google.cloud.gcp_container_node_pool: Creating private pools

ansible-collections / google.cloud

GCP Ansible Collection https://galaxy.ansible.com/google/cloud

https://cloud.google.com

GNU General Public License v3.0

99 stars 126 forks source link

google.cloud.gcp_container_node_pool: Creating private pools #610

Open ecksun opened 9 months ago

ecksun commented 9 months ago

SUMMARY

It should be possible to create node pools with private nodes

ISSUE TYPE

Feature Idea

COMPONENT NAME

google.cloud.gcp_container_node_pool

should have a boolean field called config.private_nodes

ADDITIONAL INFORMATION

Public IPs are a limited resource, being able to create private nodes would help ensure the nodes don't count towards the quota unnecessarily

google.cloud.gcp_container_node_pool:
  name: foo
  initial_node_count: 1
  cluster: '{{ cluster }}'
  location: europe-north1
  config:
    private_nodes: true
  project: example-project
  auth_kind: application

safaci2000 commented 9 months ago

I believe this is inherited by the cluster type you create. You bind it to specific network and that's immutable once created.

See this doc: https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#gcloud

These are the properties you need to set: --enable-ip-alias \ --enable-private-nodes \ --master-ipv4-cidr 172.16.0.0/28

- name: create cluster
  gcp_container_cluster:
    ip_allocation_policy:
      stack_type: "{{ gke_ip_stack | default(omit) }}"        ## V4 vs V6 or both
      use_ip_aliases: "{{ use_ip_aliases | default(omit) }}"
    private_cluster_config:
      enable_private_nodes: "{{ enablePrivateNodes  |default(omit) }}"
      master_ipv4_cidr_block: "{{ masterIpv4CidrBlock |default(omit)  }}"

ecksun commented 9 months ago

I believe this is inherited by the cluster type you create. You bind it to specific network and that's immutable once created.

Alright, thats good if you want your cluster to be uniform, i.e. all node-pools to be either public or private. In my particular case I would like to create one nodepool with public IPs and one with only private IPs, which is why I think it would make sense to be able to configure that per nodepool. IIRC that is possible in the gcp web UI

safaci2000 commented 9 months ago

You may want to double check your assertion. At least the last time I've done this, this was set at the cluster level, you couldn't create a node pool and change the networking configuration. They have a beta feature called "Multi-networking" but I don't think that's what you're looking either.

ecksun commented 9 months ago

You may want to double check your assertion. At least the last time I've done this, this was set at the cluster level, you couldn't create a node pool and change the networking configuration. They have a beta feature called "Multi-networking" but I don't think that's what you're looking either.

I'm not so sure, the dialog for creating a new node pool have a checkbox called Enable private nodes:

private-nodes

Which seems to correspond to this field (the docs from projects.locations.clusters.nodePools from projects.locations.clusters.nodePools.create):

    "networkConfig": {
      "enablePrivateNodes": true
    }