Help With Cloud Composer Private Networking

mattcarrier · June 9, 2022, 5:27pm

I’m having a heck of time getting a Composer environment spun up using terraform. I keep getting a networking error about the CIDR range not being available. Any help or suggestions would be greatly appreciated.

Error waiting to create Environment: Error waiting for Creating Environment: Error code 3, message: CREATE operation failed. Polled operation status: DONE: Requested CIDR 10.221.128.0/17 for pods is not available in network "xxxxxxx" for cluster {Zone=us-west1, ProjectNum=xxxxxxxxxxxxx, ClusterHash=xxxxxxxxxxxxxx}.

locals {
  subnetwork_cidr_block = "10.220.0.0/20"
  subnetwork_pod_cidr_block = "10.221.128.0/17"
  subnetwork_svc_cidr_block = "10.222.0.0/22"
}

resource "google_compute_subnetwork" "composer" {
  name = "${var.app_env}-${var.app}-composer"
  ip_cidr_range = local.subnetwork_cidr_block
  region        = var.region
  network       = google_compute_network.composer.id
  private_ip_google_access = true

  secondary_ip_range {
    range_name    = "${var.app_env}-${var.app}-composer-gke-${var.region}-gke-pods"
    ip_cidr_range = local.subnetwork_pod_cidr_block
  }

  secondary_ip_range {
    range_name    = "${var.app_env}-${var.app}-composer-gke-${var.region}-gke-services"
    ip_cidr_range = local.subnetwork_svc_cidr_block
  }
}

...

Node Config of composer environment block:

  config {

    node_config {
      network    = google_compute_network.composer.id
      subnetwork = google_compute_subnetwork.composer.id
      service_account = data.google_service_account.composer.name

      ip_allocation_policy {
        cluster_ipv4_cidr_block = local.subnetwork_pod_cidr_block
        services_ipv4_cidr_block = local.subnetwork_svc_cidr_block
      }
    }

mattcarrier · June 9, 2022, 9:37pm

Issue was in the ip_allocation_policy block in the node_config. If you already have a previously secondary ip range specified that you need to use the range_name option instead of the cidr_block option. The following changes fixed it for me:

locals {
  subnetwork_cidr_block = "10.220.0.0/20"
  subnetwork_pod_cidr_block = "10.221.128.0/17"
  subnetwork_pod_range_name = "${var.app_env}-${var.app}-composer-gke-${var.region}-gke-pods"
  subnetwork_svc_cidr_block = "10.222.0.0/22"
  subnetwork_svc_range_name = "${var.app_env}-${var.app}-composer-gke-${var.region}-gke-services"
}

resource "google_compute_subnetwork" "composer" {
...

  secondary_ip_range {
    range_name    = local.subnetwork_pod_range_name
    ip_cidr_range = local.subnetwork_pod_cidr_block
  }

  secondary_ip_range {
    range_name    = local.subnetwork_svc_range_name
    ip_cidr_range = local.subnetwork_svc_cidr_block
  }
}

    node_config {
...

      ip_allocation_policy {
        cluster_secondary_range_name = local.subnetwork_pod_range_name
        services_secondary_range_name = local.subnetwork_svc_range_name
      }

kumary · July 25, 2023, 8:54pm

This worked for me after days of head scratch . Thank You

Topic		Replies	Views
Providing master_ipv4_cidr_block and subnet range using terraform variables in GCP Google	0	1409	December 5, 2019
Error creating discontigous multipod cidr using terraform GKE Google	0	447	March 6, 2023
Building GKE Public cluster with existing Cluster CIDR Range Terraform	0	472	November 16, 2021
Just practice Terraform with GCP Google hcp-terraform	1	179	March 12, 2024
How to manage Node Pool of GKE cluster created through composer Google	0	653	February 19, 2021

Help With Cloud Composer Private Networking

Related topics