feat: add feature for manual IP addresses (#117)

honestbank · Jan 9, 2024 · 0c877ee · 0c877ee
1 parent c148cda
commit 0c877ee
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -83,6 +83,7 @@ role in the shared VPC host project.
 | <a name="input_master_ipv4_cidr_block"></a> [master\_ipv4\_cidr\_block](#input\_master\_ipv4\_cidr\_block) | The IP range to set for master nodes, passed to master\_ipv4\_cidr\_block - /28 required by Google. | `any` | n/a | yes |
 | <a name="input_maximum_node_count"></a> [maximum\_node\_count](#input\_maximum\_node\_count) | Maximum nodes for the node pool. This is the total nodes so for regional deployments it is the total nodes across all zones. | `string` | n/a | yes |
 | <a name="input_minimum_node_count"></a> [minimum\_node\_count](#input\_minimum\_node\_count) | Minimum nodes for the node pool. This is the total nodes so for regional deployments it is the total nodes across all zones. | `string` | n/a | yes |
+| <a name="input_nat_ip_address_self_links"></a> [nat\_ip\_address\_self\_links](#input\_nat\_ip\_address\_self\_links) | List of IP address self links to use for NAT | `list(string)` | `[]` | no |
 | <a name="input_pods_ip_range_cidr"></a> [pods\_ip\_range\_cidr](#input\_pods\_ip\_range\_cidr) | CIDR of the secondary IP range used for Kubernetes Pods. | `string` | n/a | yes |
 | <a name="input_pods_ip_range_name"></a> [pods\_ip\_range\_name](#input\_pods\_ip\_range\_name) | Name of the secondary IP range used for Kubernetes Pods. | `string` | n/a | yes |
 | <a name="input_release_channel"></a> [release\_channel](#input\_release\_channel) | (Beta) The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"RAPID"` | no |

diff --git a/inputs.tf b/inputs.tf
@@ -68,6 +68,12 @@ variable "minimum_node_count" {
   description = "Minimum nodes for the node pool. This is the total nodes so for regional deployments it is the total nodes across all zones."
 }
 
+variable "nat_ip_address_self_links" {
+  type        = list(string)
+  description = "List of IP address self links to use for NAT"
+  default     = []
+}
+
 variable "pods_ip_range_cidr" {
   type        = string
   description = "CIDR of the secondary IP range used for Kubernetes Pods."

diff --git a/main.tf b/main.tf
@@ -21,6 +21,7 @@ module "gke" {
   create_gcp_router                 = var.create_gcp_router
   create_public_https_firewall_rule = var.create_public_https_firewall_rule
   enable_network_policy             = var.enable_network_policy
+  nat_ip_address_self_links         = [var.nat_ip_address_self_links]
 
   gke_authenticator_groups_config_domain = var.gke_authenticator_groups_config_domain
   google_project                         = var.google_project

diff --git a/modules/gcp-gke/README.md b/modules/gcp-gke/README.md
@@ -79,6 +79,7 @@ To run E2E tests, navigate to the [test folder](../test) and run `go test -v -ti
 | <a name="input_master_ipv4_cidr_block"></a> [master\_ipv4\_cidr\_block](#input\_master\_ipv4\_cidr\_block) | The IP range to set for master nodes, passed to master\_ipv4\_cidr\_block - /28 required by Google. | `any` | n/a | yes |
 | <a name="input_maximum_node_count"></a> [maximum\_node\_count](#input\_maximum\_node\_count) | Maximum nodes for the node pool per-zone. | `any` | n/a | yes |
 | <a name="input_minimum_node_count"></a> [minimum\_node\_count](#input\_minimum\_node\_count) | Minimum nodes for the node pool per-zone. | `any` | n/a | yes |
+| <a name="input_nat_ip_address_self_links"></a> [nat\_ip\_address\_self\_links](#input\_nat\_ip\_address\_self\_links) | List of self links IP addresses to use for NAT | `list(string)` | `[]` | no |
 | <a name="input_pods_ip_range_name"></a> [pods\_ip\_range\_name](#input\_pods\_ip\_range\_name) | Name of the secondary IP range used for Kubernetes Pods. | `string` | n/a | yes |
 | <a name="input_release_channel"></a> [release\_channel](#input\_release\_channel) | (Beta) The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | n/a | yes |
 | <a name="input_services_ip_range_name"></a> [services\_ip\_range\_name](#input\_services\_ip\_range\_name) | Name of the secondary IP range used for Kubernetes Services. | `string` | n/a | yes |

diff --git a/modules/gcp-gke/inputs.tf b/modules/gcp-gke/inputs.tf
@@ -178,3 +178,9 @@ variable "maintenance_policy_config" {
   description = "(OPTIONAL) A list of objects used to configure maintenance policy "
   default     = []
 }
+
+variable "nat_ip_address_self_links" {
+  type        = list(string)
+  description = "List of self links IP addresses to use for NAT"
+  default     = []
+}
diff --git a/modules/gcp-gke/network.tf b/modules/gcp-gke/network.tf
@@ -56,8 +56,9 @@ resource "google_compute_router_nat" "nat" {
   name                               = "${var.cluster_name}-nat"
   router                             = google_compute_router.router[0].name
   region                             = var.google_region
-  nat_ip_allocate_option             = "AUTO_ONLY"
+  nat_ip_allocate_option             = length(var.nat_ip_address_self_links) > 0 ? "MANUAL_ONLY" : "AUTO_ONLY"
   source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
+  nat_ips                            = length(var.nat_ip_address_self_links) > 0 ? var.nat_ip_address_self_links : []
 
   log_config {
     enable = true