container: add support for network_performance_config (#14095) (#23098)

modular-magician · web-flow · commit 3cda11f91dc2 · 2025-05-30T13:42:49.000-07:00
[upstream:249d6411f0e3a2046ca44760834c8f86e5647dd1]

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/14095.txt b/.changelog/14095.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+container: added `network_performance_config` field to `google_container_cluster` resource
+```
diff --git a/google/services/container/resource_container_cluster.go b/google/services/container/resource_container_cluster.go
@@ -2252,6 +2252,21 @@ func ResourceContainerCluster() *schema.Resource {
 				Description:  `Defines the config of in-transit encryption`,
 				ValidateFunc: validation.StringInSlice([]string{"IN_TRANSIT_ENCRYPTION_CONFIG_UNSPECIFIED", "IN_TRANSIT_ENCRYPTION_DISABLED", "IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT"}, false),
 			},
+			"network_performance_config": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				MaxItems:    1,
+				Description: `Network bandwidth tier configuration.`,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"total_egress_bandwidth_tier": {
+							Type:        schema.TypeString,
+							Required:    true,
+							Description: `Specifies the total network bandwidth tier for NodePools in the cluster.`,
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -2412,6 +2427,7 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
 			EnableMultiNetworking:                d.Get("enable_multi_networking").(bool),
 			DefaultEnablePrivateNodes:            expandDefaultEnablePrivateNodes(d),
 			EnableFqdnNetworkPolicy:              d.Get("enable_fqdn_network_policy").(bool),
+			NetworkPerformanceConfig:             expandNetworkPerformanceConfig(d.Get("network_performance_config")),
 		},
 		MasterAuth:           expandMasterAuth(d.Get("master_auth")),
 		NotificationConfig:   expandNotificationConfig(d.Get("notification_config")),
@@ -3078,6 +3094,9 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
 	if err := d.Set("gateway_api_config", flattenGatewayApiConfig(cluster.NetworkConfig.GatewayApiConfig)); err != nil {
 		return err
 	}
+	if err := d.Set("network_performance_config", flattenNetworkPerformanceConfig(cluster.NetworkConfig.NetworkPerformanceConfig)); err != nil {
+		return err
+	}
 	if err := d.Set("fleet", flattenFleet(cluster.Fleet)); err != nil {
 		return err
 	}
@@ -4284,6 +4303,24 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
 		log.Printf("[INFO] GKE cluster %s resource usage export config has been updated", d.Id())
 	}
 
+	if d.HasChange("network_performance_config") {
+		if npc, ok := d.GetOk("network_performance_config"); ok {
+			req := &container.UpdateClusterRequest{
+				Update: &container.ClusterUpdate{
+					DesiredNetworkPerformanceConfig: expandNetworkPerformanceConfig(npc),
+				},
+			}
+
+			updateF := updateFunc(req, "updating GKE Network Performance Config")
+			// Call update serially.
+			if err := transport_tpg.LockedCall(lockKey, updateF); err != nil {
+				return err
+			}
+
+			log.Printf("[INFO] GKE cluster %s Network Performance Config has been updated", d.Id())
+		}
+	}
+
 	if d.HasChange("gateway_api_config") {
 		if gac, ok := d.GetOk("gateway_api_config"); ok {
 			req := &container.UpdateClusterRequest{
@@ -5629,6 +5666,18 @@ func expandDnsConfig(configured interface{}) *container.DNSConfig {
 	}
 }
 
+func expandNetworkPerformanceConfig(configured interface{}) *container.ClusterNetworkPerformanceConfig {
+	l := configured.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil
+	}
+
+	config := l[0].(map[string]interface{})
+	return &container.ClusterNetworkPerformanceConfig{
+		TotalEgressBandwidthTier: config["total_egress_bandwidth_tier"].(string),
+	}
+}
+
 func expandGatewayApiConfig(configured interface{}) *container.GatewayAPIConfig {
 	l := configured.([]interface{})
 	if len(l) == 0 || l[0] == nil {
@@ -6548,6 +6597,17 @@ func flattenDnsConfig(c *container.DNSConfig) []map[string]interface{} {
 	}
 }
 
+func flattenNetworkPerformanceConfig(c *container.ClusterNetworkPerformanceConfig) []map[string]interface{} {
+	if c == nil {
+		return nil
+	}
+	return []map[string]interface{}{
+		{
+			"total_egress_bandwidth_tier": c.TotalEgressBandwidthTier,
+		},
+	}
+}
+
 func flattenGatewayApiConfig(c *container.GatewayAPIConfig) []map[string]interface{} {
 	if c == nil {
 		return nil
diff --git a/google/services/container/resource_container_cluster_test.go b/google/services/container/resource_container_cluster_test.go
@@ -701,6 +701,45 @@ func TestAccContainerCluster_inTransitEncryptionConfig(t *testing.T) {
 	})
 }
 
+func TestAccContainerCluster_networkPerformanceConfig(t *testing.T) {
+	t.Parallel()
+
+	clusterName := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10))
+	networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster")
+	subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName)
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckContainerClusterDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccContainerCluster_networkPerformanceConfig(clusterName, networkName, subnetworkName, "TIER_1"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("google_container_cluster.primary", "network_performance_config.0.total_egress_bandwidth_tier", "TIER_1"),
+				),
+			},
+			{
+				ResourceName:            "google_container_cluster.primary",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"deletion_protection"},
+			},
+			{
+				Config: testAccContainerCluster_networkPerformanceConfig(clusterName, networkName, subnetworkName, "TIER_UNSPECIFIED"),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("google_container_cluster.primary", "network_performance_config.0.total_egress_bandwidth_tier", "TIER_UNSPECIFIED"),
+				),
+			},
+			{
+				ResourceName:            "google_container_cluster.primary",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"deletion_protection"},
+			},
+		},
+	})
+}
+
 func TestAccContainerCluster_withFQDNNetworkPolicy(t *testing.T) {
 	t.Parallel()
 
@@ -12846,3 +12885,27 @@ resource "google_container_cluster" "primary" {
 }
 `, name, networkName, subnetworkName, config)
 }
+
+func testAccContainerCluster_networkPerformanceConfig(name, networkName, subnetworkName, config string) string {
+	return fmt.Sprintf(`
+resource "google_container_cluster" "primary" {
+  name                         = "%s"
+  location                     = "us-central1-a"
+  initial_node_count           = 1
+  network                      = "%s"
+  subnetwork                   = "%s"
+  deletion_protection          = false
+
+  node_config {
+	machine_type = "n2-standard-32"
+	gvnic {
+      enabled = true
+	}
+  }
+  
+  network_performance_config {
+    total_egress_bandwidth_tier = "%s"
+  }
+}
+`, name, networkName, subnetworkName, config)
+}
diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown
@@ -955,6 +955,8 @@ gvnic {
 * `local_ssd_count` - (Optional) The amount of local SSD disks that will be
     attached to each cluster node. Defaults to 0.
 
+* `network_performance_config` - (Optional) Network bandwidth tier configuration. Structure is [documented below](#network_performance_config).
+
 * `machine_type` - (Optional) The name of a Google Compute Engine machine type.
     Defaults to `e2-medium`. To create a custom machine type, value should be set as specified
     [here](https://cloud.google.com/compute/docs/reference/latest/instances#machineType).
@@ -1141,6 +1143,10 @@ sole_tenant_config {
 
 * `max_shared_clients_per_gpu` (Required) - The maximum number of containers that can share a GPU.
 
+<a name="network_performance_config"></a>The `network_performance_config` block supports:
+
+* `total_egress_bandwidth_tier` (Required) - Specifies the total network bandwidth tier for NodePools in the cluster.
+
 <a name="nested_workload_identity_config"></a> The `workload_identity_config` block supports:
 
 * `workload_pool` (Optional) - The workload pool to attach all Kubernetes service accounts to.

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:enhancement
	`2`	+container: added `network_performance_config` field to `google_container_cluster` resource
	`3`	+```