[WIP] Add container cluster network policy addon #630
Conversation
|
Actualy i open a case on google because with api, on create cluster param networkPolicyConfig disabled=false is not set on created cluster. |
sebglon
changed the title
sebglon
force-pushed
the
networkpolicy
branch
2 times, most recently
from
8f07134 to
75d8672
Compare
|
Hey @sebglon, I see the |
sebglon
force-pushed
the
networkpolicy
branch
from
75d8672 to
666ccf8
Compare
|
Actualy, when i set disable NetworkPolicy tu fase, the network policy is not enabled on create. |
sebglon
force-pushed
the
networkpolicy
branch
from
1b0c52f to
1fb2e80
Compare
|
I just tried to use this, and when I looked at the webinterface of GKE, you it looked like you first need to enable it on the master-node, and then as well on the nodes. So probably there are two places in the API to look for? |
|
After many exchange with google team, i have changed network_policy on addons by the global network_policy. |
|
After many exchange with google team, i have changed network_policy on addons by the global network_policy. @danawillow all is good for me. can you review it? |
google/resource_container_cluster.go
Outdated
| Type: schema.TypeBool, | ||
| ForceNew: true, | ||
| Optional: true, | ||
| Default: true, |
There was a problem hiding this comment.
Is this actually enabled by default?
google/resource_container_cluster.go
Outdated
| Type: schema.TypeList, | ||
| Optional: true, | ||
| Computed: true, | ||
| ForceNew: true, |
There was a problem hiding this comment.
Since you added update functionality, these doesn't need to be ForceNew
google/resource_container_cluster.go
Outdated
|
|
||
| func flattenNetworkPolicy(c *container.NetworkPolicy) []map[string]interface{} { | ||
| if c == nil { | ||
| c = &container.NetworkPolicy{} |
There was a problem hiding this comment.
I don't like reassigning pointers this way. Instead, how about something like:
result := []map[string]interface{}{}
if c != nil {
result = append(result, map[string]interface{}{
"enabled": c.Enabled,
"provider": c.Provider,
})
}
return result
| }`, acctest.RandString(10)) | ||
|
|
||
| var testAccContainerCluster_updateNetworkPolicyEnabled = fmt.Sprintf(` | ||
| resource "google_container_cluster" "with_network_policy_enabled" { |
There was a problem hiding this comment.
nit: can you indent this block one more to the left to match the previous var?
|
|
||
| var testAccContainerCluster_updateNetworkPolicyEnabled = fmt.Sprintf(` | ||
| resource "google_container_cluster" "with_network_policy_enabled" { | ||
| name = "cluster-test-%s" |
There was a problem hiding this comment.
Since this config and the previous one both use random strings as part of the cluster name, this will destroy+recreate the cluster so it's not actually testing update.
| zone = "us-central1-a" | ||
| initial_node_count = 1 | ||
|
|
||
| // remove network_policy is equal than enabled=false |
There was a problem hiding this comment.
Instead of this comment, what about renaming the test var to testAccContainerCluster_removeNetworkPolicy? Right now it's a bit hard to understand.
|
@danawillow thanks for your review. All changes are made |
google/resource_container_cluster.go
Outdated
| Schema: map[string]*schema.Schema{ | ||
| "enabled": { | ||
| Type: schema.TypeBool, | ||
| ForceNew: true, |
There was a problem hiding this comment.
I'm confused why you've decided to allow adding/removing the network policy but not changing the values within it. Was that intentional? If so, can you add a comment explaining why?
There was a problem hiding this comment.
sorry @danawillow i don't understand exactly what do you say about 'changing the value".
if you do not put network_policy block, it's the same than disable it.
if you put network_policy block, you can choice to enable or diable it.
| @@ -911,7 +949,7 @@ resource "google_container_cluster" "primary" { | |||
|
|
|||
| var testAccContainerCluster_withMasterAuth = fmt.Sprintf(` | |||
| resource "google_container_cluster" "with_master_auth" { | |||
| name = "cluster-test-%s" | |||
| name = "%s" | |||
There was a problem hiding this comment.
I think you changed the wrong test here
|
@danawillow Can i have a feedback |
|
Just added a few small things, but looks good overall, thanks! |
* replalce TypeList by TypeSet * Add network policy * test improvement * correct test * Add cluster network polocy enabled * Replalce network_policy addons by global network_policy enabled * Update node_config.go * Update resource_container_cluster.go * clean * clean * Correct PR * COrrect PR * pr * fix test to use same name * add more documentation
Signed-off-by: Modular Magician <[email protected]>
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks! |
ghost
locked and limited conversation to collaborators
Add #583