terraform-google-kubernetes-engine icon indicating copy to clipboard operation
terraform-google-kubernetes-engine copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

GKE cluster cluster_dns_provider doesn't get applied

Open 54nd20 opened this issue 1 year ago • 3 comments

TL;DR

Only if cluster_dns_provider is set to "CLOUD_DNS" it is actually applied. Other valid values would be "PROVIDER_UNSPECIFIED" or "PLATFORM_DEFAULT". Setting the variable to those values doesn't have any effect because of the condition in https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/blob/c81c2fec943df1d891495b2afe89b9904203a585/modules/private-cluster/cluster.tf#L181.

This leads to the problem that after a value was set via GCP UI or gcloud CLI, terraform would recreate the cluster:

      - dns_config { # forces replacement
          - cluster_dns = "PLATFORM_DEFAULT" -> null
        }

Terraform Configuration

module "gke" {
  source             = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
  version            = "28.0.0"
  project_id         = var.project_id
  name               = var.cluster_name
  region             = var.region
  zones              = var.availability_zones
  network            = var.network
  subnetwork         = var.subnet
  release_channel    = var.release_channel
  kubernetes_version = var.cluster_version
  node_pools         = var.worker_groups
  node_pools_labels  = var.node_pools_labels
  node_pools_oauth_scopes = {
    all = [
      "https://www.googleapis.com/auth/cloud-platform",
    ]
  }

  datapath_provider               = var.datapath_provider
  ip_range_pods                   = var.ip_range_pods != "" ? var.ip_range_pods : "${var.cluster_name}-pods"
  ip_range_services               = var.ip_range_services != "" ? var.ip_range_services : "${var.cluster_name}-services"
  enable_private_nodes            = true
  gce_pd_csi_driver               = true
  remove_default_node_pool        = true
  logging_service                 = var.logging_service
  monitoring_service              = var.monitoring_service
  http_load_balancing             = true
  network_policy                  = false
  authenticator_security_group    = var.authenticator_security_group
  add_cluster_firewall_rules      = var.add_cluster_firewall_rules
  maintenance_start_time          = var.maintenance_start_time
  maintenance_end_time            = var.maintenance_end_time
  maintenance_recurrence          = var.maintenance_recurrence
  maintenance_exclusions          = var.maintenance_exclusions
  enable_vertical_pod_autoscaling = var.enable_vertical_pod_autoscaling
  cluster_dns_provider            = "PLATFORM_DEFAULT"
  depends_on = [
    var.network
  ]
}

Expected behavior

All valid values get applied.

Observed behavior

Only if cluster_dns_provider is set to "CLOUD_DNS" it is actually applied

Terraform Configuration

module "gke" {
  source             = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
  version            = "29.0.0"
  project_id         = var.project_id
  name               = var.cluster_name
  region             = var.region
  zones              = var.availability_zones
  network            = var.network
  subnetwork         = var.subnet
  release_channel    = var.release_channel
  kubernetes_version = var.cluster_version
  node_pools         = var.worker_groups
  node_pools_labels  = var.node_pools_labels
  node_pools_oauth_scopes = {
    all = [
      "https://www.googleapis.com/auth/cloud-platform",
    ]
  }

  datapath_provider               = var.datapath_provider
  ip_range_pods                   = var.ip_range_pods != "" ? var.ip_range_pods : "${var.cluster_name}-pods"
  ip_range_services               = var.ip_range_services != "" ? var.ip_range_services : "${var.cluster_name}-services"
  enable_private_nodes            = true
  gce_pd_csi_driver               = true
  remove_default_node_pool        = true
  logging_service                 = var.logging_service
  monitoring_service              = var.monitoring_service
  http_load_balancing             = true
  network_policy                  = false
  authenticator_security_group    = var.authenticator_security_group
  add_cluster_firewall_rules      = var.add_cluster_firewall_rules
  maintenance_start_time          = var.maintenance_start_time
  maintenance_end_time            = var.maintenance_end_time
  maintenance_recurrence          = var.maintenance_recurrence
  maintenance_exclusions          = var.maintenance_exclusions
  enable_vertical_pod_autoscaling = var.enable_vertical_pod_autoscaling
  cluster_dns_provider            = "PLATFORM_DEFAULT"
  depends_on = [
    var.network
  ]
}

Terraform Version

1.6.2

Additional information

https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/1783

54nd20 avatar Jan 03 '24 17:01 54nd20

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] avatar Mar 03 '24 23:03 github-actions[bot]

Facing the same issue here. Any update on this?

AlvaroGG0 avatar Mar 04 '24 10:03 AlvaroGG0

This is still relevant.

54nd20 avatar Mar 04 '24 15:03 54nd20

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] avatar May 04 '24 23:05 github-actions[bot]

We run into the same issue.

lestich avatar Aug 13 '24 12:08 lestich