diff --git a/.changelog/12011.txt b/.changelog/12011.txt new file mode 100644 index 00000000000..69a585eeda4 --- /dev/null +++ b/.changelog/12011.txt @@ -0,0 +1,3 @@ +```release-note:new-resource +Add `google_gkeonprem_vmware_admin_cluster` resource +``` \ No newline at end of file diff --git a/google/services/gkeonprem/resource_gkeonprem_vmware_cluster_test.go b/google/services/gkeonprem/resource_gkeonprem_vmware_cluster_test.go index 6ac9ad16235..768484d68fe 100644 --- a/google/services/gkeonprem/resource_gkeonprem_vmware_cluster_test.go +++ b/google/services/gkeonprem/resource_gkeonprem_vmware_cluster_test.go @@ -465,7 +465,6 @@ func testAccGkeonpremVmwareCluster_vmwareClusterUpdateManualLb(context map[strin advanced_networking = true } vm_tracking_enabled = false - enable_control_plane_v2 = false disable_bundled_ingress = false upgrade_policy { control_plane_only = true diff --git a/website/docs/r/gkeonprem_vmware_admin_cluster.html.markdown b/website/docs/r/gkeonprem_vmware_admin_cluster.html.markdown new file mode 100644 index 00000000000..de41ad15dd5 --- /dev/null +++ b/website/docs/r/gkeonprem_vmware_admin_cluster.html.markdown @@ -0,0 +1,868 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "Anthos On-Prem" +description: |- + A Google VMware Admin Cluster. +--- + +# google_gkeonprem_vmware_admin_cluster + +A Google VMware Admin Cluster. + +~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + + +## Example Usage - Gkeonprem Vmware Admin Cluster Basic + + +```hcl +resource "google_gkeonprem_vmware_admin_cluster" "admin-cluster-basic" { + provider = google-beta + name = "basic" + location = "us-west1" + description = "test admin cluster" + bootstrap_cluster_membership = "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test" + on_prem_version = "1.31.0-gke.35" + image_type = "ubuntu_containerd" + vcenter { + resource_pool = "test resource pool" + datastore = "test data store" + datacenter = "test data center" + cluster = "test cluster" + folder = "test folder" + ca_cert_data = "test ca cert data" + address = "10.0.0.1" + data_disk = "test data disk" + } + network_config { + service_address_cidr_blocks = ["10.96.0.0/12"] + pod_address_cidr_blocks = ["192.168.0.0/16"] + dhcp_ip_config { + enabled = true + } + } + control_plane_node { + cpus = 4 + memory = 8192 + } + load_balancer { + vip_config { + control_plane_vip = "10.251.133.5" + addons_vip = "10.251.135.19" + } + f5_config { + address = "10.251.135.22" + partition = "test-parition" + snat_pool = "test-snat-pool" + } + } +} +``` +## Example Usage - Gkeonprem Vmware Admin Cluster Full + + +```hcl +resource "google_gkeonprem_vmware_admin_cluster" "admin-cluster-full" { + provider = google-beta + name = "full" + location = "us-west1" + description = "test admin cluster" + bootstrap_cluster_membership = "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test" + on_prem_version = "1.31.0-gke.35" + image_type = "ubuntu_containerd" + annotations = {} + vcenter { + resource_pool = "test resource pool" + datastore = "test data store" + datacenter = "test data center" + cluster = "test cluster" + folder = "test folder" + ca_cert_data = "test ca cert data" + address = "10.0.0.1" + data_disk = "test data disk" + storage_policy_name = "storage_policy_name" + } + network_config { + service_address_cidr_blocks = ["10.96.0.0/12"] + pod_address_cidr_blocks = ["192.168.0.0/16"] + ha_control_plane_config { + control_plane_ip_block { + gateway = "10.0.0.3" + ips { + hostname = "hostname" + ip = "10.0.0.4" + } + netmask = "10.0.0.3/32" + } + } + host_config { + dns_servers = ["10.254.41.1"] + ntp_servers = ["216.239.35.8"] + dns_search_domains = ["test-domain"] + } + static_ip_config { + ip_blocks { + gateway = "10.0.0.1" + ips { + hostname = "hostname" + ip = "10.0.0.2" + } + netmask = "10.0.0.3/32" + } + } + vcenter_network = "test-vcenter-network" + } + control_plane_node { + cpus = 4 + memory = 8192 + replicas = 3 + } + load_balancer { + vip_config { + control_plane_vip = "10.251.133.5" + addons_vip = "10.251.135.19" + } + manual_lb_config { + addons_node_port = 30005 + control_plane_node_port = 30006 + ingress_http_node_port = 30007 + ingress_https_node_port = 30008 + konnectivity_server_node_port = 30009 + } + } + addon_node { + auto_resize_config { + enabled = true + } + } + anti_affinity_groups { + aag_config_disabled = true + } + authorization { + viewer_users { + username = "user1@gmail.com" + } + } + auto_repair_config { + enabled = true + } + platform_config { + required_platform_version = "1.31.0" + } +} +``` +## Example Usage - Gkeonprem Vmware Admin Cluster Metallb + + +```hcl +resource "google_gkeonprem_vmware_admin_cluster" "admin-cluster-metallb" { + provider = google-beta + name = "metallb" + location = "us-west1" + description = "test admin cluster" + bootstrap_cluster_membership = "projects/870316890899/locations/global/memberships/gkeonprem-terraform-test" + on_prem_version = "1.31.0-gke.35" + image_type = "ubuntu_containerd" + vcenter { + resource_pool = "test resource pool" + datastore = "test data store" + datacenter = "test data center" + cluster = "test cluster" + folder = "test folder" + ca_cert_data = "test ca cert data" + address = "10.0.0.1" + data_disk = "test data disk" + } + network_config { + service_address_cidr_blocks = ["10.96.0.0/12"] + pod_address_cidr_blocks = ["192.168.0.0/16"] + dhcp_ip_config { + enabled = true + } + } + control_plane_node { + cpus = 4 + memory = 8192 + } + load_balancer { + vip_config { + control_plane_vip = "10.251.133.5" + addons_vip = "10.251.135.19" + } + metal_lb_config { + enabled = true + } + } +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `network_config` - + (Required) + The VMware admin cluster network configuration. + Structure is [documented below](#nested_network_config). + +* `name` - + (Required) + The VMware admin cluster resource name. + +* `location` - + (Required) + The location of the resource. + + +The `network_config` block supports: + +* `service_address_cidr_blocks` - + (Required) + All services in the cluster are assigned an RFC1918 IPv4 address + from these ranges. Only a single range is supported.. This field + cannot be changed after creation. + +* `pod_address_cidr_blocks` - + (Required) + All pods in the cluster are assigned an RFC1918 IPv4 address from these ranges. + Only a single range is supported. This field cannot be changed after creation. + +* `static_ip_config` - + (Optional) + Configuration settings for a static IP configuration. + Structure is [documented below](#nested_static_ip_config). + +* `dhcp_ip_config` - + (Optional) + Configuration settings for a DHCP IP configuration. + Structure is [documented below](#nested_dhcp_ip_config). + +* `vcenter_network` - + (Optional) + vcenter_network specifies vCenter network name. + +* `host_config` - + (Optional) + Represents common network settings irrespective of the host's IP address. + Structure is [documented below](#nested_host_config). + +* `ha_control_plane_config` - + (Optional) + Configuration for HA admin cluster control plane. + Structure is [documented below](#nested_ha_control_plane_config). + + +The `static_ip_config` block supports: + +* `ip_blocks` - + (Optional) + Represents the configuration values for static IP allocation to nodes. + Structure is [documented below](#nested_ip_blocks). + + +The `ip_blocks` block supports: + +* `netmask` - + (Required) + The netmask used by the VMware Admin Cluster. + +* `gateway` - + (Required) + The network gateway used by the VMware Admin Cluster. + +* `ips` - + (Required) + The node's network configurations used by the VMware Admin Cluster. + Structure is [documented below](#nested_ips). + + +The `ips` block supports: + +* `ip` - + (Required) + IP could be an IP address (like 1.2.3.4) or a CIDR (like 1.2.3.0/24). + +* `hostname` - + (Optional) + Hostname of the machine. VM's name will be used if this field is empty. + +The `dhcp_ip_config` block supports: + +* `enabled` - + (Required) + enabled is a flag to mark if DHCP IP allocation is + used for VMware admin clusters. + +The `host_config` block supports: + +* `dns_servers` - + (Optional) + DNS servers. + +* `ntp_servers` - + (Optional) + NTP servers. + +* `dns_search_domains` - + (Optional) + DNS search domains. + +The `ha_control_plane_config` block supports: + +* `control_plane_ip_block` - + (Optional) + Static IP addresses for the control plane nodes. + Structure is [documented below](#nested_control_plane_ip_block). + + +The `control_plane_ip_block` block supports: + +* `netmask` - + (Required) + The netmask used by the VMware Admin Cluster. + +* `gateway` - + (Required) + The network gateway used by the VMware Admin Cluster. + +* `ips` - + (Required) + The node's network configurations used by the VMware Admin Cluster. + Structure is [documented below](#nested_ips). + + +The `ips` block supports: + +* `ip` - + (Required) + IP could be an IP address (like 1.2.3.4) or a CIDR (like 1.2.3.0/24). + +* `hostname` - + (Optional) + Hostname of the machine. VM's name will be used if this field is empty. + +- - - + + +* `description` - + (Optional) + A human readable description of this VMware admin cluster. + +* `on_prem_version` - + (Optional) + The Anthos clusters on the VMware version for the admin cluster. + +* `image_type` - + (Optional) + The OS image type for the VMware admin cluster. + +* `bootstrap_cluster_membership` - + (Optional) + The bootstrap cluster this VMware admin cluster belongs to. + +* `annotations` - + (Optional) + Annotations on the VMware Admin Cluster. + This field has the same restrictions as Kubernetes annotations. + The total size of all keys and values combined is limited to 256k. + Key can have 2 segments: prefix (optional) and name (required), + separated by a slash (/). + Prefix must be a DNS subdomain. + Name must be 63 characters or less, begin and end with alphanumerics, + with dashes (-), underscores (_), dots (.), and alphanumerics between. + + **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration. + Please refer to the field `effective_annotations` for all of the annotations present on the resource. + +* `control_plane_node` - + (Optional) + The VMware admin cluster control plane node configuration. + Structure is [documented below](#nested_control_plane_node). + +* `addon_node` - + (Optional) + The VMware admin cluster addon node configuration. + Structure is [documented below](#nested_addon_node). + +* `load_balancer` - + (Optional) + Specifies the load balancer configuration for VMware admin cluster. + Structure is [documented below](#nested_load_balancer). + +* `vcenter` - + (Optional) + Specifies vCenter config for the admin cluster. + Structure is [documented below](#nested_vcenter). + +* `anti_affinity_groups` - + (Optional) + AAGConfig specifies whether to spread VMware Admin Cluster nodes across at + least three physical hosts in the datacenter. + Structure is [documented below](#nested_anti_affinity_groups). + +* `auto_repair_config` - + (Optional) + Configuration for auto repairing. + Structure is [documented below](#nested_auto_repair_config). + +* `authorization` - + (Optional) + The VMware admin cluster authorization configuration. + Structure is [documented below](#nested_authorization). + +* `platform_config` - + (Optional) + The VMware platform configuration. + Structure is [documented below](#nested_platform_config). + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + + +The `control_plane_node` block supports: + +* `cpus` - + (Optional) + The number of vCPUs for the control-plane node of the admin cluster. + +* `memory` - + (Optional) + The number of mebibytes of memory for the control-plane node of the admin cluster. + +* `replicas` - + (Optional) + The number of control plane nodes for this VMware admin cluster. + +The `addon_node` block supports: + +* `auto_resize_config` - + (Optional) + Specifies auto resize config. + Structure is [documented below](#nested_auto_resize_config). + + +The `auto_resize_config` block supports: + +* `enabled` - + (Required) + Whether to enable controle plane node auto resizing. + +The `load_balancer` block supports: + +* `vip_config` - + (Required) + Specified the VMware Load Balancer Config + Structure is [documented below](#nested_vip_config). + +* `f5_config` - + (Optional) + Configuration for F5 Big IP typed load balancers. + Structure is [documented below](#nested_f5_config). + +* `manual_lb_config` - + (Optional) + Manually configured load balancers. + Structure is [documented below](#nested_manual_lb_config). + +* `metal_lb_config` - + (Optional) + Metal LB load balancers. + Structure is [documented below](#nested_metal_lb_config). + + +The `vip_config` block supports: + +* `control_plane_vip` - + (Required) + The VIP which you previously set aside for the Kubernetes + API of this VMware Admin Cluster. + +* `addons_vip` - + (Optional) + The VIP to configure the load balancer for add-ons. + +The `f5_config` block supports: + +* `address` - + (Optional) + The load balancer's IP address. + +* `partition` - + (Optional) + he preexisting partition to be used by the load balancer. T + his partition is usually created for the admin cluster for example: + 'my-f5-admin-partition'. + +* `snat_pool` - + (Optional) + The pool name. Only necessary, if using SNAT. + +The `manual_lb_config` block supports: + +* `ingress_http_node_port` - + (Optional) + NodePort for ingress service's http. The ingress service in the admin + cluster is implemented as a Service of type NodePort (ex. 32527). + +* `ingress_https_node_port` - + (Optional) + NodePort for ingress service's https. The ingress service in the admin + cluster is implemented as a Service of type NodePort (ex. 30139). + +* `control_plane_node_port` - + (Optional) + NodePort for control plane service. The Kubernetes API server in the admin + cluster is implemented as a Service of type NodePort (ex. 30968). + +* `konnectivity_server_node_port` - + (Optional) + NodePort for konnectivity server service running as a sidecar in each + kube-apiserver pod (ex. 30564). + +* `addons_node_port` - + (Optional) + NodePort for add-ons server in the admin cluster. + +The `metal_lb_config` block supports: + +* `enabled` - + (Optional) + Metal LB is enabled. + +The `vcenter` block supports: + +* `resource_pool` - + (Optional) + The name of the vCenter resource pool for the admin cluster. + +* `datastore` - + (Optional) + The name of the vCenter datastore for the admin cluster. + +* `datacenter` - + (Optional) + The name of the vCenter datacenter for the admin cluster. + +* `cluster` - + (Optional) + The name of the vCenter cluster for the admin cluster. + +* `folder` - + (Optional) + The name of the vCenter folder for the admin cluster. + +* `ca_cert_data` - + (Optional) + Contains the vCenter CA certificate public key for SSL verification. + +* `address` - + (Optional) + The vCenter IP address. + +* `data_disk` - + (Optional) + The name of the virtual machine disk (VMDK) for the admin cluster. + +* `storage_policy_name` - + (Optional) + The name of the vCenter storage policy for the user cluster. + +The `anti_affinity_groups` block supports: + +* `aag_config_disabled` - + (Required) + Spread nodes across at least three physical hosts (requires at least three + hosts). + Enabled by default. + +The `auto_repair_config` block supports: + +* `enabled` - + (Required) + Whether auto repair is enabled. + +The `authorization` block supports: + +* `viewer_users` - + (Optional) + Users that will be granted the cluster-admin role on the cluster, providing + full access to the cluster. + Structure is [documented below](#nested_viewer_users). + + +The `viewer_users` block supports: + +* `username` - + (Required) + The name of the user, e.g. `my-gcp-id@gmail.com`. + +The `platform_config` block supports: + +* `required_platform_version` - + (Optional) + The required platform version e.g. 1.13.1. + If the current platform version is lower than the target version, + the platform version will be updated to the target version. + If the target version is not installed in the platform + (bundle versions), download the target version bundle. + +* `platform_version` - + (Output) + The platform version e.g. 1.13.2. + +* `bundles` - + (Output) + The list of bundles installed in the admin cluster. + Structure is [documented below](#nested_bundles). + +* `status` - + (Output) + ResourceStatus representing detailed cluster state. + Structure is [documented below](#nested_status). + + +The `bundles` block contains: + +* `version` - + (Output) + The version of the bundle. + +* `status` - + (Output) + ResourceStatus representing detailed cluster state. + Structure is [documented below](#nested_status). + + +The `status` block contains: + +* `error_message` - + (Output) + Human-friendly representation of the error message from the admin cluster + controller. The error message can be temporary as the admin cluster + controller creates a cluster or node pool. If the error message persists + for a longer period of time, it can be used to surface error message to + indicate real problems requiring user intervention. + +* `conditions` - + (Output) + ResourceConditions provide a standard mechanism for higher-level status reporting from admin cluster controller. + Structure is [documented below](#nested_conditions). + + +The `conditions` block contains: + +* `type` - + (Output) + Type of the condition. + (e.g., ClusterRunning, NodePoolRunning or ServerSidePreflightReady) + +* `reason` - + (Output) + Machine-readable message indicating details about last transition. + +* `message` - + (Output) + Human-readable message indicating details about last transition. + +* `last_transition_time` - + (Output) + Last time the condition transit from one status to another. + +* `state` - + (Output) + The lifecycle state of the condition. + +The `status` block contains: + +* `error_message` - + (Output) + Human-friendly representation of the error message from the admin cluster + controller. The error message can be temporary as the admin cluster + controller creates a cluster or node pool. If the error message persists + for a longer period of time, it can be used to surface error message to + indicate real problems requiring user intervention. + +* `conditions` - + (Output) + ResourceConditions provide a standard mechanism for higher-level status reporting from admin cluster controller. + Structure is [documented below](#nested_conditions). + + +The `conditions` block contains: + +* `type` - + (Output) + Type of the condition. + (e.g., ClusterRunning, NodePoolRunning or ServerSidePreflightReady) + +* `reason` - + (Output) + Machine-readable message indicating details about last transition. + +* `message` - + (Output) + Human-readable message indicating details about last transition. + +* `last_transition_time` - + (Output) + Last time the condition transit from one status to another. + +* `state` - + (Output) + The lifecycle state of the condition. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/vmwareAdminClusters/{{name}}` + +* `uid` - + The unique identifier of the VMware Admin Cluster. + +* `state` - + The lifecycle state of the VMware admin cluster. + +* `endpoint` - + The DNS name of VMware admin cluster's API server. + +* `reconciling` - + If set, there are currently changes in flight to the VMware admin cluster. + +* `create_time` - + The time the cluster was created, in RFC3339 text format. + +* `update_time` - + The time the cluster was last updated, in RFC3339 text format. + +* `local_name` - + The object name of the VMwareAdminCluster custom resource on the + associated admin cluster. This field is used to support conflicting + names when enrolling existing clusters to the API. When used as a part of + cluster enrollment, this field will differ from the ID in the resource + name. For new clusters, this field will match the user provided cluster ID + and be visible in the last component of the resource name. It is not + modifiable. + All users should use this name to access their cluster using gkectl or + kubectl and should expect to see the local name when viewing admin + cluster controller logs. + +* `etag` - + This checksum is computed by the server based on the value of other + fields, and may be sent on update and delete requests to ensure the + client has an up-to-date value before proceeding. + Allows clients to perform consistent read-modify-writes + through optimistic concurrency control. + +* `fleet` - + Fleet configuration for the cluster. + Structure is [documented below](#nested_fleet). + +* `status` - + ResourceStatus representing detailed cluster state. + Structure is [documented below](#nested_status). + +* `effective_annotations` - + All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services. + + +The `fleet` block contains: + +* `membership` - + (Output) + The name of the managed Fleet Membership resource associated to this cluster. + Membership names are formatted as + `projects//locations//memberships/`. + +The `status` block contains: + +* `error_message` - + (Output) + Human-friendly representation of the error message from the admin cluster + controller. The error message can be temporary as the admin cluster + controller creates a cluster or node pool. If the error message persists + for a longer period of time, it can be used to surface error message to + indicate real problems requiring user intervention. + +* `conditions` - + (Output) + ResourceConditions provide a standard mechanism for higher-level status reporting from admin cluster controller. + Structure is [documented below](#nested_conditions). + + +The `conditions` block contains: + +* `type` - + (Output) + Type of the condition. + (e.g., ClusterRunning, NodePoolRunning or ServerSidePreflightReady) + +* `reason` - + (Output) + Machine-readable message indicating details about last transition. + +* `message` - + (Output) + Human-readable message indicating details about last transition. + +* `last_transition_time` - + (Output) + Last time the condition transit from one status to another. + +* `state` - + (Output) + The lifecycle state of the condition. + +## Timeouts + +This resource provides the following +[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options: + +- `create` - Default is 60 minutes. +- `update` - Default is 60 minutes. +- `delete` - Default is 60 minutes. + +## Import + + +VmwareAdminCluster can be imported using any of these accepted formats: + +* `projects/{{project}}/locations/{{location}}/vmwareAdminClusters/{{name}}` +* `{{project}}/{{location}}/{{name}}` +* `{{location}}/{{name}}` + + +In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import VmwareAdminCluster using one of the formats above. For example: + +```tf +import { + id = "projects/{{project}}/locations/{{location}}/vmwareAdminClusters/{{name}}" + to = google_gkeonprem_vmware_admin_cluster.default +} +``` + +When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), VmwareAdminCluster can be imported using one of the formats above. For example: + +``` +$ terraform import google_gkeonprem_vmware_admin_cluster.default projects/{{project}}/locations/{{location}}/vmwareAdminClusters/{{name}} +$ terraform import google_gkeonprem_vmware_admin_cluster.default {{project}}/{{location}}/{{name}} +$ terraform import google_gkeonprem_vmware_admin_cluster.default {{location}}/{{name}} +``` + +## User Project Overrides + +This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).