Cannot create PREMIUM google_compute_global_address when google_compute_project_default_network_tier set to STANDARD

[glimberg]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v1.5.7
Terraform provider google: v4.83.0

Affected Resource(s)

• google_compute_global_address
• google_compute_project_default_network_tier

Terraform Configuration Files

// set default network tier to Standard
resource "google_compute_project_default_network_tier" "project-tier" {
  project      = var.project
  network_tier = "STANDARD"
}

// grafana IP address
resource "google_compute_global_address" "grafana_external_address" {
  name         = "ztc-test-grafana-ip"
  address_type = "EXTERNAL"
  ip_version   = "IPV4"
}

// central IP address
resource "google_compute_global_address" "central_external_address" {
  name         = "ztc-test-central-ip"
  address_type = "EXTERNAL"
  ip_version   = "IPV4"
}

// keycloak IP address
resource "google_compute_global_address" "keycloak_external_address" {
  name         = "ztc-test-keycloak-ip"
  address_type = "EXTERNAL"
  ip_version   = "IPV4"
}

Debug Output

https://gist.github.com/glimberg/d24a3739326e59d73f9de5938f0ea831

Panic Output

None

Expected Behavior

Per Google Endpoint Documentation, Global addresses shoule always be PREMIUM tier.

This signifies the networking tier used for configuring this address and can only take the following values: PREMIUM or STANDARD. Internal IP addresses are always Premium Tier; global external IP addresses are always Premium Tier; regional external IP addresses can be either Standard or Premium Tier.

If this field is not specified, it is assumed to be PREMIUM.

I would expect that the terraform provider would either default the network tier to PREMIUM, or at least have a network_tier argument so that it can be set as PREMIUM manually.

Actual Behavior

Google provider has no network_tier argument for google_compute_global_address, even though the API endpoint accepts a networkTier parameter. Either the API docs are incorrect and it is not defaulting to PREMIUM for global addresses, or the terraform provider is overriding the argument with STANDARD.

Steps to Reproduce

1. terraform apply

Important Factoids

It is possible to have the default network tier set to STANDARD and create PREMIUM Global addresses from GCP's web UI.

References

• Support networkTier in google_compute_global_address #11611

[edwardmedia]

@glimberg does below doc explain why it chooses standard tier in your case?

When creating a static regional external IP address, you can specify either PREMIUM or STANDARD for its network tier. If you don't specify a network tier, the address is created using the project default tier.

[glimberg]

I'm trying to create a GLOBAL PREMIUM ip address, not a regional external IP address. GKE ingresses require a global premium address. You can't do that with the "google_compute_address" resource, only the "google_compute_global_address" resource.

[glimberg]

Also, you can't specify a network tier for "google_compute_global_address" as there is no "network_tier" argument for it.

[edwardmedia]

I do see below statement in the doc

Note: Global external IP addresses and internal IP addresses are always Premium Tier.

I think PREMIUM can be hard-coded for Global external IP addresses

[glimberg]

Either hard coded to PREMIUM, or exposing a network_tier argument for google_compute_global_address will work for me. I'm just blocked by this currently, as I can't create global addresses at all via terraform.

It's a hard requirement in our project that the default network tier is STANDARD so that our k8s node pools live on the standard tier. The google API for k8s has no way to set the network tier for node pools, and setting the default network tier to standard is the only way to do that.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.