Skip to content

feat!: add support for pod_cidr_overprovision_config #2452

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

feat!: add support for pod_cidr_overprovision_config #2452

wants to merge 4 commits into from

Conversation

DrFaust92
Copy link
Contributor

No description provided.

@DrFaust92 DrFaust92 marked this pull request as ready for review September 18, 2025 20:30
@DrFaust92 DrFaust92 requested review from apeabody, ericyz and a team as code owners September 18, 2025 20:30
@apeabody
Copy link
Collaborator

/gcbrun

@apeabody
Copy link
Collaborator

From the TEST CI:

TestSimpleAutopilotPrivate 2025-09-19T23:05:37Z command.go:206:   + service_account = (known after apply)
TestSimpleAutopilotPrivate 2025-09-19T23:05:37Z retry.go:99: Returning due to fatal error: FatalError{Underlying: error while running command: exit status 1; 
Error: Missing required argument

  with module.example.module.gke.google_container_cluster.primary,
  on ../../../modules/beta-autopilot-private-cluster/cluster.tf line 306, in resource "google_container_cluster" "primary":
 306:   ip_allocation_policy {

The argument
"ip_allocation_policy.0.pod_cidr_overprovision_config.0.disabled" is
required, but no definition was found.}

@DrFaust92 DrFaust92 marked this pull request as draft September 21, 2025 15:42
@DrFaust92
Copy link
Contributor Author

moving to draft, will test locally

@DrFaust92 DrFaust92 marked this pull request as ready for review September 21, 2025 15:55
@DrFaust92
Copy link
Contributor Author

apeabody should be good and added a keeper for node level as the arg is ForceNew in the provider (ill see if i can open an upstream PR to make it updateable)

@DrFaust92 DrFaust92 changed the title feat: add support for pod_cidr_overprovision_config feat!: add support for pod_cidr_overprovision_config Sep 21, 2025
@apeabody
Copy link
Collaborator

/gcbrun

1 similar comment
@apeabody
Copy link
Collaborator

/gcbrun

@DrFaust92
add support for pod_cidr_overprovision_config
cb3c136 
Signed-off-by: drfaust92 <[email protected]>
@DrFaust92
check
df23997 
Signed-off-by: drfaust92 <[email protected]>
@DrFaust92
check
ba22224 
Signed-off-by: drfaust92 <[email protected]>
@DrFaust92
rebase
1460744 
Signed-off-by: drfaust92 <[email protected]>
@apeabody
Copy link
Collaborator

/gcbrun

@apeabody
Copy link
Collaborator

/gemini review

gemini-code-assist[bot]
gemini-code-assist bot reviewed Sep 29, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds support for pod_cidr_overprovision_config at both the cluster and node pool levels across various GKE modules. While the feature addition is valuable, the implementation has a critical flaw in all modules where the cluster-level configuration is applied. The for_each argument in a dynamic block is being used with an object, which is invalid and will cause Terraform to fail. I've suggested replacing the dynamic block with a static one. Additionally, there's a recurring medium-severity issue in how the node-pool level configuration is conditionally applied, making the code fragile. I've provided suggestions to make this more robust. These issues are present in multiple files due to the templated nature of the repository.

modules/beta-private-cluster/cluster.tf
Comment on lines +461 to +466
dynamic "pod_cidr_overprovision_config" {
for_each = var.pod_cidr_overprovision_config
content {
disabled = var.pod_cidr_overprovision_config.disabled
}
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

The for_each in this dynamic block is set to var.pod_cidr_overprovision_config, which is an object. The for_each meta-argument only accepts a map or a set of strings, so this will cause a Terraform error. Since var.pod_cidr_overprovision_config has a default value, this block is always intended to be present. It should be defined as a static block instead of a dynamic one.

    pod_cidr_overprovision_config {
      disabled = var.pod_cidr_overprovision_config.disabled
    }

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DrFaust92 - We should keep as a dynamic block as it could be set to null, however probably need to pass as a map.

modules/private-cluster/cluster.tf
Comment on lines +424 to +429
dynamic "pod_cidr_overprovision_config" {
for_each = var.pod_cidr_overprovision_config
content {
disabled = var.pod_cidr_overprovision_config.disabled
}
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

The for_each in this dynamic block is set to var.pod_cidr_overprovision_config, which is an object. The for_each meta-argument only accepts a map or a set of strings, so this will cause a Terraform error. Since var.pod_cidr_overprovision_config has a default value, this block is always intended to be present. It should be defined as a static block instead of a dynamic one.

    pod_cidr_overprovision_config {
      disabled = var.pod_cidr_overprovision_config.disabled
    }

cluster.tf
Comment on lines +424 to +429
dynamic "pod_cidr_overprovision_config" {
for_each = var.pod_cidr_overprovision_config
content {
disabled = var.pod_cidr_overprovision_config.disabled
}
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

The for_each in this dynamic block is set to var.pod_cidr_overprovision_config, which is an object. The for_each meta-argument only accepts a map or a set of strings, so this will cause a Terraform error. Since var.pod_cidr_overprovision_config has a default value, this block is always intended to be present. It should be defined as a static block instead of a dynamic one.

    pod_cidr_overprovision_config {
      disabled = var.pod_cidr_overprovision_config.disabled
    }

modules/private-cluster-update-variant/cluster.tf
Comment on lines +424 to +429
dynamic "pod_cidr_overprovision_config" {
for_each = var.pod_cidr_overprovision_config
content {
disabled = var.pod_cidr_overprovision_config.disabled
}
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

The for_each in this dynamic block is set to var.pod_cidr_overprovision_config, which is an object. The for_each meta-argument only accepts a map or a set of strings, so this will cause a Terraform error. Since var.pod_cidr_overprovision_config has a default value, this block is always intended to be present. It should be defined as a static block instead of a dynamic one.

    pod_cidr_overprovision_config {
      disabled = var.pod_cidr_overprovision_config.disabled
    }

modules/beta-public-cluster/cluster.tf
Comment on lines +461 to +466
dynamic "pod_cidr_overprovision_config" {
for_each = var.pod_cidr_overprovision_config
content {
disabled = var.pod_cidr_overprovision_config.disabled
}
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

The for_each in this dynamic block is set to var.pod_cidr_overprovision_config, which is an object. The for_each meta-argument only accepts a map or a set of strings, so this will cause a Terraform error. Since var.pod_cidr_overprovision_config has a default value, this block is always intended to be present. It should be defined as a static block instead of a dynamic one.

    pod_cidr_overprovision_config {
      disabled = var.pod_cidr_overprovision_config.disabled
    }

modules/private-cluster-update-variant/cluster.tf
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes)

dynamic "pod_cidr_overprovision_config" {
for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The condition lookup(..., "") != "" is fragile for checking if an optional attribute is set. It's more robust to check against null. This ensures that the logic is not dependent on how different types are converted to strings.

        for_each = lookup(network_config.value, "pod_cidr_overprovision_config", null) != null ? [1] : []

modules/private-cluster-update-variant/cluster.tf
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes)

dynamic "pod_cidr_overprovision_config" {
for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The condition lookup(..., "") != "" is fragile for checking if an optional attribute is set. It's more robust to check against null. This ensures that the logic is not dependent on how different types are converted to strings.

        for_each = lookup(network_config.value, "pod_cidr_overprovision_config", null) != null ? [1] : []

autogen/main/cluster.tf.tmpl
{% endif %}

dynamic "pod_cidr_overprovision_config" {
for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The condition lookup(..., "") != "" is fragile for checking if an optional attribute is set. It's more robust to check against null. This ensures that the logic is not dependent on how different types are converted to strings.

        for_each = lookup(network_config.value, "pod_cidr_overprovision_config", null) != null ? [1] : []

modules/private-cluster/cluster.tf
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes)

dynamic "pod_cidr_overprovision_config" {
for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The condition lookup(..., "") != "" is fragile for checking if an optional attribute is set. It's more robust to check against null. This ensures that the logic is not dependent on how different types are converted to strings.

        for_each = lookup(network_config.value, "pod_cidr_overprovision_config", null) != null ? [1] : []

modules/private-cluster/cluster.tf
enable_private_nodes = lookup(network_config.value, "enable_private_nodes", var.enable_private_nodes)

dynamic "pod_cidr_overprovision_config" {
for_each = lookup(network_config.value, "pod_cidr_overprovision_config", "") != "" ? [1] : []
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The condition lookup(..., "") != "" is fragile for checking if an optional attribute is set. It's more robust to check against null. This ensures that the logic is not dependent on how different types are converted to strings.

        for_each = lookup(network_config.value, "pod_cidr_overprovision_config", null) != null ? [1] : []

apeabody
apeabody requested changes Sep 29, 2025
View reviewed changes
Copy link
Collaborator

@apeabody apeabody left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution @DrFaust92!

Two notes, and please add to an example (e.g. node_pool) for test coverage.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@apeabody apeabody apeabody requested changes

@ericyz ericyz Awaiting requested review from ericyz ericyz is a code owner

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DrFaust92 @apeabody