||
initial_node_count = 1 | ||
ip_allocation_policy { | ||
%s | ||
} | ||
}`, acctest.RandString(10), secondaryRanges.String(), cluster, ipAllocationPolicy.String()) | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -98,12 +98,14 @@ output "cluster_ca_certificate" { | |
* `initial_node_count` - (Optional) The number of nodes to create in this | ||
cluster (not including the Kubernetes master). Must be set if `node_pool` is not set. | ||
|
||
* `ip_allocation_policy` - (Optional) Configuration for cluster IP allocation. As of now, only pre-allocated subnetworks (custom type with secondary ranges) are supported. | ||
|
||
* `logging_service` - (Optional) The logging service that the cluster should | ||
write logs to. Available options include `logging.googleapis.com` and | ||
`none`. Defaults to `logging.googleapis.com` | ||
|
||
* `maintenance_policy` - (Optional) The maintenance policy to use for the cluster. Structure is | ||
documented below. | ||
* `maintenance_policy` - (Optional) The maintenance policy to use for the cluster. Structure is | ||
documented below. | ||
|
||
* `master_auth` - (Optional) The authentication information for accessing the | ||
Kubernetes master. Structure is documented below. | ||
|
@@ -173,7 +175,7 @@ addons_config { | |
The `maintenance_policy` block supports: | ||
|
||
* `daily_maintenance_window` - (Required) Time window specified for daily maintenance operations. | ||
Specify `start_time` in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) format "HH:MM”, | ||
Specify `start_time` in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) format "HH:MM”, | ||
where HH : \[00-23\] and MM : \[00-59\] GMT. For example: | ||
|
||
``` | ||
|
@@ -184,6 +186,18 @@ maintenance_policy { | |
} | ||
``` | ||
|
||
The `ip_allocation_policy` block supports: | ||
|
||
* `cluster_secondary_range_name` - (Optional) The name of the secondary range to be | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The last sentence of this (and the next) are no longer applicable. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done. |
||
used as for the cluster CIDR block. The secondary range will be used for pod IP | ||
addresses. This must be an existing secondary range associated with the cluster | ||
subnetwork. | ||
|
||
* `services_secondary_range_name` - (Optional) The name of the secondary range to be | ||
used as for the services CIDR block. The secondary range will be used for service | ||
ClusterIPs. This must be an existing secondary range associated with the cluster | ||
subnetwork. | ||
|
||
The `master_auth` block supports: | ||
|
||
* `password` - (Required) The password to use for HTTP basic authentication when accessing | ||
|
@@ -261,7 +275,7 @@ exported: | |
to the cluster. | ||
|
||
* `maintenance_policy.0.daily_maintenance_window.0.duration` - Duration of the time window, automatically chosen to be | ||
smallest possible in the given scenario. | ||
smallest possible in the given scenario. | ||
Duration will be in [RFC3339](https://www.ietf.org/rfc/rfc3339.txt) format "PTnHnMnS". | ||
|
||
* `master_auth.0.client_certificate` - Base64 encoded public certificate | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you accidentally got rid of the call to this function
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yikes, yeah... Fixed!