feat: allow cluster creation without node pool

autogen/main/cluster.tf.tmpl

@@ -645,69 +645,69 @@ resource "google_container_cluster" "primary" {
     }
 
     node_config {
-      image_type                  = lookup(var.node_pools[0], "image_type", "COS_CONTAINERD")
-      machine_type                = lookup(var.node_pools[0], "machine_type", "e2-medium")
-      min_cpu_platform            = lookup(var.node_pools[0], "min_cpu_platform", "")
-      enable_confidential_storage = lookup(var.node_pools[0], "enable_confidential_storage", false)
-      disk_type                   = lookup(var.node_pools[0], "disk_type", null)
+      image_type                  = lookup(local.head_node_pool, "image_type", "COS_CONTAINERD")
+      machine_type                = lookup(local.head_node_pool, "machine_type", "e2-medium")
+      min_cpu_platform            = lookup(local.head_node_pool, "min_cpu_platform", "")
+      enable_confidential_storage = lookup(local.head_node_pool, "enable_confidential_storage", false)
+      disk_type                   = lookup(local.head_node_pool, "disk_type", null)
 
       dynamic "boot_disk" {
-        for_each = lookup(var.node_pools[0], "provisioned_iops", null) != null || lookup(var.node_pools[0], "provisioned_throughput", null) != null ? [1] : []
+        for_each = lookup(local.head_node_pool, "provisioned_iops", null) != null || lookup(local.head_node_pool, "provisioned_throughput", null) != null ? [1] : []
         content {
-          provisioned_iops       = lookup(var.node_pools[0], "provisioned_iops", null)
-          provisioned_throughput = lookup(var.node_pools[0], "provisioned_throughput", null)
+          provisioned_iops       = lookup(local.head_node_pool, "provisioned_iops", null)
+          provisioned_throughput = lookup(local.head_node_pool, "provisioned_throughput", null)
         }
       }
 
       dynamic "gcfs_config" {
-        for_each = lookup(var.node_pools[0], "enable_gcfs", null) != null ? [var.node_pools[0].enable_gcfs] : []
+        for_each = lookup(local.head_node_pool, "enable_gcfs", null) != null ? [local.head_node_pool.enable_gcfs] : []
         content {
           enabled = gcfs_config.value
         }
       }
 
       dynamic "gvnic" {
-        for_each = lookup(var.node_pools[0], "enable_gvnic", false) ? [true] : []
+        for_each = lookup(local.head_node_pool, "enable_gvnic", false) ? [true] : []
         content {
           enabled = gvnic.value
         }
       }
 
       dynamic "fast_socket" {
-        for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : []
+        for_each = lookup(local.head_node_pool, "enable_fast_socket", null) != null ? [local.head_node_pool.enable_fast_socket] : []
         content {
           enabled = fast_socket.value
         }
       }
 
       dynamic "kubelet_config" {
         for_each = length(setintersection(
-          keys(var.node_pools[0]),
+          keys(local.head_node_pool),
           ["cpu_manager_policy", "cpu_cfs_quota", "cpu_cfs_quota_period", "insecure_kubelet_readonly_port_enabled", "pod_pids_limit", "container_log_max_size", "container_log_max_files", "image_gc_low_threshold_percent", "image_gc_high_threshold_percent", "image_minimum_gc_age", "image_maximum_gc_age", "allowed_unsafe_sysctls"]
         )) != 0 || var.insecure_kubelet_readonly_port_enabled != null ? [1] : []
 
         content {
-          cpu_manager_policy                     = lookup(var.node_pools[0], "cpu_manager_policy", "static")
-          cpu_cfs_quota                          = lookup(var.node_pools[0], "cpu_cfs_quota", null)
-          cpu_cfs_quota_period                   = lookup(var.node_pools[0], "cpu_cfs_quota_period", null)
-          insecure_kubelet_readonly_port_enabled = lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(var.node_pools[0], "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null
-          pod_pids_limit                         = lookup(var.node_pools[0], "pod_pids_limit", null)
-          container_log_max_size                 = lookup(var.node_pools[0], "container_log_max_size", null)
-          container_log_max_files                = lookup(var.node_pools[0], "container_log_max_files", null)
-          image_gc_low_threshold_percent         = lookup(var.node_pools[0], "image_gc_low_threshold_percent", null)
-          image_gc_high_threshold_percent        = lookup(var.node_pools[0], "image_gc_high_threshold_percent", null)
-          image_minimum_gc_age                   = lookup(var.node_pools[0], "image_minimum_gc_age", null)
-          image_maximum_gc_age                   = lookup(var.node_pools[0], "image_maximum_gc_age", null)
-          allowed_unsafe_sysctls                 = lookup(var.node_pools[0], "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(var.node_pools[0], "allowed_unsafe_sysctls", null)) : trimspace(s)]
+          cpu_manager_policy                     = lookup(local.head_node_pool, "cpu_manager_policy", "static")
+          cpu_cfs_quota                          = lookup(local.head_node_pool, "cpu_cfs_quota", null)
+          cpu_cfs_quota_period                   = lookup(local.head_node_pool, "cpu_cfs_quota_period", null)
+          insecure_kubelet_readonly_port_enabled = lookup(local.head_node_pool, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled) != null ? upper(tostring(lookup(local.head_node_pool, "insecure_kubelet_readonly_port_enabled", var.insecure_kubelet_readonly_port_enabled))) : null
+          pod_pids_limit                         = lookup(local.head_node_pool, "pod_pids_limit", null)
+          container_log_max_size                 = lookup(local.head_node_pool, "container_log_max_size", null)
+          container_log_max_files                = lookup(local.head_node_pool, "container_log_max_files", null)
+          image_gc_low_threshold_percent         = lookup(local.head_node_pool, "image_gc_low_threshold_percent", null)
+          image_gc_high_threshold_percent        = lookup(local.head_node_pool, "image_gc_high_threshold_percent", null)
+          image_minimum_gc_age                   = lookup(local.head_node_pool, "image_minimum_gc_age", null)
+          image_maximum_gc_age                   = lookup(local.head_node_pool, "image_maximum_gc_age", null)
+          allowed_unsafe_sysctls                 = lookup(local.head_node_pool, "allowed_unsafe_sysctls", null) == null ? null : [for s in split(",", lookup(local.head_node_pool, "allowed_unsafe_sysctls", null)) : trimspace(s)]
         }
       }
 
       dynamic "sole_tenant_config" {
         # node_affinity is currently the only member of sole_tenant_config
-        for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [true] : []
+        for_each = lookup(local.head_node_pool, "node_affinity", null) != null ? [true] : []
         content {
           dynamic "node_affinity" {
-            for_each = lookup(var.node_pools[0], "node_affinity", null) != null ? [lookup(var.node_pools[0], "node_affinity", null)] : []
+            for_each = lookup(local.head_node_pool, "node_affinity", null) != null ? [lookup(local.head_node_pool, "node_affinity", null)] : []
             content {
               key = lookup(jsondecode(node_affinity.value), "key", null)
               operator = lookup(jsondecode(node_affinity.value), "operator", null)
@@ -717,16 +717,16 @@ resource "google_container_cluster" "primary" {
         }
       }
 
-      service_account = lookup(var.node_pools[0], "service_account", local.service_account)
+      service_account = lookup(local.head_node_pool, "service_account", local.service_account)
 
       tags = concat(
         lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [],
         lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [],
         lookup(local.node_pools_tags, "all", []),
-        lookup(local.node_pools_tags, var.node_pools[0].name, []),
+        length(var.node_pools) > 0 ? lookup(local.node_pools_tags, local.head_node_pool.name, []) : [],
       )
 
-      logging_variant = lookup(var.node_pools[0], "logging_variant", "DEFAULT")
+      logging_variant = lookup(local.head_node_pool, "logging_variant", "DEFAULT")
 
       dynamic "workload_metadata_config" {
         for_each = local.cluster_node_metadata_config
@@ -740,25 +740,25 @@ resource "google_container_cluster" "primary" {
 
       {% if beta_cluster %}
       dynamic "sandbox_config" {
-        for_each = tobool((lookup(var.node_pools[0], "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : []
+        for_each = tobool((lookup(local.head_node_pool, "sandbox_enabled", var.sandbox_enabled))) ? ["gvisor"] : []
         content {
           sandbox_type = sandbox_config.value
         }
       }
 
       {% endif %}
-      boot_disk_kms_key = lookup(var.node_pools[0], "boot_disk_kms_key", var.boot_disk_kms_key)
+      boot_disk_kms_key = lookup(local.head_node_pool, "boot_disk_kms_key", var.boot_disk_kms_key)
 
-      storage_pools = lookup(var.node_pools[0], "storage_pools", null) != null ? [var.node_pools[0].storage_pools] : []
+      storage_pools = lookup(local.head_node_pool, "storage_pools", null) != null ? [local.head_node_pool.storage_pools] : []
 
       shielded_instance_config {
-        enable_secure_boot          = lookup(var.node_pools[0], "enable_secure_boot", false)
-        enable_integrity_monitoring = lookup(var.node_pools[0], "enable_integrity_monitoring", true)
+        enable_secure_boot          = lookup(local.head_node_pool, "enable_secure_boot", false)
+        enable_integrity_monitoring = lookup(local.head_node_pool, "enable_integrity_monitoring", true)
       }
 
-      local_ssd_encryption_mode = lookup(var.node_pools[0], "local_ssd_encryption_mode", null)
-      max_run_duration          = lookup(var.node_pools[0], "max_run_duration", null)
-      flex_start                = lookup(var.node_pools[0], "flex_start", null)
+      local_ssd_encryption_mode = lookup(local.head_node_pool, "local_ssd_encryption_mode", null)
+      max_run_duration          = lookup(local.head_node_pool, "max_run_duration", null)
+      flex_start                = lookup(local.head_node_pool, "flex_start", null)
     }
   }
   {% endif %}

autogen/main/main.tf.tmpl

@@ -200,21 +200,16 @@ locals {
   cluster_region   = var.regional ? var.region : join("-", slice(split("-", local.cluster_location), 0, 2))
   cluster_zones    = sort(local.cluster_output_zones)
 
-  {% if autopilot_cluster != true %}
-  // node pool ID is in the form projects/<project-id>/locations/<location>/clusters/<cluster-name>/nodePools/<nodepool-name>
-  cluster_name_parts_from_nodepool           = split("/", element(values(google_container_node_pool.pools)[*].id, 0))
-  cluster_name_computed                      = element(local.cluster_name_parts_from_nodepool, length(local.cluster_name_parts_from_nodepool) - 3)
-  {% else %}
   // cluster ID is in the form project/location/name
   cluster_name_computed                      = element(split("/", local.cluster_id), length(split("/", local.cluster_id)) - 1)
-  {% endif %}
   cluster_network_tag                        = "gke-${var.name}"
   cluster_ca_certificate                     = local.cluster_master_auth_map["cluster_ca_certificate"]
   cluster_master_version                     = local.cluster_output_master_version
   cluster_min_master_version                 = local.cluster_output_min_master_version
   cluster_logging_service                    = local.cluster_output_logging_service
   cluster_monitoring_service                 = local.cluster_output_monitoring_service
   {% if autopilot_cluster != true %}
+  head_node_pool                             = length(var.node_pools) > 0 ? var.node_pools[0] : {}
   cluster_node_pools_names                   = local.cluster_output_node_pools_names
   cluster_node_pools_versions                = local.cluster_output_node_pools_versions
   cluster_network_policy_enabled             = ! local.cluster_output_network_policy_enabled

autogen/main/outputs.tf.tmpl

@@ -32,9 +32,6 @@ output "name" {
     * to be up.
     */
     google_container_cluster.primary,
-    {% if autopilot_cluster != true %}
-    google_container_node_pool.pools,
-    {% endif %}
   ]
 }
 
@@ -70,9 +67,6 @@ output "endpoint" {
     * to be up.
     */
     google_container_cluster.primary,
-    {% if autopilot_cluster != true %}
-    google_container_node_pool.pools,
-    {% endif %}
   ]
 }
 
@@ -87,9 +81,6 @@ output "endpoint_dns" {
     * to be up.
     */
     google_container_cluster.primary,
-    {% if autopilot_cluster != true %}
-    google_container_node_pool.pools,
-    {% endif %}
   ]
 }
 

build/int.cloudbuild.yaml

@@ -120,6 +120,21 @@ steps:
     - verify simple-regional-private-local
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'cft test run TestSimpleRegionalPrivate --stage teardown --verbose']
+- id: apply simple-regional-private-no-pool-local
+  waitFor:
+    - init-all
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'cft test run TestSimpleRegionalPrivateNoPool --stage apply --verbose']
+- id: verify simple-regional-private-no-pool-local
+  waitFor:
+    - apply simple-regional-private-no-pool-local
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'cft test run TestSimpleRegionalPrivateNoPool --stage verify --verbose']
+- id: teardown simple-regional-private-no-pool-local
+  waitFor:
+    - verify simple-regional-private-no-pool-local
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'cft test run TestSimpleRegionalPrivateNoPool --stage teardown --verbose']
 - id: apply simple-regional-cluster-autoscaling
   waitFor:
     - init-all