From 0c877ee9e453bbb8b06ab9ca3e67e4a805906f36 Mon Sep 17 00:00:00 2001
From: sumit0861 <146714592+sumit0861@users.noreply.github.com>
Date: Tue, 9 Jan 2024 14:50:52 +0700
Subject: [PATCH] feat: add feature for manual IP addresses (#117)
---
README.md | 1 +
inputs.tf | 6 ++++++
main.tf | 1 +
modules/gcp-gke/README.md | 1 +
modules/gcp-gke/inputs.tf | 6 ++++++
modules/gcp-gke/network.tf | 3 ++-
6 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/README.md b/README.md
index b197aef..2dab1b1 100644
--- a/README.md
+++ b/README.md
@@ -83,6 +83,7 @@ role in the shared VPC host project.
| [master\_ipv4\_cidr\_block](#input\_master\_ipv4\_cidr\_block) | The IP range to set for master nodes, passed to master\_ipv4\_cidr\_block - /28 required by Google. | `any` | n/a | yes |
| [maximum\_node\_count](#input\_maximum\_node\_count) | Maximum nodes for the node pool. This is the total nodes so for regional deployments it is the total nodes across all zones. | `string` | n/a | yes |
| [minimum\_node\_count](#input\_minimum\_node\_count) | Minimum nodes for the node pool. This is the total nodes so for regional deployments it is the total nodes across all zones. | `string` | n/a | yes |
+| [nat\_ip\_address\_self\_links](#input\_nat\_ip\_address\_self\_links) | List of IP address self links to use for NAT | `list(string)` | `[]` | no |
| [pods\_ip\_range\_cidr](#input\_pods\_ip\_range\_cidr) | CIDR of the secondary IP range used for Kubernetes Pods. | `string` | n/a | yes |
| [pods\_ip\_range\_name](#input\_pods\_ip\_range\_name) | Name of the secondary IP range used for Kubernetes Pods. | `string` | n/a | yes |
| [release\_channel](#input\_release\_channel) | (Beta) The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"RAPID"` | no |
diff --git a/inputs.tf b/inputs.tf
index 04f1199..25743f0 100644
--- a/inputs.tf
+++ b/inputs.tf
@@ -68,6 +68,12 @@ variable "minimum_node_count" {
description = "Minimum nodes for the node pool. This is the total nodes so for regional deployments it is the total nodes across all zones."
}
+variable "nat_ip_address_self_links" {
+ type = list(string)
+ description = "List of IP address self links to use for NAT"
+ default = []
+}
+
variable "pods_ip_range_cidr" {
type = string
description = "CIDR of the secondary IP range used for Kubernetes Pods."
diff --git a/main.tf b/main.tf
index d7f7b09..1313d25 100644
--- a/main.tf
+++ b/main.tf
@@ -21,6 +21,7 @@ module "gke" {
create_gcp_router = var.create_gcp_router
create_public_https_firewall_rule = var.create_public_https_firewall_rule
enable_network_policy = var.enable_network_policy
+ nat_ip_address_self_links = [var.nat_ip_address_self_links]
gke_authenticator_groups_config_domain = var.gke_authenticator_groups_config_domain
google_project = var.google_project
diff --git a/modules/gcp-gke/README.md b/modules/gcp-gke/README.md
index e97c0fb..4067447 100644
--- a/modules/gcp-gke/README.md
+++ b/modules/gcp-gke/README.md
@@ -79,6 +79,7 @@ To run E2E tests, navigate to the [test folder](../test) and run `go test -v -ti
| [master\_ipv4\_cidr\_block](#input\_master\_ipv4\_cidr\_block) | The IP range to set for master nodes, passed to master\_ipv4\_cidr\_block - /28 required by Google. | `any` | n/a | yes |
| [maximum\_node\_count](#input\_maximum\_node\_count) | Maximum nodes for the node pool per-zone. | `any` | n/a | yes |
| [minimum\_node\_count](#input\_minimum\_node\_count) | Minimum nodes for the node pool per-zone. | `any` | n/a | yes |
+| [nat\_ip\_address\_self\_links](#input\_nat\_ip\_address\_self\_links) | List of self links IP addresses to use for NAT | `list(string)` | `[]` | no |
| [pods\_ip\_range\_name](#input\_pods\_ip\_range\_name) | Name of the secondary IP range used for Kubernetes Pods. | `string` | n/a | yes |
| [release\_channel](#input\_release\_channel) | (Beta) The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | n/a | yes |
| [services\_ip\_range\_name](#input\_services\_ip\_range\_name) | Name of the secondary IP range used for Kubernetes Services. | `string` | n/a | yes |
diff --git a/modules/gcp-gke/inputs.tf b/modules/gcp-gke/inputs.tf
index 57ec759..31b3ea9 100644
--- a/modules/gcp-gke/inputs.tf
+++ b/modules/gcp-gke/inputs.tf
@@ -178,3 +178,9 @@ variable "maintenance_policy_config" {
description = "(OPTIONAL) A list of objects used to configure maintenance policy "
default = []
}
+
+variable "nat_ip_address_self_links" {
+ type = list(string)
+ description = "List of self links IP addresses to use for NAT"
+ default = []
+}
diff --git a/modules/gcp-gke/network.tf b/modules/gcp-gke/network.tf
index 6f7d5b6..5cb7006 100644
--- a/modules/gcp-gke/network.tf
+++ b/modules/gcp-gke/network.tf
@@ -56,8 +56,9 @@ resource "google_compute_router_nat" "nat" {
name = "${var.cluster_name}-nat"
router = google_compute_router.router[0].name
region = var.google_region
- nat_ip_allocate_option = "AUTO_ONLY"
+ nat_ip_allocate_option = length(var.nat_ip_address_self_links) > 0 ? "MANUAL_ONLY" : "AUTO_ONLY"
source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
+ nat_ips = length(var.nat_ip_address_self_links) > 0 ? var.nat_ip_address_self_links : []
log_config {
enable = true