feat(k8s): private network integration in kapsule (#1865)

Mia-Cross · web-flow · commit 5d5c1291f70f · 2023-04-03T09:22:44.000Z
diff --git a/docs/data-sources/k8s_cluster.md b/docs/data-sources/k8s_cluster.md
@@ -100,6 +100,8 @@ In addition to all above arguments, the following attributes are exported:
 
 - `admission_plugins` - The list of [admission plugins](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/) enabled on the cluster.
 
+- `private_network_id` - The ID of the private network of the cluster.
+
 - `region` - The [region](../guides/regions_and_zones.md#regions) in which the cluster is.
 
 - `organization_id` - The ID of the organization the cluster is associated with.
diff --git a/docs/resources/k8s_cluster.md b/docs/resources/k8s_cluster.md
@@ -281,6 +281,11 @@ If you prefer keeping it, you should instead set it as `false`.
 
     - `required_claim` - (Optional) Multiple key=value pairs that describes a required claim in the ID Token
 
+- `private_network_id` - (Optional) The ID of the private network of the cluster.
+
+~> **Important:** This field can only be set at cluster creation and cannot be updated later.
+Changes to this field will cause the cluster to be destroyed then recreated.
+
 - `default_pool` - (Deprecated) See below.
 
 - `region` - (Defaults to [provider](../index.md#arguments-reference) `region`) The [region](../guides/regions_and_zones.md#regions) in which the cluster should be created.
diff --git a/go.mod b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/hashicorp/terraform-plugin-log v0.8.0
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1
 	github.com/robfig/cron/v3 v3.0.1
-	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15
+	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15.0.20230330162401-14ed2c90a334
 	github.com/stretchr/testify v1.8.2
 	golang.org/x/exp v0.0.0-20230118134722-a68e582fa157
 )
diff --git a/go.sum b/go.sum
@@ -237,8 +237,8 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:
 github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15 h1:Y7xOFbD+3jaPw+VN7lkakNJ/pa+ZSQVFp1ONtJaBxns=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15.0.20230330162401-14ed2c90a334 h1:inIaZ6yJnpAbkfxzSaOelPFyEfhFoXZ3srp+kEPhG6o=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15.0.20230330162401-14ed2c90a334/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
diff --git a/scaleway/resource_k8s_cluster.go b/scaleway/resource_k8s_cluster.go
@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/scaleway/scaleway-sdk-go/api/k8s/v1"
@@ -157,6 +158,15 @@ func resourceScalewayK8SCluster() *schema.Resource {
 				Required:    true,
 				Description: "Delete additional resources like block volumes and loadbalancers on cluster deletion",
 			},
+			"private_network_id": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				Computed:         true,
+				ForceNew:         true,
+				Description:      "The ID of the cluster's private network",
+				ValidateFunc:     validationUUIDorUUIDWithLocality(),
+				DiffSuppressFunc: diffSuppressFuncLocality,
+			},
 			"region":          regionSchema(),
 			"organization_id": organizationIDSchema(),
 			"project_id":      projectIDSchema(),
@@ -222,18 +232,21 @@ func resourceScalewayK8SCluster() *schema.Resource {
 				Description: "The status of the cluster",
 			},
 		},
-		CustomizeDiff: func(ctx context.Context, diff *schema.ResourceDiff, i interface{}) error {
-			autoUpgradeEnable, okAutoUpgradeEnable := diff.GetOkExists("auto_upgrade.0.enable")
+		CustomizeDiff: customdiff.All(
+			func(ctx context.Context, diff *schema.ResourceDiff, i interface{}) error {
+				autoUpgradeEnable, okAutoUpgradeEnable := diff.GetOkExists("auto_upgrade.0.enable")
 
-			version := diff.Get("version").(string)
-			versionIsOnlyMinor := len(strings.Split(version, ".")) == 2
+				version := diff.Get("version").(string)
+				versionIsOnlyMinor := len(strings.Split(version, ".")) == 2
 
-			if okAutoUpgradeEnable && versionIsOnlyMinor != autoUpgradeEnable.(bool) {
-				return fmt.Errorf("minor version x.y must be used with auto upgrade enabled")
-			}
+				if okAutoUpgradeEnable && versionIsOnlyMinor != autoUpgradeEnable.(bool) {
+					return fmt.Errorf("minor version x.y must be used with auto upgrade enabled")
+				}
 
-			return nil
-		},
+				return nil
+			},
+			customizeDiffLocalityCheck("private_network_id"),
+		),
 	}
 }
 
@@ -271,6 +284,8 @@ func resourceScalewayK8SClusterCreate(ctx context.Context, d *schema.ResourceDat
 		ApiserverCertSans: expandStrings(d.Get("apiserver_cert_sans")),
 	}
 
+	// Autoscaler configuration
+
 	autoscalerReq := &k8s.CreateClusterRequestAutoscalerConfig{}
 
 	if scaleDownDisabled, ok := d.GetOk("autoscaler_config.0.disable_scale_down"); ok {
@@ -315,6 +330,8 @@ func resourceScalewayK8SClusterCreate(ctx context.Context, d *schema.ResourceDat
 
 	req.AutoscalerConfig = autoscalerReq
 
+	// OpenIDConnect configuration
+
 	createClusterRequestOpenIDConnectConfig := &k8s.CreateClusterRequestOpenIDConnectConfig{}
 
 	if issuerURL, ok := d.GetOk("open_id_connect_config.0.issuer_url"); ok {
@@ -349,6 +366,8 @@ func resourceScalewayK8SClusterCreate(ctx context.Context, d *schema.ResourceDat
 		createClusterRequestOpenIDConnectConfig.RequiredClaim = scw.StringsPtr(expandStrings(requiredClaim))
 	}
 
+	// Auto-upgrade configuration
+
 	autoUpgradeEnable, okAutoUpgradeEnable := d.GetOkExists("auto_upgrade.0.enable")
 	autoUpgradeStartHour, okAutoUpgradeStartHour := d.GetOkExists("auto_upgrade.0.maintenance_window_start_hour")
 	autoUpgradeDay, okAutoUpgradeDay := d.GetOk("auto_upgrade.0.maintenance_window_day")
@@ -375,6 +394,8 @@ func resourceScalewayK8SClusterCreate(ctx context.Context, d *schema.ResourceDat
 		}
 	}
 
+	// K8S Version
+
 	version := d.Get("version").(string)
 	versionIsOnlyMinor := len(strings.Split(version, ".")) == 2
 
@@ -391,6 +412,14 @@ func resourceScalewayK8SClusterCreate(ctx context.Context, d *schema.ResourceDat
 
 	req.Version = version
 
+	// Private network configuration
+
+	if pnID, ok := d.GetOk("private_network_id"); ok {
+		req.PrivateNetworkID = scw.StringPtr(expandZonedID(pnID.(string)).ID)
+	}
+
+	// Cluster creation
+
 	res, err := k8sAPI.CreateCluster(req, scw.WithContext(ctx))
 	if err != nil {
 		return diag.FromErr(err)
@@ -462,6 +491,11 @@ func resourceScalewayK8SClusterRead(ctx context.Context, d *schema.ResourceData,
 	_ = d.Set("open_id_connect_config", clusterOpenIDConnectConfigFlatten(cluster))
 	_ = d.Set("auto_upgrade", clusterAutoUpgradeFlatten(cluster))
 
+	// private_network
+	if cluster.PrivateNetworkID != nil {
+		_ = d.Set("private_network_id", cluster.PrivateNetworkID)
+	}
+
 	////
 	// Read kubeconfig
 	////
diff --git a/scaleway/resource_k8s_cluster_test.go b/scaleway/resource_k8s_cluster_test.go
@@ -384,6 +384,31 @@ func TestAccScalewayK8SCluster_AutoUpgrade(t *testing.T) {
 	})
 }
 
+func TestAccScalewayK8SCluster_PrivateNetwork(t *testing.T) {
+	tt := NewTestTools(t)
+	defer tt.Cleanup()
+
+	latestK8SVersion := testAccScalewayK8SClusterGetLatestK8SVersion(tt)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+		},
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      testAccCheckScalewayK8SClusterDestroy(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCheckScalewayK8SClusterConfigPrivateNetwork(latestK8SVersion),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewayK8SClusterExists(tt, "scaleway_k8s_cluster.private_network"),
+					testAccCheckScalewayVPCPrivateNetworkExists(tt, "scaleway_vpc_private_network.private_network"),
+					resource.TestCheckResourceAttrPair("scaleway_k8s_cluster.private_network", "private_network_id", "scaleway_vpc_private_network.private_network", "id"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccScalewayK8SCluster_Multicloud(t *testing.T) {
 	tt := NewTestTools(t)
 	defer tt.Cleanup()
@@ -574,6 +599,22 @@ resource "scaleway_k8s_cluster" "auto_upgrade" {
 }`, version, enable, hour, day)
 }
 
+func testAccCheckScalewayK8SClusterConfigPrivateNetwork(version string) string {
+	return fmt.Sprintf(`
+resource "scaleway_vpc_private_network" "private_network" {
+  name       = "k8s-private-network"
+}
+resource "scaleway_k8s_cluster" "private_network" {
+	cni = "calico"
+	version = "%s"
+	name = "k8s-private-network-cluster"
+    private_network_id = scaleway_vpc_private_network.private_network.id
+	tags = [ "terraform-test", "scaleway_k8s_cluster", "private_network" ]
+	delete_additional_resources = true
+	depends_on = [scaleway_vpc_private_network.private_network]
+}`, version)
+}
+
 func testAccCheckScalewayK8SClusterMulticloud(version string) string {
 	return fmt.Sprintf(`
 resource "scaleway_k8s_cluster" "multicloud" {
diff --git a/scaleway/resource_k8s_pool_test.go b/scaleway/resource_k8s_pool_test.go
@@ -302,16 +302,18 @@ func TestAccScalewayK8SCluster_PoolSize(t *testing.T) {
 	tt := NewTestTools(t)
 	defer tt.Cleanup()
 
+	latestK8SVersionMinor := testAccScalewayK8SClusterGetLatestK8SVersionMinor(tt)
+
 	resource.ParallelTest(t, resource.TestCase{
 		PreCheck:          func() { testAccPreCheck(t) },
 		ProviderFactories: tt.ProviderFactories,
 		CheckDestroy:      testAccCheckScalewayK8SClusterDestroy(tt),
 		Steps: []resource.TestStep{
 			{
-				Config: `
+				Config: fmt.Sprintf(`
 				resource "scaleway_k8s_cluster" "cluster" {
 				  name    = "cluster"
-				  version = "1.23"
+				  version = "%s"
 				  cni     = "cilium"
 				  delete_additional_resources = true
 				  auto_upgrade {
@@ -329,13 +331,13 @@ func TestAccScalewayK8SCluster_PoolSize(t *testing.T) {
 				  autoscaling         = false
 				  autohealing         = true
 				  wait_for_pool_ready = true
-				}`,
+				}`, latestK8SVersionMinor),
 			},
 			{
-				Config: `
+				Config: fmt.Sprintf(`
 				resource "scaleway_k8s_cluster" "cluster" {
 				  name    = "cluster"
-				  version = "1.23"
+				  version = "%s"
 				  cni     = "cilium"
 				  auto_upgrade {
 				  enable = true
@@ -353,7 +355,7 @@ func TestAccScalewayK8SCluster_PoolSize(t *testing.T) {
 				  autoscaling         = false
 				  autohealing         = true
 				  wait_for_pool_ready = true
-				}`,
+				}`, latestK8SVersionMinor),
 				PlanOnly:           true,
 				ExpectNonEmptyPlan: true,
 			},
diff --git a/scaleway/testdata/k8s-cluster-pool-size.cassette.yaml b/scaleway/testdata/k8s-cluster-pool-size.cassette.yaml
diff --git a/scaleway/testdata/k8s-cluster-private-network.cassette.yaml b/scaleway/testdata/k8s-cluster-private-network.cassette.yaml

Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,7 @@ require (`
`14`	`14`	`github.com/hashicorp/terraform-plugin-log v0.8.0`
`15`	`15`	`github.com/hashicorp/terraform-plugin-sdk/v2 v2.26.1`
`16`	`16`	`github.com/robfig/cron/v3 v3.0.1`
`17`		`- github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15`
	`17`	`+ github.com/scaleway/scaleway-sdk-go v1.0.0-beta.15.0.20230330162401-14ed2c90a334`
`18`	`18`	`github.com/stretchr/testify v1.8.2`
`19`	`19`	`golang.org/x/exp v0.0.0-20230118134722-a68e582fa157`
`20`	`20`	`)`