Unable to get shared_vpc working on GKE cluster

Terraform Providers Google
1

I’m trying to create a cluster which will use a shared_vpc but I’m not sure what needs to be done in order to get it working. I’ve configured the google_compute_shared_vpc_host_project and the google_compute_shared_vpc_service_project but I’m unsure what I need to do inside of google_container_cluster to be able to utilize the shared vpc network. According to the docs I need to “set this to the self link of the shared network.”. I’m not sure how I go about setting “network” to the self link of the shared network. There seems to be no self_link option on either google_compute_shared_vpc_host_project. or google_compute_shared_vpc_service_project.. I’m sure I’m missing something I just don’t know what. Any help is appreciated. Configs are below.

vpc.tf

variable "shared_vpc_host_project" {
    type = string
    default = "my-shared-vpc-1"
}

# A host project provides network resources to associated service projects.
resource "google_compute_shared_vpc_host_project" "vpc_host" {
   project = var.shared_vpc_host_project
}

# A service project gains access to network resources provided by its associated host project.
resource "google_compute_shared_vpc_service_project" "vpc_service1" {
  host_project    = google_compute_shared_vpc_host_project.vpc_host.project
  service_project = var.project
}

cluster.tf

resource "google_container_cluster" "vpc_native_cluster" {
    name                     = var.cluster_name
    location                 = var.region
    remove_default_node_pool = true
    initial_node_count       = 1

    network = google_compute_shared_vpc_service_project.vpc_service1
    subnetwork = "us-central1-dev-2-gke-79-0"
    
    ip_allocation_policy {
        cluster_secondary_range_name  = "dev-2-gke-pods"
        services_secondary_range_name = "dev-2-gke-services"
    }

    private_cluster_config {
      enable_private_nodes    = true
      enable_private_endpoint = true
      master_ipv4_cidr_block = "x.x.x.x/28" #masked
    }
}
2

@stretchnate did you make it work?
Can you share the errors you were getting while planning or applying the module?

I have been working on a similar task where I need to create cluster using existing shared network.

3

I don’t remember any errors, I was able to get it working but can’t remember what fixed it. However it appears my vpc.tf file from above is correct and my cluster.tf now looks like this.

resource "google_container_cluster" "vpc_native_cluster" {
    name                     = var.cluster_name
    location                 = var.region
    remove_default_node_pool = true
    initial_node_count       = 1

    network    = "projects/<project name>/global/networks/<my network name>"
    subnetwork = "projects/<project name>/regions/us-central1/subnetworks/<my subnetwork name>"

    enable_legacy_abac = true
    vertical_pod_autoscaling {
      enabled = true
    }

    ip_allocation_policy {
        cluster_secondary_range_name  = "<pod range name>"
        services_secondary_range_name = "<services range name>"
    }

    private_cluster_config {
      enable_private_nodes    = true
      enable_private_endpoint = true
      master_ipv4_cidr_block  = "x.x.x.x/28"
    }

    master_authorized_networks_config {
      cidr_blocks {
        cidr_block   = "x.x.x.x/xx"
        display_name = "IT Admins"
      }
    }
}

I believe the key change was the network and subnetwork lines near the top of the block. Sorry I’m not more help it’s just been a while and I’ve moved on to other things.

1 Like