feat!: align keepers with ForceNew: true fields (#1698)

Author: lauraseidler

autogen/main/cluster.tf.tmpl

@@ -572,10 +572,12 @@ locals {
     "disk_type",
     "accelerator_count",
     "accelerator_type",
+    "gpu_partition_size",
     "enable_secure_boot",
     "enable_integrity_monitoring",
     "local_ssd_count",
     "machine_type",
+    "placement_policy",
     "max_pods_per_node",
     "min_cpu_platform",
     "pod_range",
@@ -585,13 +587,14 @@ locals {
     "enable_gcfs",
     "enable_gvnic",
     "enable_secure_boot",
+    "boot_disk_kms_key",
   ]
 }
 
 # This keepers list is based on the terraform google provider schemaNodeConfig
 # resources where "ForceNew" is "true". schemaNodeConfig can be found in resource_container_node_pool.go at
-# https://github.com/hashicorp/terraform-provider-google/blob/main/google/resource_container_node_pool.go and node_config.go at
-# https://github.com/terraform-providers/terraform-provider-google/blob/main/google/node_config.go
+# https://github.com/hashicorp/terraform-provider-google/blob/main/google/services/container/resource_container_node_pool.go and node_config.go at
+# https://github.com/hashicorp/terraform-provider-google/blob/main/google/services/container/node_config.go
 resource "random_id" "name" {
   for_each    = merge(local.node_pools, local.windows_node_pools)
   byte_length = 2
@@ -601,18 +604,6 @@ resource "random_id" "name" {
       local.force_node_pool_recreation_resources,
       [for keeper in local.force_node_pool_recreation_resources : lookup(each.value, keeper, "")]
     ),
-    {
-      labels = join(",",
-        sort(
-          concat(
-            keys(local.node_pools_labels["all"]),
-            values(local.node_pools_labels["all"]),
-            keys(local.node_pools_labels[each.value["name"]]),
-            values(local.node_pools_labels[each.value["name"]])
-          )
-        )
-      )
-    },
     {
       taints = join(",",
         sort(
@@ -646,16 +637,6 @@ resource "random_id" "name" {
           )
         )
       )
-    },
-    {
-      tags = join(",",
-        sort(
-          concat(
-            local.node_pools_tags["all"],
-            local.node_pools_tags[each.value["name"]]
-          )
-        )
-      )
     }
   )
 }

docs/upgrading_to_v29.0.md

@@ -2,6 +2,52 @@
 The v29.0 release of *kubernetes-engine* is a backwards incompatible
 release.
 
+### Update variant random ID keepers updated
+
+The v29.0 release updates the keepers for the update variant modules. This will force a recreation of the nodepools.
+
+To avoid this, it is possible to edit the remote state of the `random_id` resource to add the new attributes.
+
+1. Perform a `terraform plan` as normal, identifying the `random_id` resource(s) changing and the new/removed attributes
+```tf
+      ~ keepers     = { # forces replacement
+          + "boot_disk_kms_key"           = ""
+          + "gpu_partition_size"          = ""
+          - "labels"                      = "" -> null
+          + "placement_policy"            = ""
+          - "tags"                        = "" -> null
+            # (19 unchanged elements hidden)
+        }
+        # (2 unchanged attributes hidden)
+    }
+```
+2. Pull the remote state locally: `terraform state pull > default.tfstate`
+3. Back up the original remote state: `cp default.tfstate original.tfstate`
+4. Edit the `random_id` resource(s) to add/remove the attributes from the `terraform plan` step
+```diff
+"attributes": {
+            "b64_std": "pool-02-vb4=",
+            "b64_url": "pool-02-vb4",
+            "byte_length": 2,
+            "dec": "pool-02-48574",
+            "hex": "pool-02-bdbe",
+            "id": "vb4",
+            "keepers": {
+            ...
+              "taints": "",
+-             "labels": "",
+-             "tags": "",
++             "boot_disk_kms_key": "",
++             "gpu_partition_size": "",
++             "placement_policy": "",
+            },
+            "prefix": "pool-02-"
+          }
+```
+1. Bump the serial number at the top
+2. Push the modified state to the remote `terraform state push default.tfstate`
+3. Confirm the `random_id` resource(s) no longer changes (or the corresponding `nodepool`) in a `terraform plan`
+
 ### Default cluster service account permissions modified
 
 When `create_service_account` is `true`, the service account will now be created with `Kubernetes Engine Node Service Account` role instead of `Logs Writer`, `Monitoring Metric Writer`, `Monitoring Viewer` and `Stackdriver Resource Metadata Writer` roles.

modules/beta-private-cluster-update-variant/cluster.tf

@@ -485,10 +485,12 @@ locals {
     "disk_type",
     "accelerator_count",
     "accelerator_type",
+    "gpu_partition_size",
     "enable_secure_boot",
     "enable_integrity_monitoring",
     "local_ssd_count",
     "machine_type",
+    "placement_policy",
     "max_pods_per_node",
     "min_cpu_platform",
     "pod_range",
@@ -498,13 +500,14 @@ locals {
     "enable_gcfs",
     "enable_gvnic",
     "enable_secure_boot",
+    "boot_disk_kms_key",
   ]
 }
 
 # This keepers list is based on the terraform google provider schemaNodeConfig
 # resources where "ForceNew" is "true". schemaNodeConfig can be found in resource_container_node_pool.go at
-# https://github.com/hashicorp/terraform-provider-google/blob/main/google/resource_container_node_pool.go and node_config.go at
-# https://github.com/terraform-providers/terraform-provider-google/blob/main/google/node_config.go
+# https://github.com/hashicorp/terraform-provider-google/blob/main/google/services/container/resource_container_node_pool.go and node_config.go at
+# https://github.com/hashicorp/terraform-provider-google/blob/main/google/services/container/node_config.go
 resource "random_id" "name" {
   for_each    = merge(local.node_pools, local.windows_node_pools)
   byte_length = 2
@@ -514,18 +517,6 @@ resource "random_id" "name" {
       local.force_node_pool_recreation_resources,
       [for keeper in local.force_node_pool_recreation_resources : lookup(each.value, keeper, "")]
     ),
-    {
-      labels = join(",",
-        sort(
-          concat(
-            keys(local.node_pools_labels["all"]),
-            values(local.node_pools_labels["all"]),
-            keys(local.node_pools_labels[each.value["name"]]),
-            values(local.node_pools_labels[each.value["name"]])
-          )
-        )
-      )
-    },
     {
       taints = join(",",
         sort(
@@ -559,16 +550,6 @@ resource "random_id" "name" {
           )
         )
       )
-    },
-    {
-      tags = join(",",
-        sort(
-          concat(
-            local.node_pools_tags["all"],
-            local.node_pools_tags[each.value["name"]]
-          )
-        )
-      )
     }
   )
 }

modules/beta-public-cluster-update-variant/cluster.tf

@@ -466,10 +466,12 @@ locals {
     "disk_type",
     "accelerator_count",
     "accelerator_type",
+    "gpu_partition_size",
     "enable_secure_boot",
     "enable_integrity_monitoring",
     "local_ssd_count",
     "machine_type",
+    "placement_policy",
     "max_pods_per_node",
     "min_cpu_platform",
     "pod_range",
@@ -479,13 +481,14 @@ locals {
     "enable_gcfs",
     "enable_gvnic",
     "enable_secure_boot",
+    "boot_disk_kms_key",
   ]
 }
 
 # This keepers list is based on the terraform google provider schemaNodeConfig
 # resources where "ForceNew" is "true". schemaNodeConfig can be found in resource_container_node_pool.go at
-# https://github.com/hashicorp/terraform-provider-google/blob/main/google/resource_container_node_pool.go and node_config.go at
-# https://github.com/terraform-providers/terraform-provider-google/blob/main/google/node_config.go
+# https://github.com/hashicorp/terraform-provider-google/blob/main/google/services/container/resource_container_node_pool.go and node_config.go at
+# https://github.com/hashicorp/terraform-provider-google/blob/main/google/services/container/node_config.go
 resource "random_id" "name" {
   for_each    = merge(local.node_pools, local.windows_node_pools)
   byte_length = 2
@@ -495,18 +498,6 @@ resource "random_id" "name" {
       local.force_node_pool_recreation_resources,
       [for keeper in local.force_node_pool_recreation_resources : lookup(each.value, keeper, "")]
     ),
-    {
-      labels = join(",",
-        sort(
-          concat(
-            keys(local.node_pools_labels["all"]),
-            values(local.node_pools_labels["all"]),
-            keys(local.node_pools_labels[each.value["name"]]),
-            values(local.node_pools_labels[each.value["name"]])
-          )
-        )
-      )
-    },
     {
       taints = join(",",
         sort(
@@ -540,16 +531,6 @@ resource "random_id" "name" {
           )
         )
       )
-    },
-    {
-      tags = join(",",
-        sort(
-          concat(
-            local.node_pools_tags["all"],
-            local.node_pools_tags[each.value["name"]]
-          )
-        )
-      )
     }
   )
 }

modules/private-cluster-update-variant/cluster.tf

@@ -411,10 +411,12 @@ locals {
     "disk_type",
     "accelerator_count",
     "accelerator_type",
+    "gpu_partition_size",
     "enable_secure_boot",
     "enable_integrity_monitoring",
     "local_ssd_count",
     "machine_type",
+    "placement_policy",
     "max_pods_per_node",
     "min_cpu_platform",
     "pod_range",
@@ -424,13 +426,14 @@ locals {
     "enable_gcfs",
     "enable_gvnic",
     "enable_secure_boot",
+    "boot_disk_kms_key",
   ]
 }
 
 # This keepers list is based on the terraform google provider schemaNodeConfig
 # resources where "ForceNew" is "true". schemaNodeConfig can be found in resource_container_node_pool.go at
-# https://github.com/hashicorp/terraform-provider-google/blob/main/google/resource_container_node_pool.go and node_config.go at
-# https://github.com/terraform-providers/terraform-provider-google/blob/main/google/node_config.go
+# https://github.com/hashicorp/terraform-provider-google/blob/main/google/services/container/resource_container_node_pool.go and node_config.go at
+# https://github.com/hashicorp/terraform-provider-google/blob/main/google/services/container/node_config.go
 resource "random_id" "name" {
   for_each    = merge(local.node_pools, local.windows_node_pools)
   byte_length = 2
@@ -440,18 +443,6 @@ resource "random_id" "name" {
       local.force_node_pool_recreation_resources,
       [for keeper in local.force_node_pool_recreation_resources : lookup(each.value, keeper, "")]
     ),
-    {
-      labels = join(",",
-        sort(
-          concat(
-            keys(local.node_pools_labels["all"]),
-            values(local.node_pools_labels["all"]),
-            keys(local.node_pools_labels[each.value["name"]]),
-            values(local.node_pools_labels[each.value["name"]])
-          )
-        )
-      )
-    },
     {
       taints = join(",",
         sort(
@@ -485,16 +476,6 @@ resource "random_id" "name" {
           )
         )
       )
-    },
-    {
-      tags = join(",",
-        sort(
-          concat(
-            local.node_pools_tags["all"],
-            local.node_pools_tags[each.value["name"]]
-          )
-        )
-      )
     }
   )
 }