fix: Allow users to specify network tags for the default node pool (#1123)

* Modify cluster template to allow setting network tags on default-pool

This adds the following tags to the default pool:
* the cluster_network_tag (gke-${var.name})
* the pool-specific network tag (gke-${var.name}-default-pool)
* user-specified tags from var.node_pools_tags["all"]\
* user-specified tags from var.node_pools_tags["default-pool"]

* Build autogen template to apply changes in cluster.tf.impl

* Use network tags from the first node pool

Author: tomasgareau

autogen/main/cluster.tf.tmpl

@@ -288,6 +288,13 @@ resource "google_container_cluster" "primary" {
 
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
+      tags = concat(
+        lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [],
+        lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [],
+        lookup(local.node_pools_tags, "all", []),
+        lookup(local.node_pools_tags, var.node_pools[0].name, []),
+      )
+
       dynamic "workload_metadata_config" {
         for_each = local.cluster_node_metadata_config
 

cluster.tf

@@ -152,6 +152,13 @@ resource "google_container_cluster" "primary" {
 
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
+      tags = concat(
+        lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [],
+        lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [],
+        lookup(local.node_pools_tags, "all", []),
+        lookup(local.node_pools_tags, var.node_pools[0].name, []),
+      )
+
       dynamic "workload_metadata_config" {
         for_each = local.cluster_node_metadata_config
 

modules/beta-private-cluster-update-variant/cluster.tf

@@ -253,6 +253,13 @@ resource "google_container_cluster" "primary" {
 
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
+      tags = concat(
+        lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [],
+        lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [],
+        lookup(local.node_pools_tags, "all", []),
+        lookup(local.node_pools_tags, var.node_pools[0].name, []),
+      )
+
       dynamic "workload_metadata_config" {
         for_each = local.cluster_node_metadata_config
 

modules/beta-private-cluster/cluster.tf

@@ -253,6 +253,13 @@ resource "google_container_cluster" "primary" {
 
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
+      tags = concat(
+        lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [],
+        lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [],
+        lookup(local.node_pools_tags, "all", []),
+        lookup(local.node_pools_tags, var.node_pools[0].name, []),
+      )
+
       dynamic "workload_metadata_config" {
         for_each = local.cluster_node_metadata_config
 

modules/beta-public-cluster-update-variant/cluster.tf

@@ -253,6 +253,13 @@ resource "google_container_cluster" "primary" {
 
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
+      tags = concat(
+        lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [],
+        lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [],
+        lookup(local.node_pools_tags, "all", []),
+        lookup(local.node_pools_tags, var.node_pools[0].name, []),
+      )
+
       dynamic "workload_metadata_config" {
         for_each = local.cluster_node_metadata_config
 

modules/beta-public-cluster/cluster.tf

@@ -253,6 +253,13 @@ resource "google_container_cluster" "primary" {
 
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
+      tags = concat(
+        lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [],
+        lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [],
+        lookup(local.node_pools_tags, "all", []),
+        lookup(local.node_pools_tags, var.node_pools[0].name, []),
+      )
+
       dynamic "workload_metadata_config" {
         for_each = local.cluster_node_metadata_config
 

modules/private-cluster-update-variant/cluster.tf

@@ -152,6 +152,13 @@ resource "google_container_cluster" "primary" {
 
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
+      tags = concat(
+        lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [],
+        lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [],
+        lookup(local.node_pools_tags, "all", []),
+        lookup(local.node_pools_tags, var.node_pools[0].name, []),
+      )
+
       dynamic "workload_metadata_config" {
         for_each = local.cluster_node_metadata_config
 

modules/private-cluster/cluster.tf

@@ -152,6 +152,13 @@ resource "google_container_cluster" "primary" {
 
       service_account = lookup(var.node_pools[0], "service_account", local.service_account)
 
+      tags = concat(
+        lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [],
+        lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-default-pool"] : [],
+        lookup(local.node_pools_tags, "all", []),
+        lookup(local.node_pools_tags, var.node_pools[0].name, []),
+      )
+
       dynamic "workload_metadata_config" {
         for_each = local.cluster_node_metadata_config