Changing the metadata in node_config forces new resource

[ghost]

The google_compute_instance resource is capable of updating instance metadata without replacing the instance entirely. It would be nice if the node_config block in google_container_cluster and google_container_node_pool also had the ability to update things like ssh-keys, without having to recreate resources.

https://github.com/terraform-providers/terraform-provider-google/blob/31a5c9d93c903019ddebd08aed7856d896f9ccca/google/node_config.go#L88-L93

https://github.com/terraform-providers/terraform-provider-google/blob/b3a722ee3953a40541179af45c9ee13c294fcb11/google/resource_compute_instance.go#L284-L288

Terraform Version

Terraform v0.11.7

Affected Resource(s)

• google_container_cluster
• google_container_node_pool

Terraform Configuration Files

resource "google_container_cluster" "cluster" { ... }

resource "google_container_node_pool" "nodes" {
  name       = "my-node-pool"
  zone       = "europe-west2-a"
  cluster    = "${google_container_cluster.cluster.name}"

  node_config {
    oauth_scopes = [
      "compute-rw",
      "storage-ro",
      "logging-write",
      "monitoring",
    ]

    metadata {
      ssh-keys = "..."
    }
  }
}

Expected Behavior

The metadata for compute instances in the pool to be updated without destruction of the node pool resource; this behaviour is seen in the google_compute_instance resource.

Actual Behavior

Changing the metadata forces the creation of a new node pool.

-/+ google_container_node_pool.nodes (new resource required)

Steps to Reproduce

1. Create a google_container_cluster with node_config in either the default node pool or a google_container_node_pool resource.
2. Add metadata to the node_config and run terraform plan to see that the resource needs to be destroyed and recreated.

[rosbo]

I don't see any method in the GKE API to update this field: https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.zones.clusters.nodePools

I will leave it open for now and if the GKE API adds this feature, we will add it to Terraform.

[upodroid]

@rileykarson I think this one should be closed too. GKE Node-pools are immutable because the backing GCE resources(instance templates) are immutable and I don't see Google changing the core behaviour of GCE to make this feasible.

[rileykarson]

I'm going to leave this one open as a canonical issue to track the fact that this is impossible in the provider today.

[mattb18]

Looks like this is available now?

https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.zones.clusters.nodePools/update

Request body includes workloadMetadataConfig as well as labels (the later is something I'd be interested in being able to update).

[sanghaniJ]

b/262205983

[sanghaniJ]

• Resource Name

  For resource google_container_cluster support for updation of nodeConfig is requested.

• Feature Requested

  In containerCluster, when in nodeConfig, metadata is updated, the resource is deleted and then recreated with new changes, basically ForceNew. The request is regarding removal of ForceNew in cases like ssh-keys.

• REST Endpoints

  https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.zones.clusters.nodePools

• Highlighting Notes

  In case of Updation, the request body doesn't contain nodeConfig object but it has workloadMetadata, a part of NodeConfig which has 2 fields nodeMetadata(deprecated) and mode which can be updated.

  In case of updation, the body also contains a field nodeLabels which can be updated.

  Hence, it seems like updation of workloadMetadata and nodeLabels should be done and issue can be closed after.

[rileykarson]

workloadMetadataConfig and associated fields (mode, nodeMetadata) are unrelated to the metadata field. This is still impossible.