From a560297fcc569784e03b31f890c4f39cfb5533c5 Mon Sep 17 00:00:00 2001 From: Modular Magician Date: Tue, 15 Sep 2020 16:30:31 +0000 Subject: [PATCH] Upstream Support configuring Internal load balancer for Cloud Run for Anthos (#3982) Co-authored-by: Zhimin Xiang Signed-off-by: Modular Magician --- .changelog/3982.txt | 3 ++ google-beta/resource_container_cluster.go | 19 ++++++-- .../resource_container_cluster_test.go | 45 +++++++++++++++++++ .../docs/r/container_cluster.html.markdown | 11 +++-- 4 files changed, 71 insertions(+), 7 deletions(-) create mode 100644 .changelog/3982.txt diff --git a/.changelog/3982.txt b/.changelog/3982.txt new file mode 100644 index 0000000000..ee05bf24d9 --- /dev/null +++ b/.changelog/3982.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +container: added support for `load_balancer_type` to `google_container_cluster` Cloud Run config addon. +``` diff --git a/google-beta/resource_container_cluster.go b/google-beta/resource_container_cluster.go index c631632184..387a14b22d 100644 --- a/google-beta/resource_container_cluster.go +++ b/google-beta/resource_container_cluster.go @@ -281,6 +281,11 @@ func resourceContainerCluster() *schema.Resource { Type: schema.TypeBool, Required: true, }, + "load_balancer_type": { + Type: schema.TypeString, + ValidateFunc: validation.StringInSlice([]string{"LOAD_BALANCER_TYPE_INTERNAL"}, false), + Optional: true, + }, }, }, }, @@ -2624,6 +2629,9 @@ func expandClusterAddonsConfig(configured interface{}) *containerBeta.AddonsConf Disabled: addon["disabled"].(bool), ForceSendFields: []string{"Disabled"}, } + if addon["load_balancer_type"] != "" { + ac.CloudRunConfig.LoadBalancerType = addon["load_balancer_type"].(string) + } } if v, ok := config["istio_config"]; ok && len(v.([]interface{})) > 0 { @@ -3101,11 +3109,14 @@ func flattenClusterAddonsConfig(c *containerBeta.AddonsConfig) []map[string]inte } if c.CloudRunConfig != nil { - result["cloudrun_config"] = []map[string]interface{}{ - { - "disabled": c.CloudRunConfig.Disabled, - }, + cloudRunConfig := map[string]interface{}{ + "disabled": c.CloudRunConfig.Disabled, + } + if c.CloudRunConfig.LoadBalancerType == "LOAD_BALANCER_TYPE_INTERNAL" { + // Currently we only allow setting load_balancer_type to LOAD_BALANCER_TYPE_INTERNAL + cloudRunConfig["load_balancer_type"] = "LOAD_BALANCER_TYPE_INTERNAL" } + result["cloudrun_config"] = []map[string]interface{}{cloudRunConfig} } if c.IstioConfig != nil { diff --git a/google-beta/resource_container_cluster_test.go b/google-beta/resource_container_cluster_test.go index e5b9e572e3..ef622e061c 100644 --- a/google-beta/resource_container_cluster_test.go +++ b/google-beta/resource_container_cluster_test.go @@ -160,6 +160,15 @@ func TestAccContainerCluster_withAddons(t *testing.T) { ImportStateVerify: true, ImportStateVerifyIgnore: []string{"min_master_version"}, }, + { + Config: testAccContainerCluster_withInternalLoadBalancer(pid, clusterName), + }, + { + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"min_master_version"}, + }, }, }) } @@ -2187,6 +2196,42 @@ resource "google_container_cluster" "primary" { `, projectID, clusterName) } +func testAccContainerCluster_withInternalLoadBalancer(projectID string, clusterName string) string { + return fmt.Sprintf(` +data "google_project" "project" { + project_id = "%s" +} + +resource "google_container_cluster" "primary" { + name = "%s" + location = "us-central1-a" + initial_node_count = 1 + + min_master_version = "latest" + + workload_identity_config { + identity_namespace = "${data.google_project.project.project_id}.svc.id.goog" + } + + addons_config { + http_load_balancing { + disabled = false + } + horizontal_pod_autoscaling { + disabled = false + } + network_policy_config { + disabled = false + } + cloudrun_config { + disabled = false + load_balancer_type = "LOAD_BALANCER_TYPE_INTERNAL" + } + } +} +`, projectID, clusterName) +} + func testAccContainerCluster_withMasterAuth(clusterName string) string { return fmt.Sprintf(` resource "google_container_cluster" "with_master_auth" { diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown index ea0bed72a3..747ec62bc5 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -350,9 +350,7 @@ The `addons_config` block supports: It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set `disabled = false` to enable. -* `cloudrun_config` - (Optional). - The status of the CloudRun addon. It is disabled by default. - Set `disabled = false` to enable. +* `cloudrun_config` - (Optional). Structure is documented below. * `istio_config` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)). Structure is documented below. @@ -393,6 +391,13 @@ The `database_encryption` block supports: * `key_name` - (Required) the key to use to encrypt/decrypt secrets. See the [DatabaseEncryption definition](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#Cluster.DatabaseEncryption) for more information. +The `cloudrun_config` block supports: + +* `disabled` - (Optional) The status of the CloudRun addon. It is disabled by default. Set `disabled=false` to enable. + +* `load_balancer_type` - (Optional) The load balancer type of CloudRun ingress service. It is external load balancer by default. + Set `load_balancer_type=LOAD_BALANCER_TYPE_INTERNAL` to configure it as internal load balancer. + The `istio_config` block supports: * `disabled` - (Optional) The status of the Istio addon, which makes it easy to set up Istio for services in a