Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Upgrade Terraform GCP provider to 5.12+

Review changes
Download
Patches
Plain diff

Grant Young requested to merge gy-tf-gcp-5.x-provider-upgrade into main Jan 17, 2024

Overview 23
Commits 14
Pipelines 0
Changes 11

What does this MR do?

MR updates the Terraform GCP Provider to v5.12 and above after blocking issues were addressed.

Several changes added for the new provider behaviour:

Several GKE changes due to a breaking change about default location precedence. New GKE clusters will now default to Regional instead of Zonal and this has sort of forced our hand here to support them (we were planning to so anyways). For existing clusters this has been mitigated to only apply to new clusters so existing users will be unaffected.
- A knock on effect of this change is Node Pool zone config. GKE is a bit unique in that previously it would put the given number of configured node pool counts in every zone when it's a Regional or Multi-Zonal cluster (which was very wasteful). A new feature in 4.x was added to address this with Cluster Autoscaler where it will now finally only provision the actual number but across zones. As such Autoscaler is enabled now by default to allow for this better management of node pools and to avoid unexpected costs. Static node counts are still honoured by simply setting the node range to the same number for backwards compatibility.
- On Ansible's end kubeconfig setup has been updated to work for either Regional or Zonal clusters with the new gcp_gke_location setting that supercedes gcp_zone. Ansible will detect if it's a region or zone and run the relevant gcloud command accordingly.
gke_deletion_protection added to allow handling of the flag. This only prevents deletion in Terraform and isn't a server side feature so defaulting to off for compatability.
Several fields removed as they are now set by default.
Label on GCP instances switch to null instead of '' when not needed to work around known issue.

Related issues

Closes #762 (closed) #526 (closed)

Author's checklist

When ready for review, the Author applies the workflowready for review label and mention @gl-quality/get-maintainers:

Merge request:
- Corresponding Issue raised and reviewed by the GET maintainers team.
- Merge Request Title and Description are up-to-date, accurate, and descriptive
- MR targeting the appropriate branch
- MR has a green pipeline
- MR has no new security alerts in the widget from the Secret Detection and IaC Scan (SAST) jobs.
Code:
- Check the area changed works as expected. Consider testing it in different environment sizes (1k,3k,10k,etc.).
- Documentation created/updated in the same MR.
- If this MR adds an optional configuration - check that all permutations continue to work.
- For Terraform changes: set up a previous version environment, then run a terraform plan with your new changes and ensure nothing will be destroyed. If anything will be destroyed and this can't be avoided please add a comment to the current MR.
Create any follow-up issue(s) to support the new feature across other supported cloud providers or advanced configurations. Create 1 issue for each provider/configuration. Contact the Quality Enablement team if unsure.

Edited Jan 23, 2024 by Grant Young

Merge request reports

Assignee Loading

Reviewers Loading

Request review from

Loading

Time tracking Loading

Loading