Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhancement/eks adding service ipv4 range #15518

Merged
merged 11 commits into from
Nov 30, 2020
Merged

Enhancement/eks adding service ipv4 range #15518

merged 11 commits into from
Nov 30, 2020

Conversation

philnichol
Copy link
Contributor

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

Closes #15505

Release note for CHANGELOG:

Added service_ipv4_cidr input to aws_eks_cluster.

Output from acceptance testing:

$ TF_ACC=1 go test ./aws -v -count 1 -parallel 4 -run=TestAccAWSEksCluster_ -timeout 120m
=== RUN   TestAccAWSEksCluster_basic
=== PAUSE TestAccAWSEksCluster_basic
=== RUN   TestAccAWSEksCluster_EncryptionConfig
=== PAUSE TestAccAWSEksCluster_EncryptionConfig
=== RUN   TestAccAWSEksCluster_Version
=== PAUSE TestAccAWSEksCluster_Version
=== RUN   TestAccAWSEksCluster_Logging
=== PAUSE TestAccAWSEksCluster_Logging
=== RUN   TestAccAWSEksCluster_Tags
=== PAUSE TestAccAWSEksCluster_Tags
=== RUN   TestAccAWSEksCluster_VpcConfig_SecurityGroupIds
=== PAUSE TestAccAWSEksCluster_VpcConfig_SecurityGroupIds
=== RUN   TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess
=== PAUSE TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess
=== RUN   TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess
=== PAUSE TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess
=== RUN   TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs
=== PAUSE TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs
=== CONT  TestAccAWSEksCluster_basic
=== CONT  TestAccAWSEksCluster_VpcConfig_SecurityGroupIds
=== CONT  TestAccAWSEksCluster_Logging
=== CONT  TestAccAWSEksCluster_Version
--- PASS: TestAccAWSEksCluster_Logging (944.83s)
=== CONT  TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs
--- PASS: TestAccAWSEksCluster_VpcConfig_SecurityGroupIds (957.92s)
=== CONT  TestAccAWSEksCluster_EncryptionConfig
--- PASS: TestAccAWSEksCluster_basic (992.14s)
=== CONT  TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess
--- PASS: TestAccAWSEksCluster_EncryptionConfig (907.86s)
=== CONT  TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess
--- PASS: TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs (1211.42s)
=== CONT  TestAccAWSEksCluster_Tags
--- PASS: TestAccAWSEksCluster_Version (2577.52s)
--- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess (1640.84s)
--- PASS: TestAccAWSEksCluster_Tags (840.69s)
--- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess (2191.08s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	4058.874s

Adds a kubernetes_network_configuration block, currently the only field in the block is service_ipv4_cidr, which sets the IP range allocated to k8s services within a cluster

@philnichol philnichol requested a review from a team October 6, 2020 14:48
@ghost ghost added size/M Managed by automation to categorize the size of a PR. service/eks Issues and PRs that pertain to the eks service. documentation Introduces or discusses updates to documentation. labels Oct 6, 2020
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Oct 6, 2020
@ghost ghost added the tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure. label Oct 6, 2020
@philnichol
Copy link
Contributor Author

reran acceptance test (with newly added acceptance test and latest commit that sets minItems on list:

$ TF_ACC=1 go test ./aws -v -count 1 -parallel 4 -run=TestAccAWSEksCluster_ -timeout 120m
=== RUN   TestAccAWSEksCluster_basic
=== PAUSE TestAccAWSEksCluster_basic
=== RUN   TestAccAWSEksCluster_EncryptionConfig
=== PAUSE TestAccAWSEksCluster_EncryptionConfig
=== RUN   TestAccAWSEksCluster_Version
=== PAUSE TestAccAWSEksCluster_Version
=== RUN   TestAccAWSEksCluster_Logging
=== PAUSE TestAccAWSEksCluster_Logging
=== RUN   TestAccAWSEksCluster_Tags
=== PAUSE TestAccAWSEksCluster_Tags
=== RUN   TestAccAWSEksCluster_VpcConfig_SecurityGroupIds
=== PAUSE TestAccAWSEksCluster_VpcConfig_SecurityGroupIds
=== RUN   TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess
=== PAUSE TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess
=== RUN   TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess
=== PAUSE TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess
=== RUN   TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs
=== PAUSE TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs
=== RUN   TestAccAWSEksCluster_NetworkConfig_ServiceIpv4Cidr
=== PAUSE TestAccAWSEksCluster_NetworkConfig_ServiceIpv4Cidr
=== CONT  TestAccAWSEksCluster_basic
=== CONT  TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess
=== CONT  TestAccAWSEksCluster_NetworkConfig_ServiceIpv4Cidr
=== CONT  TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs
--- PASS: TestAccAWSEksCluster_basic (841.95s)
=== CONT  TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess
--- PASS: TestAccAWSEksCluster_NetworkConfig_ServiceIpv4Cidr (935.96s)
=== CONT  TestAccAWSEksCluster_Logging
--- PASS: TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs (1052.45s)
=== CONT  TestAccAWSEksCluster_VpcConfig_SecurityGroupIds
--- PASS: TestAccAWSEksCluster_Logging (880.39s)
=== CONT  TestAccAWSEksCluster_Tags
--- PASS: TestAccAWSEksCluster_VpcConfig_SecurityGroupIds (940.63s)
=== CONT  TestAccAWSEksCluster_Version
--- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess (2220.05s)
=== CONT  TestAccAWSEksCluster_EncryptionConfig
--- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess (1669.62s)
--- PASS: TestAccAWSEksCluster_Tags (905.21s)
--- PASS: TestAccAWSEksCluster_EncryptionConfig (875.73s)
--- PASS: TestAccAWSEksCluster_Version (2711.32s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	4706.341s

@anGie44 anGie44 added enhancement Requests to existing resources that expand the functionality or scope. and removed needs-triage Waiting for first response or review from a maintainer. labels Oct 13, 2020
@etoews
Copy link

etoews commented Nov 9, 2020

@anGie44 We're in need of this functionality too. The PR is looking good so far. Does anything else need to happen before it can be merged and released? Thanks.

@anGie44 anGie44 self-assigned this Nov 12, 2020
Copy link
Contributor

@anGie44 anGie44 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @philnichol, thank you for this PR! Off to a really great start 👍 A couple comments and suggestions to help address the current acctest failure and request for test coverage. If you have any questions or concerns, please reach out!

aws/resource_aws_eks_cluster.go Outdated Show resolved Hide resolved
aws/resource_aws_eks_cluster.go Show resolved Hide resolved
aws/resource_aws_eks_cluster.go Show resolved Hide resolved
website/docs/r/eks_cluster.html.markdown Outdated Show resolved Hide resolved
website/docs/r/eks_cluster.html.markdown Outdated Show resolved Hide resolved
aws/resource_aws_eks_cluster_test.go Show resolved Hide resolved
aws/resource_aws_eks_cluster_test.go Outdated Show resolved Hide resolved
aws/resource_aws_eks_cluster_test.go Outdated Show resolved Hide resolved
@anGie44 anGie44 added the waiting-response Maintainers are waiting on response from community or contributor. label Nov 13, 2020
@philnichol philnichol requested a review from a team as a code owner November 13, 2020 11:48
@ghost ghost added size/L Managed by automation to categorize the size of a PR. and removed size/M Managed by automation to categorize the size of a PR. labels Nov 13, 2020
@philnichol
Copy link
Contributor Author

@anGie44 thanks for the feedback! All great points! I think I've addressed your comments but let me know if I've missed anything.
Here's the updated output from the acceptance test:

$ TF_ACC=1 go test ./aws -v -count 1 -parallel 4 -run=TestAccAWSEksCluster_ -timeout 120m
=== RUN   TestAccAWSEksCluster_basic
=== PAUSE TestAccAWSEksCluster_basic
=== RUN   TestAccAWSEksCluster_EncryptionConfig
=== PAUSE TestAccAWSEksCluster_EncryptionConfig
=== RUN   TestAccAWSEksCluster_Version
=== PAUSE TestAccAWSEksCluster_Version
=== RUN   TestAccAWSEksCluster_Logging
=== PAUSE TestAccAWSEksCluster_Logging
=== RUN   TestAccAWSEksCluster_Tags
=== PAUSE TestAccAWSEksCluster_Tags
=== RUN   TestAccAWSEksCluster_VpcConfig_SecurityGroupIds
=== PAUSE TestAccAWSEksCluster_VpcConfig_SecurityGroupIds
=== RUN   TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess
=== PAUSE TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess
=== RUN   TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess
=== PAUSE TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess
=== RUN   TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs
=== PAUSE TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs
=== RUN   TestAccAWSEksCluster_NetworkConfig_ServiceIpv4Cidr
=== PAUSE TestAccAWSEksCluster_NetworkConfig_ServiceIpv4Cidr
=== CONT  TestAccAWSEksCluster_basic
=== CONT  TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess
=== CONT  TestAccAWSEksCluster_NetworkConfig_ServiceIpv4Cidr
=== CONT  TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs
--- PASS: TestAccAWSEksCluster_basic (810.21s)
=== CONT  TestAccAWSEksCluster_Logging
--- PASS: TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs (1486.56s)
=== CONT  TestAccAWSEksCluster_VpcConfig_SecurityGroupIds
--- PASS: TestAccAWSEksCluster_Logging (1257.63s)
=== CONT  TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess
--- PASS: TestAccAWSEksCluster_NetworkConfig_ServiceIpv4Cidr (2302.95s)
=== CONT  TestAccAWSEksCluster_Tags
--- PASS: TestAccAWSEksCluster_VpcConfig_SecurityGroupIds (900.22s)
=== CONT  TestAccAWSEksCluster_Version
--- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess (2718.91s)
=== CONT  TestAccAWSEksCluster_EncryptionConfig
--- PASS: TestAccAWSEksCluster_Tags (934.24s)
--- PASS: TestAccAWSEksCluster_EncryptionConfig (737.58s)
--- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess (1723.76s)
--- PASS: TestAccAWSEksCluster_Version (2832.07s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       5218.886s

@ghost ghost removed waiting-response Maintainers are waiting on response from community or contributor. labels Nov 13, 2020
@philnichol philnichol removed the request for review from a team November 13, 2020 17:37
@philnichol philnichol requested a review from anGie44 November 13, 2020 17:37
@etoews
Copy link

etoews commented Nov 19, 2020

@anGie44 Thanks a lot for that initial review. Everything is looking good here.

Do you have some time to give this another pass?

@jasonyihk
Copy link

we also in need for this functionality, please release asap. tks

@shrutilamba
Copy link

We need this functionality as well. How long will this take to be released?

Copy link
Contributor

@anGie44 anGie44 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @philnichol (and those following this feature 😄 )-- apologies for the delay here ! a couple final notes before we can merge this in 👍

@@ -113,6 +114,28 @@ func resourceAwsEksCluster() *schema.Resource {
},
},
},

"kubernetes_network_config": {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @philnichol -- apologies for the delay ! i missed to note in my previous review that we should have parity with the matching data-source now that this field has been added in the resource so if you don't mind adding a similar block in data_source_aws_eks_cluster would be greatly appreciated (as well add a line in the data-source test to check for the field against the resource i.e. using resource.TestCheckResourceAttrPair()) ! Should be a quick addition with the corresponding fields set to Computed. if you're crunched for time, we're also happy to help out 👍

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @anGie44 , no worries at all. Happy to have a crack at the data_source, but if it takes a while I might well ask for your help since I don't want to hold people up 😄. Before making any changes I seem to be getting the following error on all datasource tests, but can't see what I'm doing wrong, any ideas? I get the same (resourceNotFound) regardless of which datasource test I run it seems.

TF_ACC=1 go test ./aws -v -count 1 -parallel 10 -run=TestAccAWSEksClusterDataSource_basic
=== RUN   TestAccAWSEksClusterDataSource_basic
=== PAUSE TestAccAWSEksClusterDataSource_basic
=== CONT  TestAccAWSEksClusterDataSource_basic
    data_source_aws_eks_cluster_test.go:18: Step 1/1 error: terraform failed: exit status 1

        stderr:

        Error: error reading EKS Cluster (tf-acc-test-gs09q): ResourceNotFoundException: No cluster found for name: tf-acc-test-gs09q.
        {
          RespMetadata: {
            StatusCode: 404,
            RequestID: "91f46140-c965-4387-bddf-9834ad7beb69"
          },
          Message_: "No cluster found for name: tf-acc-test-gs09q."
        }


--- FAIL: TestAccAWSEksClusterDataSource_basic (5.87s)
FAIL
FAIL    github.com/terraform-providers/terraform-provider-aws/aws       5.909s
FAIL

Copy link
Contributor

@anGie44 anGie44 Nov 30, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ahh which version of Terraform do you have locally @philnichol ? I've come across these type of errors when using the family of 0.13 versions. I'd recommendv.0.12.29 or 0.14+

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤦 sorry I didn't try that before, works now, will aim to address this and the documentation comment shortly, thanks @anGie44 !

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no worries - i don't think we have that behavior documented unfortunately ..sounds great 👍

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@anGie44 I've pushed my changes to the data source, let me know if there are any issues. Acceptance tests ran here:

$ TF_ACC=1 go test ./aws -v -count 1 -parallel 10 -run=TestAccAWSEksClusterDataSource_basic -timeout 60m
=== RUN   TestAccAWSEksClusterDataSource_basic
=== PAUSE TestAccAWSEksClusterDataSource_basic
=== CONT  TestAccAWSEksClusterDataSource_basic
--- PASS: TestAccAWSEksClusterDataSource_basic (998.81s)
PASS
ok      github.com/terraform-providers/terraform-provider-aws/aws       998.846s

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @philnichol -- test looks good on my end as well 👍 i'm running the resource acceptance tests as well in the background (I don't expect any changes)..and will comment back w/the PR approval

aws/resource_aws_eks_cluster_test.go Outdated Show resolved Hide resolved
@@ -156,6 +156,7 @@ The following arguments are supported:
* `vpc_config` - (Required) Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see [Cluster VPC Considerations](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) and [Cluster Security Group Considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) in the Amazon EKS User Guide. Configuration detailed below.
* `enabled_cluster_log_types` - (Optional) A list of the desired control plane logging to enable. For more information, see [Amazon EKS Control Plane Logging](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html)
* `encryption_config` - (Optional) Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.
* `kubernetes_network_config` - (Optional) Configuration block with kubernetes network configuration for the cluster. Detailed below.
Copy link
Contributor

@anGie44 anGie44 Nov 30, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's also add a note here that if this block is removed from the configuration though, its essentially a no-op in the prior state so we can't do drift detection unless it's configured

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good shout, have done this, let me know if the phrasing is alright.

@anGie44 anGie44 added the waiting-response Maintainers are waiting on response from community or contributor. label Nov 30, 2020
@philnichol philnichol requested a review from anGie44 November 30, 2020 19:50
@anGie44 anGie44 removed the waiting-response Maintainers are waiting on response from community or contributor. label Nov 30, 2020
Copy link
Contributor

@anGie44 anGie44 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again for this feature @philnichol 🚀
Output of acceptance tests:

--- PASS: TestAccAWSEksClusterAuthDataSource_basic (17.33s)
--- PASS: TestAccAWSEksCluster_EncryptionConfig (859.07s)
--- PASS: TestAccAWSEksCluster_Logging (895.26s)
--- PASS: TestAccAWSEksCluster_basic (919.82s)
--- PASS: TestAccAWSEksCluster_Tags (948.84s)
--- PASS: TestAccAWSEksClusterDataSource_basic (969.99s)
--- PASS: TestAccAWSEksCluster_VpcConfig_SecurityGroupIds (999.36s)
--- PASS: TestAccAWSEksCluster_VpcConfig_PublicAccessCidrs (1377.22s)
--- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPublicAccess (1632.31s)
--- PASS: TestAccAWSEksCluster_NetworkConfig_ServiceIpv4Cidr (2127.25s)
--- PASS: TestAccAWSEksCluster_VpcConfig_EndpointPrivateAccess (2502.05s)
--- PASS: TestAccAWSEksCluster_Version (2609.50s)

@anGie44 anGie44 merged commit 5a20cc3 into hashicorp:master Nov 30, 2020
@anGie44 anGie44 added this to the v3.19.0 milestone Nov 30, 2020
anGie44 added a commit that referenced this pull request Dec 1, 2020
@ghost
Copy link

ghost commented Dec 1, 2020

This has been released in version 3.19.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Dec 31, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Dec 31, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Introduces or discusses updates to documentation. enhancement Requests to existing resources that expand the functionality or scope. service/eks Issues and PRs that pertain to the eks service. size/L Managed by automation to categorize the size of a PR. tests PRs: expanded test coverage. Issues: expanded coverage, enhancements to test infrastructure.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

EKS Support Service IPv4 range
5 participants