Merge pull request #1678 from GoogleCloudPlatform/jccb/fix-1677
Allow only one of `secondary_range_blocks` or `secondary_range_names` when creating GKE clusters.
This commit is contained in:
commit
96a3bc3737
|
@ -20,12 +20,9 @@ module "cluster" {
|
|||
name = "cluster"
|
||||
location = var.region
|
||||
vpc_config = {
|
||||
network = module.vpc.self_link
|
||||
subnetwork = module.vpc.subnet_self_links["${var.region}/subnet-apigee"]
|
||||
secondary_range_names = {
|
||||
pods = "pods"
|
||||
services = "services"
|
||||
}
|
||||
network = module.vpc.self_link
|
||||
subnetwork = module.vpc.subnet_self_links["${var.region}/subnet-apigee"]
|
||||
secondary_range_names = {}
|
||||
master_authorized_ranges = var.cluster_network_config.master_authorized_cidr_blocks
|
||||
master_ipv4_cidr_block = var.cluster_network_config.master_cidr_block
|
||||
}
|
||||
|
@ -79,4 +76,4 @@ module "apigee-runtime-nodepool" {
|
|||
create = true
|
||||
}
|
||||
tags = ["node"]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -20,12 +20,9 @@ module "cluster" {
|
|||
name = "cluster"
|
||||
location = var.region
|
||||
vpc_config = {
|
||||
network = module.vpc.self_link
|
||||
subnetwork = module.vpc.subnet_self_links["${var.region}/subnet-cluster"]
|
||||
secondary_range_names = {
|
||||
pods = "pods"
|
||||
services = "services"
|
||||
}
|
||||
network = module.vpc.self_link
|
||||
subnetwork = module.vpc.subnet_self_links["${var.region}/subnet-cluster"]
|
||||
secondary_range_names = {}
|
||||
master_authorized_ranges = var.cluster_network_config.master_authorized_cidr_blocks
|
||||
master_ipv4_cidr_block = var.cluster_network_config.master_cidr_block
|
||||
}
|
||||
|
@ -51,4 +48,4 @@ module "node_sa" {
|
|||
source = "../../../modules/iam-service-account"
|
||||
project_id = module.project.project_id
|
||||
name = "sa-node"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -167,7 +167,7 @@ Leave all these variables unset (or set to `null`) to disable fleet management.
|
|||
| [host_project_ids](variables.tf#L174) | Host project for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [prefix](variables.tf#L227) | Prefix used for resources that need unique names. | <code>string</code> | ✓ | | |
|
||||
| [vpc_self_links](variables.tf#L243) | Self link for the shared VPC. | <code title="object({ dev-spoke-0 = string })">object({…})</code> | ✓ | | <code>2-networking</code> |
|
||||
| [clusters](variables.tf#L42) | Clusters configuration. Refer to the gke-cluster module for type details. | <code title="map(object({ cluster_autoscaling = optional(any) description = optional(string) enable_addons = optional(any, { horizontal_pod_autoscaling = true, http_load_balancing = true }) enable_features = optional(any, { workload_identity = true }) issue_client_certificate = optional(bool, false) labels = optional(map(string)) location = string logging_config = optional(object({ enable_system_logs = optional(bool, true) enable_workloads_logs = optional(bool, true) enable_api_server_logs = optional(bool, false) enable_scheduler_logs = optional(bool, false) enable_controller_manager_logs = optional(bool, false) }), {}) maintenance_config = optional(any, { daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }) max_pods_per_node = optional(number, 110) min_master_version = optional(string) monitoring_config = optional(object({ enable_components = optional(list(string), ["SYSTEM_COMPONENTS"]) managed_prometheus = optional(bool) })) node_locations = optional(list(string)) private_cluster_config = optional(any) release_channel = optional(string) vpc_config = object({ subnetwork = string network = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = string services = string }), { pods = "pods", services = "services" }) master_authorized_ranges = optional(map(string)) master_ipv4_cidr_block = optional(string) }) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [clusters](variables.tf#L42) | Clusters configuration. Refer to the gke-cluster module for type details. | <code title="map(object({ cluster_autoscaling = optional(any) description = optional(string) enable_addons = optional(any, { horizontal_pod_autoscaling = true, http_load_balancing = true }) enable_features = optional(any, { workload_identity = true }) issue_client_certificate = optional(bool, false) labels = optional(map(string)) location = string logging_config = optional(object({ enable_system_logs = optional(bool, true) enable_workloads_logs = optional(bool, true) enable_api_server_logs = optional(bool, false) enable_scheduler_logs = optional(bool, false) enable_controller_manager_logs = optional(bool, false) }), {}) maintenance_config = optional(any, { daily_window_start_time = "03:00" recurring_window = null maintenance_exclusion = [] }) max_pods_per_node = optional(number, 110) min_master_version = optional(string) monitoring_config = optional(object({ enable_components = optional(list(string), ["SYSTEM_COMPONENTS"]) managed_prometheus = optional(bool) })) node_locations = optional(list(string)) private_cluster_config = optional(any) release_channel = optional(string) vpc_config = object({ subnetwork = string network = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = optional(string, "pods") services = optional(string, "services") })) master_authorized_ranges = optional(map(string)) master_ipv4_cidr_block = optional(string) }) }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [fleet_configmanagement_clusters](variables.tf#L96) | Config management features enabled on specific sets of member clusters, in config name => [cluster name] format. | <code>map(list(string))</code> | | <code>{}</code> | |
|
||||
| [fleet_configmanagement_templates](variables.tf#L104) | Sets of config management configurations that can be applied to member clusters, in config name => {options} format. | <code title="map(object({ binauthz = bool config_sync = object({ git = object({ gcp_service_account_email = string https_proxy = string policy_dir = string secret_type = string sync_branch = string sync_repo = string sync_rev = string sync_wait_secs = number }) prevent_drift = string source_format = string }) hierarchy_controller = object({ enable_hierarchical_resource_quota = bool enable_pod_tree_labels = bool }) policy_controller = object({ audit_interval_seconds = number exemptable_namespaces = list(string) log_denies_enabled = bool referential_rules_enabled = bool template_library_installed = bool }) version = string }))">map(object({…}))</code> | | <code>{}</code> | |
|
||||
| [fleet_features](variables.tf#L139) | Enable and configure fleet features. Set to null to disable GKE Hub if fleet workload identity is not used. | <code title="object({ appdevexperience = bool configmanagement = bool identityservice = bool multiclusteringress = string multiclusterservicediscovery = bool servicemesh = bool })">object({…})</code> | | <code>null</code> | |
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/**
|
||||
* Copyright 2022 Google LLC
|
||||
* Copyright 2023 Google LLC
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -82,9 +82,9 @@ variable "clusters" {
|
|||
services = string
|
||||
}))
|
||||
secondary_range_names = optional(object({
|
||||
pods = string
|
||||
services = string
|
||||
}), { pods = "pods", services = "services" })
|
||||
pods = optional(string, "pods")
|
||||
services = optional(string, "services")
|
||||
}))
|
||||
master_authorized_ranges = optional(map(string))
|
||||
master_ipv4_cidr_block = optional(string)
|
||||
})
|
||||
|
|
|
@ -64,7 +64,7 @@ module "cluster-1" {
|
|||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = { pods = "pods", services = "services" }
|
||||
secondary_range_names = {} # use default names "pods" and "services"
|
||||
}
|
||||
enable_features = {
|
||||
dns = {
|
||||
|
@ -91,8 +91,9 @@ module "cluster-1" {
|
|||
name = "cluster-1"
|
||||
location = "europe-west1"
|
||||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = {} # use default names "pods" and "services"
|
||||
}
|
||||
logging_config = {
|
||||
enable_api_server_logs = true
|
||||
|
@ -120,8 +121,9 @@ module "cluster-1" {
|
|||
name = "cluster-1"
|
||||
location = "europe-west1"
|
||||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = {} # use default names "pods" and "services"
|
||||
}
|
||||
monitoring_config = {
|
||||
enable_api_server_metrics = true
|
||||
|
@ -155,7 +157,7 @@ module "cluster-1" {
|
|||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = { pods = "pods", services = "services" }
|
||||
secondary_range_names = {}
|
||||
}
|
||||
backup_configs = {
|
||||
enable_backup_agent = true
|
||||
|
@ -177,7 +179,7 @@ module "cluster-1" {
|
|||
| [location](variables.tf#L110) | Autopilot cluster are always regional. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L170) | Cluster name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L196) | Cluster project id. | <code>string</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L225) | VPC-level configuration. | <code title="object({ network = string subnetwork = string master_ipv4_cidr_block = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = string services = string }), { pods = "pods", services = "services" }) master_authorized_ranges = optional(map(string)) stack_type = optional(string) })">object({…})</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L225) | VPC-level configuration. | <code title="object({ network = string subnetwork = string master_ipv4_cidr_block = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = optional(string, "pods") services = optional(string, "services") })) master_authorized_ranges = optional(map(string)) stack_type = optional(string) })">object({…})</code> | ✓ | |
|
||||
| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | <code title="object({ enable_backup_agent = optional(bool, false) backup_plans = optional(map(object({ encryption_key = optional(string) include_secrets = optional(bool, true) include_volume_data = optional(bool, true) namespaces = optional(list(string)) region = string schedule = string retention_policy_days = optional(string) retention_policy_lock = optional(bool, false) retention_policy_delete_lock_days = optional(string) })), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [description](variables.tf#L37) | Cluster description. | <code>string</code> | | <code>null</code> |
|
||||
| [enable_addons](variables.tf#L43) | Addons enabled in the cluster (true means enabled). | <code title="object({ cloudrun = optional(bool, false) config_connector = optional(bool, false) dns_cache = optional(bool, false) horizontal_pod_autoscaling = optional(bool, false) http_load_balancing = optional(bool, false) istio = optional(object({ enable_tls = bool })) kalm = optional(bool, false) network_policy = optional(bool, false) })">object({…})</code> | | <code title="{ horizontal_pod_autoscaling = true http_load_balancing = true }">{…}</code> |
|
||||
|
|
|
@ -108,7 +108,7 @@ resource "google_container_cluster" "cluster" {
|
|||
content {
|
||||
cluster_ipv4_cidr_block = var.vpc_config.secondary_range_blocks.pods
|
||||
services_ipv4_cidr_block = var.vpc_config.secondary_range_blocks.services
|
||||
stack_type = try(var.vpc_config.stack_type, null)
|
||||
stack_type = var.vpc_config.stack_type
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -117,7 +117,7 @@ resource "google_container_cluster" "cluster" {
|
|||
content {
|
||||
cluster_secondary_range_name = var.vpc_config.secondary_range_names.pods
|
||||
services_secondary_range_name = var.vpc_config.secondary_range_names.services
|
||||
stack_type = try(var.vpc_config.stack_type, null)
|
||||
stack_type = var.vpc_config.stack_type
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -233,9 +233,9 @@ variable "vpc_config" {
|
|||
services = string
|
||||
}))
|
||||
secondary_range_names = optional(object({
|
||||
pods = string
|
||||
services = string
|
||||
}), { pods = "pods", services = "services" })
|
||||
pods = optional(string, "pods")
|
||||
services = optional(string, "services")
|
||||
}))
|
||||
master_authorized_ranges = optional(map(string))
|
||||
stack_type = optional(string)
|
||||
})
|
||||
|
|
|
@ -45,12 +45,9 @@ module "cluster-1" {
|
|||
name = "cluster-dataplane-v2"
|
||||
location = "europe-west1-b"
|
||||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = {
|
||||
pods = "pods"
|
||||
services = "services"
|
||||
}
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = {} # use default names "pods" and "services"
|
||||
master_authorized_ranges = {
|
||||
internal-vms = "10.0.0.0/8"
|
||||
}
|
||||
|
@ -84,8 +81,9 @@ module "cluster-1" {
|
|||
name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = {}
|
||||
}
|
||||
logging_config = {
|
||||
enable_workloads_logs = true
|
||||
|
@ -113,8 +111,9 @@ module "cluster-1" {
|
|||
name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = {}
|
||||
}
|
||||
logging_config = {
|
||||
enable_system_logs = false
|
||||
|
@ -136,7 +135,7 @@ module "cluster-1" {
|
|||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = { pods = "pods", services = "services" }
|
||||
secondary_range_names = {}
|
||||
}
|
||||
enable_features = {
|
||||
dns = {
|
||||
|
@ -162,7 +161,7 @@ module "cluster-1" {
|
|||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_names = { pods = "pods", services = "services" }
|
||||
secondary_range_names = {}
|
||||
}
|
||||
backup_configs = {
|
||||
enable_backup_agent = true
|
||||
|
@ -176,6 +175,29 @@ module "cluster-1" {
|
|||
}
|
||||
# tftest modules=1 resources=2 inventory=backup.yaml
|
||||
```
|
||||
|
||||
### Automatic creation of new secondary ranges
|
||||
|
||||
You can use `var.vpc_config.secondary_range_blocks` to let GKE create new secondary ranges for the cluster. The example below reserves an available /14 block for pods and a /20 for services.
|
||||
|
||||
```hcl
|
||||
module "cluster-1" {
|
||||
source = "./fabric/modules/gke-cluster-standard"
|
||||
project_id = var.project_id
|
||||
name = "cluster-1"
|
||||
location = "europe-west1-b"
|
||||
vpc_config = {
|
||||
network = var.vpc.self_link
|
||||
subnetwork = var.subnet.self_link
|
||||
secondary_range_blocks = {
|
||||
pods = ""
|
||||
services = "/20" # can be an empty string as well
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1
|
||||
```
|
||||
|
||||
<!-- BEGIN TFDOC -->
|
||||
## Variables
|
||||
|
||||
|
@ -184,7 +206,7 @@ module "cluster-1" {
|
|||
| [location](variables.tf#L138) | Cluster zone or region. | <code>string</code> | ✓ | |
|
||||
| [name](variables.tf#L210) | Cluster name. | <code>string</code> | ✓ | |
|
||||
| [project_id](variables.tf#L236) | Cluster project id. | <code>string</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L253) | VPC-level configuration. | <code title="object({ network = string subnetwork = string master_ipv4_cidr_block = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = string services = string }), { pods = "pods", services = "services" }) master_authorized_ranges = optional(map(string)) stack_type = optional(string) })">object({…})</code> | ✓ | |
|
||||
| [vpc_config](variables.tf#L253) | VPC-level configuration. | <code title="object({ network = string subnetwork = string master_ipv4_cidr_block = optional(string) secondary_range_blocks = optional(object({ pods = string services = string })) secondary_range_names = optional(object({ pods = optional(string, "pods") services = optional(string, "services") })) master_authorized_ranges = optional(map(string)) stack_type = optional(string) })">object({…})</code> | ✓ | |
|
||||
| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | <code title="object({ enable_backup_agent = optional(bool, false) backup_plans = optional(map(object({ encryption_key = optional(string) include_secrets = optional(bool, true) include_volume_data = optional(bool, true) namespaces = optional(list(string)) region = string schedule = string retention_policy_days = optional(string) retention_policy_lock = optional(bool, false) retention_policy_delete_lock_days = optional(string) })), {}) })">object({…})</code> | | <code>{}</code> |
|
||||
| [cluster_autoscaling](variables.tf#L37) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | <code title="object({ auto_provisioning_defaults = optional(object({ boot_disk_kms_key = optional(string) image_type = optional(string) oauth_scopes = optional(list(string)) service_account = optional(string) })) cpu_limits = optional(object({ min = number max = number })) mem_limits = optional(object({ min = number max = number })) })">object({…})</code> | | <code>null</code> |
|
||||
| [description](variables.tf#L58) | Cluster description. | <code>string</code> | | <code>null</code> |
|
||||
|
|
|
@ -169,7 +169,7 @@ resource "google_container_cluster" "cluster" {
|
|||
content {
|
||||
cluster_ipv4_cidr_block = var.vpc_config.secondary_range_blocks.pods
|
||||
services_ipv4_cidr_block = var.vpc_config.secondary_range_blocks.services
|
||||
stack_type = try(var.vpc_config.stack_type, null)
|
||||
stack_type = var.vpc_config.stack_type
|
||||
}
|
||||
}
|
||||
dynamic "ip_allocation_policy" {
|
||||
|
@ -177,7 +177,7 @@ resource "google_container_cluster" "cluster" {
|
|||
content {
|
||||
cluster_secondary_range_name = var.vpc_config.secondary_range_names.pods
|
||||
services_secondary_range_name = var.vpc_config.secondary_range_names.services
|
||||
stack_type = try(var.vpc_config.stack_type, null)
|
||||
stack_type = var.vpc_config.stack_type
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -261,9 +261,9 @@ variable "vpc_config" {
|
|||
services = string
|
||||
}))
|
||||
secondary_range_names = optional(object({
|
||||
pods = string
|
||||
services = string
|
||||
}), { pods = "pods", services = "services" })
|
||||
pods = optional(string, "pods")
|
||||
services = optional(string, "services")
|
||||
}))
|
||||
master_authorized_ranges = optional(map(string))
|
||||
stack_type = optional(string)
|
||||
})
|
||||
|
|
Loading…
Reference in New Issue