Skip to content

Issue with var.vpc_config.secondary_range_* in gke-cluster-* modules #1677

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
olliefr opened this issue Sep 14, 2023 · 4 comments · Fixed by #1678
Closed

Issue with var.vpc_config.secondary_range_* in gke-cluster-* modules #1677

olliefr opened this issue Sep 14, 2023 · 4 comments · Fixed by #1678
Labels
bug Something isn't working on:modules

Comments

@olliefr
Copy link
Collaborator

olliefr commented Sep 14, 2023

I believe the following applies both to gke-cluster-standard and gke-cluster-autopilot.

I was trying to use the optional secondary_range_blocks field of the input variable vpc_config.

Here's my modules/gke-cluster-standard/terraform.tfvars for testing:

project_id = "indecent-pigeon"
location   = "europe-west1"
name       = "cluster-1"
vpc_config = {
  network    = "default"
  subnetwork = "default"
  secondary_range_blocks = {
    pods     = "192.168.0.0/24"
    services = "192.168.1.0/24"
  }
}

The issue here is that secondary_range_names has a default value, so even when the secondary_range_blocks field is set, the conditional expressions in both dynamic blocks return true and Terraform throws an error because there should be only one ip_allocation_policy block:

image

Sadly, I don't have the time to fix this right now, so am just recording it here for future reference. From the top of my head, the way I would try to fix this is to make the conditional expressions in both dynamic blocks depend on secondary_range_blocks only, in an inverse way:

  • if secondary_range_blocks is null, we use names:
    • the first conditional must return false.
    • the second conditional must return true.
  • if secondary_range_blocks is not null, we use blocks:
    • the first conditional must return true;
    • we can ignore the value of secondary_range_names, so the second conditional must return false.

I hope this is going to make sense when I'm going to read it later 😆
@olliefr olliefr added bug Something isn't working on:modules labels Sep 14, 2023
@olliefr olliefr changed the title Issue with var.vpc_config.secondary_range_* in gke-cluster-* modules. Issue with var.vpc_config.secondary_range_* in gke-cluster-* modules Sep 14, 2023
@juliocc
Copy link
Collaborator

juliocc commented Sep 14, 2023

Good catch. I'll prep a PR later today.

I think we only have to change the type of the secondary_range_names and leave the condition of the blocks as they are. Both fields could potentially be null (for public clusters), and any other inconsistent mix should be handled by the provider/API

juliocc added a commit that referenced this issue Sep 14, 2023
@juliocc
Fix range names definition of GKE clusters
c1be435 
Fixes #1677
@juliocc juliocc mentioned this issue Sep 14, 2023
Merged
4 tasks
@olliefr
Copy link
Collaborator Author

olliefr commented Sep 14, 2023

@juliocc just for giggles – this is how I actually discovered the issue reported here 😅

project_id = "indecent-pigeon"
location   = "europe-west4"
name       = "test-cluster-9"
vpc_config = {
  network    = "cluster-net"
  subnetwork = "cluster-net"
  secondary_range_blocks = {
    pods     = ""
    services = "/20"       # can be an empty string as well
  }
}

This is a legit configuration and it works if there is no duplicate ip_allocation_policy.

Source: google_container_cluster

It offends my sense of aesthetics though 😆

@juliocc
Copy link
Collaborator

juliocc commented Sep 14, 2023
edited
Loading

Interesting. #1678 should cover that use case, I've added an example for it.

@olliefr
Copy link
Collaborator Author

olliefr commented Sep 14, 2023

Interesting. #1678 should cover that use case, I've added an example for it.

Thank you! Always a pleasure to hack on Terraform with you, @juliocc! 😊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working on:modules
Projects
None yet
Milestone
No milestone
2 participants
@juliocc @olliefr