I'm creating a module for GKE autopilote using Terraform, currently my configuration is:
resource "google_container_cluster" "gke-autopilote" {
name = var.name
project = var.project_id
location = local.region
enable_autopilot = true
deletion_protection = false
network = data.google_compute_network.gke_network.self_link
subnetwork = data.google_compute_subnetwork.gke_subnetwork.self_link
networking_mode = "VPC_NATIVE"
ip_allocation_policy {
cluster_secondary_range_name = local.ip_range_pods_name // 100.64.0.0/21
}
dynamic "private_cluster_config" {
for_each = local.enable_private_endpoint ? [{
enable_private_nodes = local.enable_private_nodes,
enable_private_endpoint = local.enable_private_endpoint
}] : []
content {
enable_private_endpoint = private_cluster_config.value.enable_private_endpoint // false
enable_private_nodes = private_cluster_config.value.enable_private_nodes // true
dynamic "master_global_access_config" {
for_each = local.master_global_access_enabled ? [local.master_global_access_enabled] : []
content {
enabled = master_global_access_config.value
}
}
}
}
}
As mentionned in the documentation (https://cloud.google.com/kubernetes-engine/docs/how-to/egress-nat-policy-ip-masq-autopilot), GKE autopilote is created with ip-masquerading by default, and the configuration is stored in configmap called ip-masq-agent in kube-system namespace, but since it autopilote and we don't have acces to modify the configmap directly, Google propose to do it with a CDR called egressnatpolicies : https://cloud.google.com/kubernetes-engine/docs/how-to/egress-nat-policy-ip-masq-autopilot#edit-default-egress-nat-policy
My issue is when I create the cluster with the console able able to find the objec 'egressnatpolicies' but when I create the cluster with my module I cannot find it :
error: the server doesn't have a resource type "egressnatpolicies"
Note: in both cases, I'm able to find the daemonSet for ip-masq-agent