From a95ce1b7d4b017d24b4583d2a7dfa04fa85e0a6f Mon Sep 17 00:00:00 2001 From: Richard Song Date: Mon, 12 Aug 2019 15:36:37 -0400 Subject: [PATCH 01/14] added check for optional fields added optional field lookup and resource usage export config changed to dataset_id revert examples fixed bug where resource_usage_export_dataset_id was being set even if empty string check for null --- autogen/cluster.tf | 10 +++++++++- autogen/main.tf | 6 +++--- autogen/variables.tf | 5 +++++ modules/beta-private-cluster/README.md | 1 + modules/beta-private-cluster/cluster.tf | 10 +++++++++- modules/beta-private-cluster/main.tf | 6 +++--- modules/beta-private-cluster/variables.tf | 5 +++++ modules/beta-public-cluster/README.md | 1 + modules/beta-public-cluster/cluster.tf | 10 +++++++++- modules/beta-public-cluster/main.tf | 6 +++--- modules/beta-public-cluster/variables.tf | 5 +++++ 11 files changed, 53 insertions(+), 12 deletions(-) diff --git a/autogen/cluster.tf b/autogen/cluster.tf index 664de67855..8f169c1f16 100644 --- a/autogen/cluster.tf +++ b/autogen/cluster.tf @@ -66,7 +66,15 @@ resource "google_container_cluster" "primary" { enabled = pod_security_policy_config.value.enabled } } - + dynamic "resource_usage_export_config" { + for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : [] + content { + enable_network_egress_metering = true + bigquery_destination { + dataset_id = resource_usage_export_dataset_id.value + } + } + } {% endif %} dynamic "master_authorized_networks_config" { for_each = var.master_authorized_networks_config diff --git a/autogen/main.tf b/autogen/main.tf index 9d6476b916..9988aa7b4b 100644 --- a/autogen/main.tf +++ b/autogen/main.tf @@ -102,10 +102,10 @@ locals { {% if beta_cluster %} # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config.0.enabled + cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true" + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false" cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false" # /BETA features {% endif %} diff --git a/autogen/variables.tf b/autogen/variables.tf index 9a956194e0..04b55cb5b3 100644 --- a/autogen/variables.tf +++ b/autogen/variables.tf @@ -366,6 +366,11 @@ variable "pod_security_policy_config" { }] } +variable "resource_usage_export_dataset_id" { + description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic." + default = "" +} + variable "node_metadata" { description = "Specifies how node metadata is exposed to the workload running on the node" default = "UNSPECIFIED" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index eba9f48d31..6b6096e389 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -191,6 +191,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | region | The region to host the cluster in (required) | string | n/a | yes | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool | `"true"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no | +| resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no | | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `` | no | | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index d887d332ed..00b751c440 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -61,7 +61,15 @@ resource "google_container_cluster" "primary" { enabled = pod_security_policy_config.value.enabled } } - + dynamic "resource_usage_export_config" { + for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : [] + content { + enable_network_egress_metering = true + bigquery_destination { + dataset_id = resource_usage_export_dataset_id.value + } + } + } dynamic "master_authorized_networks_config" { for_each = var.master_authorized_networks_config content { diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 43fea3b6dc..4ed2381da2 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -91,10 +91,10 @@ locals { cluster_output_kubernetes_dashboard_enabled = google_container_cluster.primary.addons_config.0.kubernetes_dashboard.0.disabled # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config.0.enabled + cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true" + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false" cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false" # /BETA features diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 6aa50eafff..f2ac656def 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -363,6 +363,11 @@ variable "pod_security_policy_config" { }] } +variable "resource_usage_export_dataset_id" { + description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic." + default = "" +} + variable "node_metadata" { description = "Specifies how node metadata is exposed to the workload running on the node" default = "UNSPECIFIED" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 49ffddedc1..eaca891ea0 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -182,6 +182,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | region | The region to host the cluster in (required) | string | n/a | yes | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool | `"true"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no | +| resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no | | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `` | no | | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index c26d85ff50..228722017c 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -61,7 +61,15 @@ resource "google_container_cluster" "primary" { enabled = pod_security_policy_config.value.enabled } } - + dynamic "resource_usage_export_config" { + for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : [] + content { + enable_network_egress_metering = true + bigquery_destination { + dataset_id = resource_usage_export_dataset_id.value + } + } + } dynamic "master_authorized_networks_config" { for_each = var.master_authorized_networks_config content { diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index db5138e99f..ed7c1864b5 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -91,10 +91,10 @@ locals { cluster_output_kubernetes_dashboard_enabled = google_container_cluster.primary.addons_config.0.kubernetes_dashboard.0.disabled # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config.0.enabled + cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true" + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false" cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false" # /BETA features diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index d8b68de69b..e48b57b14c 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -339,6 +339,11 @@ variable "pod_security_policy_config" { }] } +variable "resource_usage_export_dataset_id" { + description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic." + default = "" +} + variable "node_metadata" { description = "Specifies how node metadata is exposed to the workload running on the node" default = "UNSPECIFIED" From 99d8e374abb11a6681fe8a5f398ed8cdbd51d12c Mon Sep 17 00:00:00 2001 From: pp Date: Mon, 19 Aug 2019 18:21:16 +0300 Subject: [PATCH 02/14] Added support for resource usage export config * Based on PR https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/230 * Add support for beta feature resource_usage_export_config (Fixes #232) --- CHANGELOG.md | 2 ++ autogen/cluster.tf | 3 ++- autogen/main.tf | 6 +++--- autogen/variables.tf | 1 + modules/beta-private-cluster/cluster.tf | 3 ++- modules/beta-private-cluster/main.tf | 6 +++--- modules/beta-private-cluster/variables.tf | 1 + modules/beta-public-cluster/cluster.tf | 3 ++- modules/beta-public-cluster/main.tf | 6 +++--- modules/beta-public-cluster/variables.tf | 1 + 10 files changed, 20 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 706682fbf1..55fe78f7c1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ Extending the adopted spec, each change should have a link to its corresponding ## [Unreleased] ### Added +* Added support for resource usage export config [#238] * Added `grant_registry_access` variable to grant Container Registry access to created SA [#236] * Support for Intranode Visbiility (IV) and Veritical Pod Autoscaling (VPA) beta features [#216] * Support for Workload Identity beta feature [#234] @@ -170,6 +171,7 @@ Extending the adopted spec, each change should have a link to its corresponding [v0.3.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.2.0...v0.3.0 [v0.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.1.0...v0.2.0 +[#238]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/238 [#236]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/236 [#217]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/217 [#234]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/234 diff --git a/autogen/cluster.tf b/autogen/cluster.tf index 8f169c1f16..94621de2eb 100644 --- a/autogen/cluster.tf +++ b/autogen/cluster.tf @@ -66,12 +66,13 @@ resource "google_container_cluster" "primary" { enabled = pod_security_policy_config.value.enabled } } + dynamic "resource_usage_export_config" { for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : [] content { enable_network_egress_metering = true bigquery_destination { - dataset_id = resource_usage_export_dataset_id.value + dataset_id = resource_usage_export_config.value } } } diff --git a/autogen/main.tf b/autogen/main.tf index 9988aa7b4b..9d6476b916 100644 --- a/autogen/main.tf +++ b/autogen/main.tf @@ -102,10 +102,10 @@ locals { {% if beta_cluster %} # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true" - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false" + cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config.0.enabled cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false" + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled # /BETA features {% endif %} diff --git a/autogen/variables.tf b/autogen/variables.tf index 04b55cb5b3..04712c35a9 100644 --- a/autogen/variables.tf +++ b/autogen/variables.tf @@ -367,6 +367,7 @@ variable "pod_security_policy_config" { } variable "resource_usage_export_dataset_id" { + type = string description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic." default = "" } diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 00b751c440..6af7a005d8 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -61,12 +61,13 @@ resource "google_container_cluster" "primary" { enabled = pod_security_policy_config.value.enabled } } + dynamic "resource_usage_export_config" { for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : [] content { enable_network_egress_metering = true bigquery_destination { - dataset_id = resource_usage_export_dataset_id.value + dataset_id = resource_usage_export_config.value } } } diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 4ed2381da2..43fea3b6dc 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -91,10 +91,10 @@ locals { cluster_output_kubernetes_dashboard_enabled = google_container_cluster.primary.addons_config.0.kubernetes_dashboard.0.disabled # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true" - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false" + cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config.0.enabled cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false" + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled # /BETA features diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index f2ac656def..5d505f6d1f 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -364,6 +364,7 @@ variable "pod_security_policy_config" { } variable "resource_usage_export_dataset_id" { + type = string description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic." default = "" } diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 228722017c..6d2a7c975e 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -61,12 +61,13 @@ resource "google_container_cluster" "primary" { enabled = pod_security_policy_config.value.enabled } } + dynamic "resource_usage_export_config" { for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : [] content { enable_network_egress_metering = true bigquery_destination { - dataset_id = resource_usage_export_dataset_id.value + dataset_id = resource_usage_export_config.value } } } diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index ed7c1864b5..db5138e99f 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -91,10 +91,10 @@ locals { cluster_output_kubernetes_dashboard_enabled = google_container_cluster.primary.addons_config.0.kubernetes_dashboard.0.disabled # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true" - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false" + cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config.0.enabled cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false" + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled # /BETA features diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index e48b57b14c..040dab3b99 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -340,6 +340,7 @@ variable "pod_security_policy_config" { } variable "resource_usage_export_dataset_id" { + type = string description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic." default = "" } From 2ccc0f33381a114e82cf010103043cba0d229b0c Mon Sep 17 00:00:00 2001 From: pp Date: Wed, 21 Aug 2019 18:36:48 +0300 Subject: [PATCH 03/14] Add flag to enable GKE Sandbox * Add `sandbox_enabled` variable to use GKE Sandbox (Fixes #240) --- CHANGELOG.md | 2 ++ autogen/cluster.tf | 8 ++++++++ autogen/main.tf | 2 ++ autogen/variables.tf | 6 ++++++ modules/beta-private-cluster/README.md | 1 + modules/beta-private-cluster/cluster.tf | 8 ++++++++ modules/beta-private-cluster/main.tf | 2 ++ modules/beta-private-cluster/variables.tf | 6 ++++++ modules/beta-public-cluster/README.md | 1 + modules/beta-public-cluster/cluster.tf | 8 ++++++++ modules/beta-public-cluster/main.tf | 2 ++ modules/beta-public-cluster/variables.tf | 6 ++++++ 12 files changed, 52 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 706682fbf1..eef59ce695 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ Extending the adopted spec, each change should have a link to its corresponding ## [Unreleased] ### Added +* Added `sandbox_enabled` variable to use GKE Sandbox [#241] * Added `grant_registry_access` variable to grant Container Registry access to created SA [#236] * Support for Intranode Visbiility (IV) and Veritical Pod Autoscaling (VPA) beta features [#216] * Support for Workload Identity beta feature [#234] @@ -170,6 +171,7 @@ Extending the adopted spec, each change should have a link to its corresponding [v0.3.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.2.0...v0.3.0 [v0.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.1.0...v0.2.0 +[#241]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/241 [#236]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/236 [#217]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/217 [#234]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/234 diff --git a/autogen/cluster.tf b/autogen/cluster.tf index 664de67855..aa89d96076 100644 --- a/autogen/cluster.tf +++ b/autogen/cluster.tf @@ -158,6 +158,14 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } + + dynamic "sandbox_config" { + for_each = local.cluster_sandbox_enabled + + content { + sandbox_type = sandbox_config.value + } + } {% endif %} } } diff --git a/autogen/main.tf b/autogen/main.tf index 9d6476b916..2e60262e44 100644 --- a/autogen/main.tf +++ b/autogen/main.tf @@ -75,6 +75,8 @@ locals { security_group = var.authenticator_security_group }] + cluster_sandbox_enabled = var.sandbox_enabled ? ["gvisor"] : [] + {% endif %} cluster_output_name = google_container_cluster.primary.name diff --git a/autogen/variables.tf b/autogen/variables.tf index 9a956194e0..e8e569cf1e 100644 --- a/autogen/variables.tf +++ b/autogen/variables.tf @@ -371,6 +371,12 @@ variable "node_metadata" { default = "UNSPECIFIED" } +variable "sandbox_enabled" { + type = bool + description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it)." + default = false +} + variable "enable_intranode_visibility" { type = bool description = "Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index eba9f48d31..dcb14943be 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -191,6 +191,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | region | The region to host the cluster in (required) | string | n/a | yes | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool | `"true"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no | +| sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it). | bool | `"false"` | no | | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `` | no | | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index d887d332ed..49ef6364ae 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -149,6 +149,14 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } + + dynamic "sandbox_config" { + for_each = local.cluster_sandbox_enabled + + content { + sandbox_type = sandbox_config.value + } + } } } diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 43fea3b6dc..ad6116e7ef 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -70,6 +70,8 @@ locals { security_group = var.authenticator_security_group }] + cluster_sandbox_enabled = var.sandbox_enabled ? ["gvisor"] : [] + cluster_output_name = google_container_cluster.primary.name cluster_output_location = google_container_cluster.primary.location diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 6aa50eafff..d1f4a91e72 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -368,6 +368,12 @@ variable "node_metadata" { default = "UNSPECIFIED" } +variable "sandbox_enabled" { + type = bool + description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it)." + default = false +} + variable "enable_intranode_visibility" { type = bool description = "Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 49ffddedc1..047a12eac1 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -182,6 +182,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | region | The region to host the cluster in (required) | string | n/a | yes | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool | `"true"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no | +| sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it). | bool | `"false"` | no | | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `` | no | | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index c26d85ff50..82c67f4f03 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -149,6 +149,14 @@ resource "google_container_cluster" "primary" { node_metadata = workload_metadata_config.value.node_metadata } } + + dynamic "sandbox_config" { + for_each = local.cluster_sandbox_enabled + + content { + sandbox_type = sandbox_config.value + } + } } } diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index db5138e99f..c956463414 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -70,6 +70,8 @@ locals { security_group = var.authenticator_security_group }] + cluster_sandbox_enabled = var.sandbox_enabled ? ["gvisor"] : [] + cluster_output_name = google_container_cluster.primary.name cluster_output_location = google_container_cluster.primary.location diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index d8b68de69b..c52b0b7a83 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -344,6 +344,12 @@ variable "node_metadata" { default = "UNSPECIFIED" } +variable "sandbox_enabled" { + type = bool + description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it)." + default = false +} + variable "enable_intranode_visibility" { type = bool description = "Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network" From b2a0f59ee8eadcfc4814818ab462d666b51f9e2c Mon Sep 17 00:00:00 2001 From: Devan Patel Date: Wed, 28 Aug 2019 11:58:19 +0100 Subject: [PATCH 04/14] WIP autoscaling opt out --- autogen/cluster.tf | 8 +++++--- autogen/variables.tf | 2 +- cluster.tf | 8 +++++--- modules/beta-private-cluster/cluster.tf | 8 +++++--- modules/beta-public-cluster/cluster.tf | 8 +++++--- modules/private-cluster/cluster.tf | 8 +++++--- 6 files changed, 26 insertions(+), 16 deletions(-) diff --git a/autogen/cluster.tf b/autogen/cluster.tf index 664de67855..7f4a600e4b 100644 --- a/autogen/cluster.tf +++ b/autogen/cluster.tf @@ -223,9 +223,11 @@ resource "google_container_node_pool" "pools" { max_pods_per_node = lookup(var.node_pools[count.index], "max_pods_per_node", null) {% endif %} - autoscaling { - min_node_count = lookup(var.node_pools[count.index], "min_count", 1) - max_node_count = lookup(var.node_pools[count.index], "max_count", 100) + node_count = lookup(var.node_pools[count.index], "autoscaling", true) ? null : lookup(var.node_pools[count.index], "min_count", 1) + dynamic "autoscaling" { + for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] + min_node_count = autoscaling.value.min_count + max_node_count = autoscaling.value.max_count } management { diff --git a/autogen/variables.tf b/autogen/variables.tf index 9a956194e0..4e7e04b491 100644 --- a/autogen/variables.tf +++ b/autogen/variables.tf @@ -377,7 +377,7 @@ variable "enable_intranode_visibility" { default = false } - variable "enable_vertical_pod_autoscaling" { +variable "enable_vertical_pod_autoscaling" { type = bool description = "Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it" default = false diff --git a/cluster.tf b/cluster.tf index 499e689a4b..2530b5e8fe 100644 --- a/cluster.tf +++ b/cluster.tf @@ -142,9 +142,11 @@ resource "google_container_node_pool" "pools" { lookup(var.node_pools[count.index], "min_count", 1), ) - autoscaling { - min_node_count = lookup(var.node_pools[count.index], "min_count", 1) - max_node_count = lookup(var.node_pools[count.index], "max_count", 100) + node_count = lookup(var.node_pools[count.index], "autoscaling", true) ? null : lookup(var.node_pools[count.index], "min_count", 1) + dynamic "autoscaling" { + for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] + min_node_count = autoscaling.value.min_count + max_node_count = autoscaling.value.max_count } management { diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index d887d332ed..50d6552da1 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -207,9 +207,11 @@ resource "google_container_node_pool" "pools" { ) max_pods_per_node = lookup(var.node_pools[count.index], "max_pods_per_node", null) - autoscaling { - min_node_count = lookup(var.node_pools[count.index], "min_count", 1) - max_node_count = lookup(var.node_pools[count.index], "max_count", 100) + node_count = lookup(var.node_pools[count.index], "autoscaling", true) ? null : lookup(var.node_pools[count.index], "min_count", 1) + dynamic "autoscaling" { + for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] + min_node_count = autoscaling.value.min_count + max_node_count = autoscaling.value.max_count } management { diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index c26d85ff50..0862e84c07 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -202,9 +202,11 @@ resource "google_container_node_pool" "pools" { ) max_pods_per_node = lookup(var.node_pools[count.index], "max_pods_per_node", null) - autoscaling { - min_node_count = lookup(var.node_pools[count.index], "min_count", 1) - max_node_count = lookup(var.node_pools[count.index], "max_count", 100) + node_count = lookup(var.node_pools[count.index], "autoscaling", true) ? null : lookup(var.node_pools[count.index], "min_count", 1) + dynamic "autoscaling" { + for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] + min_node_count = autoscaling.value.min_count + max_node_count = autoscaling.value.max_count } management { diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 6ea5394b02..d950217728 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -147,9 +147,11 @@ resource "google_container_node_pool" "pools" { lookup(var.node_pools[count.index], "min_count", 1), ) - autoscaling { - min_node_count = lookup(var.node_pools[count.index], "min_count", 1) - max_node_count = lookup(var.node_pools[count.index], "max_count", 100) + node_count = lookup(var.node_pools[count.index], "autoscaling", true) ? null : lookup(var.node_pools[count.index], "min_count", 1) + dynamic "autoscaling" { + for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] + min_node_count = autoscaling.value.min_count + max_node_count = autoscaling.value.max_count } management { From 39cf3a5a8c9f7848dadd47f62da4fdedf14519ea Mon Sep 17 00:00:00 2001 From: Devan Patel Date: Wed, 28 Aug 2019 12:02:43 +0100 Subject: [PATCH 05/14] Fix syntax --- autogen/cluster.tf | 7 +++++-- cluster.tf | 9 ++++++--- modules/beta-private-cluster/cluster.tf | 9 ++++++--- modules/beta-public-cluster/cluster.tf | 9 ++++++--- modules/private-cluster/cluster.tf | 9 ++++++--- 5 files changed, 29 insertions(+), 14 deletions(-) diff --git a/autogen/cluster.tf b/autogen/cluster.tf index 7f4a600e4b..95a34089bf 100644 --- a/autogen/cluster.tf +++ b/autogen/cluster.tf @@ -224,10 +224,13 @@ resource "google_container_node_pool" "pools" { {% endif %} node_count = lookup(var.node_pools[count.index], "autoscaling", true) ? null : lookup(var.node_pools[count.index], "min_count", 1) + dynamic "autoscaling" { for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] - min_node_count = autoscaling.value.min_count - max_node_count = autoscaling.value.max_count + content { + min_node_count = autoscaling.value.min_count + max_node_count = autoscaling.value.max_count + } } management { diff --git a/cluster.tf b/cluster.tf index 2530b5e8fe..9b3f142fc1 100644 --- a/cluster.tf +++ b/cluster.tf @@ -143,10 +143,13 @@ resource "google_container_node_pool" "pools" { ) node_count = lookup(var.node_pools[count.index], "autoscaling", true) ? null : lookup(var.node_pools[count.index], "min_count", 1) + dynamic "autoscaling" { - for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] - min_node_count = autoscaling.value.min_count - max_node_count = autoscaling.value.max_count + for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] + content { + min_node_count = autoscaling.value.min_count + max_node_count = autoscaling.value.max_count + } } management { diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 50d6552da1..836bc2397c 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -208,10 +208,13 @@ resource "google_container_node_pool" "pools" { max_pods_per_node = lookup(var.node_pools[count.index], "max_pods_per_node", null) node_count = lookup(var.node_pools[count.index], "autoscaling", true) ? null : lookup(var.node_pools[count.index], "min_count", 1) + dynamic "autoscaling" { - for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] - min_node_count = autoscaling.value.min_count - max_node_count = autoscaling.value.max_count + for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] + content { + min_node_count = autoscaling.value.min_count + max_node_count = autoscaling.value.max_count + } } management { diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 0862e84c07..3eb5d107b2 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -203,10 +203,13 @@ resource "google_container_node_pool" "pools" { max_pods_per_node = lookup(var.node_pools[count.index], "max_pods_per_node", null) node_count = lookup(var.node_pools[count.index], "autoscaling", true) ? null : lookup(var.node_pools[count.index], "min_count", 1) + dynamic "autoscaling" { - for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] - min_node_count = autoscaling.value.min_count - max_node_count = autoscaling.value.max_count + for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] + content { + min_node_count = autoscaling.value.min_count + max_node_count = autoscaling.value.max_count + } } management { diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index d950217728..619e46b719 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -148,10 +148,13 @@ resource "google_container_node_pool" "pools" { ) node_count = lookup(var.node_pools[count.index], "autoscaling", true) ? null : lookup(var.node_pools[count.index], "min_count", 1) + dynamic "autoscaling" { - for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] - min_node_count = autoscaling.value.min_count - max_node_count = autoscaling.value.max_count + for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] + content { + min_node_count = autoscaling.value.min_count + max_node_count = autoscaling.value.max_count + } } management { From 773eb570ed1b18926cd8909eda3b0ed1d6b697f2 Mon Sep 17 00:00:00 2001 From: Devan Patel Date: Wed, 28 Aug 2019 12:05:16 +0100 Subject: [PATCH 06/14] Make min/max optional vars --- autogen/cluster.tf | 4 ++-- cluster.tf | 4 ++-- modules/beta-private-cluster/cluster.tf | 4 ++-- modules/beta-public-cluster/cluster.tf | 4 ++-- modules/private-cluster/cluster.tf | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) diff --git a/autogen/cluster.tf b/autogen/cluster.tf index 95a34089bf..5efeb49483 100644 --- a/autogen/cluster.tf +++ b/autogen/cluster.tf @@ -228,8 +228,8 @@ resource "google_container_node_pool" "pools" { dynamic "autoscaling" { for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] content { - min_node_count = autoscaling.value.min_count - max_node_count = autoscaling.value.max_count + min_node_count = lookup(autoscaling.value, "min_count", 1) + max_node_count = lookup(autoscaling.value, "max_count", 100) } } diff --git a/cluster.tf b/cluster.tf index 9b3f142fc1..6ee6edbf52 100644 --- a/cluster.tf +++ b/cluster.tf @@ -147,8 +147,8 @@ resource "google_container_node_pool" "pools" { dynamic "autoscaling" { for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] content { - min_node_count = autoscaling.value.min_count - max_node_count = autoscaling.value.max_count + min_node_count = lookup(autoscaling.value, "min_count", 1) + max_node_count = lookup(autoscaling.value, "max_count", 100) } } diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 836bc2397c..7259ef47ee 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -212,8 +212,8 @@ resource "google_container_node_pool" "pools" { dynamic "autoscaling" { for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] content { - min_node_count = autoscaling.value.min_count - max_node_count = autoscaling.value.max_count + min_node_count = lookup(autoscaling.value, "min_count", 1) + max_node_count = lookup(autoscaling.value, "max_count", 100) } } diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 3eb5d107b2..f18d434321 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -207,8 +207,8 @@ resource "google_container_node_pool" "pools" { dynamic "autoscaling" { for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] content { - min_node_count = autoscaling.value.min_count - max_node_count = autoscaling.value.max_count + min_node_count = lookup(autoscaling.value, "min_count", 1) + max_node_count = lookup(autoscaling.value, "max_count", 100) } } diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 619e46b719..b0006553e1 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -152,8 +152,8 @@ resource "google_container_node_pool" "pools" { dynamic "autoscaling" { for_each = lookup(var.node_pools[count.index], "autoscaling", true) ? [var.node_pools[count.index]] : [] content { - min_node_count = autoscaling.value.min_count - max_node_count = autoscaling.value.max_count + min_node_count = lookup(autoscaling.value, "min_count", 1) + max_node_count = lookup(autoscaling.value, "max_count", 100) } } From a3741fa6bd1cc1d1b8ce8a86bbc9fac70376acb1 Mon Sep 17 00:00:00 2001 From: Andriy Kopachevskyy Date: Fri, 9 Aug 2019 15:46:28 +0300 Subject: [PATCH 07/14] Ensure that GA modules don't depend on beta functionality Beta functionality removed fully from public and private cluster modules and related exampled. As long node_pool example used taints that in beta, it switched to public-cluster-beta module from root one. * Fixes #181 --- CHANGELOG.md | 6 ++++++ README.md | 1 - autogen/README.md | 4 ++-- autogen/auth.tf | 2 +- autogen/cluster.tf | 8 +++++++- autogen/main.tf | 2 +- autogen/networks.tf | 4 ++-- autogen/variables.tf | 2 ++ cluster.tf | 13 +------------ examples/deploy_service/main.tf | 5 ----- examples/disable_client_cert/main.tf | 5 ----- examples/node_pool/main.tf | 7 +------ examples/shared_vpc/main.tf | 5 ----- examples/simple_regional/main.tf | 5 ----- examples/simple_regional_beta/main.tf | 6 ------ examples/simple_regional_private/main.tf | 2 +- examples/simple_zonal/main.tf | 5 ----- examples/simple_zonal_private/main.tf | 2 +- examples/stub_domains/main.tf | 5 ----- examples/stub_domains_private/main.tf | 2 +- .../stub_domains_upstream_nameservers/main.tf | 5 ----- examples/upstream_nameservers/main.tf | 5 ----- modules/private-cluster/README.md | 5 ++--- modules/private-cluster/auth.tf | 2 +- modules/private-cluster/cluster.tf | 15 ++------------- modules/private-cluster/main.tf | 2 +- modules/private-cluster/networks.tf | 4 ++-- modules/private-cluster/variables.tf | 10 ---------- test/fixtures/simple_regional_private/network.tf | 4 ---- test/fixtures/simple_zonal_private/network.tf | 3 --- variables.tf | 10 ---------- 31 files changed, 34 insertions(+), 122 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 61d6432d64..54236093c2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 Extending the adopted spec, each change should have a link to its corresponding pull request appended. ## [Unreleased] + +### Changed + +* All Beta functionality removed from non-beta clusters, some properties like node_pool taints available only in beta cluster now [#228] + ### Added * Support for Intranode Visbiility (IV) and Veritical Pod Autoscaling (VPA) beta features [#216] @@ -168,6 +173,7 @@ Extending the adopted spec, each change should have a link to its corresponding [v0.3.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.2.0...v0.3.0 [v0.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.1.0...v0.2.0 +[#228]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/228 [#234]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/234 [#216]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/216 [#214]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/214 diff --git a/README.md b/README.md index 8ea95f1635..ea1ef578ab 100644 --- a/README.md +++ b/README.md @@ -161,7 +161,6 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `` | no | | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | -| node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `` | no | | node\_version | The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation. | string | `""` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `` | no | | project\_id | The project ID to host the cluster in (required) | string | n/a | yes | diff --git a/autogen/README.md b/autogen/README.md index 5b44ad2f14..620aa422c5 100644 --- a/autogen/README.md +++ b/autogen/README.md @@ -157,7 +157,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 0.12 -{% if private_cluster or beta_cluster %} +{% if beta_cluster %} - [Terraform Provider for GCP Beta][terraform-provider-google-beta] v2.9 {% else %} - [Terraform Provider for GCP][terraform-provider-google] v2.9 @@ -339,7 +339,7 @@ command. {% else %} [upgrading-to-v3.0]: docs/upgrading_to_v3.0.md {% endif %} -{% if private_cluster or beta_cluster %} +{% if beta_cluster %} [terraform-provider-google-beta]: https://github.com/terraform-providers/terraform-provider-google-beta {% else %} [terraform-provider-google]: https://github.com/terraform-providers/terraform-provider-google diff --git a/autogen/auth.tf b/autogen/auth.tf index 21275cd41e..a23689bb7b 100644 --- a/autogen/auth.tf +++ b/autogen/auth.tf @@ -20,7 +20,7 @@ Retrieve authentication token *****************************************/ data "google_client_config" "default" { - {% if private_cluster or beta_cluster %} + {% if beta_cluster %} provider = google-beta {% else %} provider = google diff --git a/autogen/cluster.tf b/autogen/cluster.tf index 21dfdeb93c..1dd055dc11 100644 --- a/autogen/cluster.tf +++ b/autogen/cluster.tf @@ -20,7 +20,7 @@ Create Container Cluster *****************************************/ resource "google_container_cluster" "primary" { - {% if private_cluster or beta_cluster %} + {% if beta_cluster %} provider = google-beta {% else %} provider = google @@ -196,7 +196,11 @@ resource "google_container_cluster" "primary" { Create Container Cluster node pools *****************************************/ resource "google_container_node_pool" "pools" { + {% if beta_cluster %} provider = google-beta + {% else %} + provider = google + {% endif %} count = length(var.node_pools) name = var.node_pools[count.index]["name"] project = var.project_id @@ -252,6 +256,7 @@ resource "google_container_node_pool" "pools" { "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints }, ) + {% if beta_cluster %} dynamic "taint" { for_each = concat( var.node_pools_taints["all"], @@ -263,6 +268,7 @@ resource "google_container_node_pool" "pools" { value = taint.value.value } } + {% endif %} tags = concat( ["gke-${var.name}"], ["gke-${var.name}-${var.node_pools[count.index]["name"]}"], diff --git a/autogen/main.tf b/autogen/main.tf index cf67bd9e08..bb628b0980 100644 --- a/autogen/main.tf +++ b/autogen/main.tf @@ -20,7 +20,7 @@ Get available zones in region *****************************************/ data "google_compute_zones" "available" { - {% if private_cluster or beta_cluster %} + {% if beta_cluster %} provider = google-beta {% else %} provider = google diff --git a/autogen/networks.tf b/autogen/networks.tf index 19a9af5307..88df19bc3b 100644 --- a/autogen/networks.tf +++ b/autogen/networks.tf @@ -17,7 +17,7 @@ {{ autogeneration_note }} data "google_compute_network" "gke_network" { - {% if private_cluster or beta_cluster %} + {% if beta_cluster %} provider = google-beta {% else %} provider = google @@ -28,7 +28,7 @@ data "google_compute_network" "gke_network" { } data "google_compute_subnetwork" "gke_subnetwork" { - {% if private_cluster or beta_cluster %} + {% if beta_cluster %} provider = google-beta {% else %} provider = google diff --git a/autogen/variables.tf b/autogen/variables.tf index 59f8408b2f..d90210ef82 100644 --- a/autogen/variables.tf +++ b/autogen/variables.tf @@ -178,6 +178,7 @@ variable "node_pools_metadata" { } } +{% if beta_cluster %} variable "node_pools_taints" { type = map(list(object({key=string,value=string,effect=string}))) description = "Map of lists containing node taints by node-pool name" @@ -188,6 +189,7 @@ variable "node_pools_taints" { } } +{% endif %} variable "node_pools_tags" { type = map(list(string)) description = "Map of lists containing node network tags by node-pool name" diff --git a/cluster.tf b/cluster.tf index 499e689a4b..7da3248f21 100644 --- a/cluster.tf +++ b/cluster.tf @@ -125,7 +125,7 @@ resource "google_container_cluster" "primary" { Create Container Cluster node pools *****************************************/ resource "google_container_node_pool" "pools" { - provider = google-beta + provider = google count = length(var.node_pools) name = var.node_pools[count.index]["name"] project = var.project_id @@ -178,17 +178,6 @@ resource "google_container_node_pool" "pools" { "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints }, ) - dynamic "taint" { - for_each = concat( - var.node_pools_taints["all"], - var.node_pools_taints[var.node_pools[count.index]["name"]], - ) - content { - effect = taint.value.effect - key = taint.value.key - value = taint.value.value - } - } tags = concat( ["gke-${var.name}"], ["gke-${var.name}-${var.node_pools[count.index]["name"]}"], diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf index 10bce771ef..3e15164913 100644 --- a/examples/deploy_service/main.tf +++ b/examples/deploy_service/main.tf @@ -23,11 +23,6 @@ provider "google" { region = var.region } -provider "google-beta" { - version = "~> 2.12.0" - region = var.region -} - provider "kubernetes" { load_config_file = false host = "https://${module.gke.endpoint}" diff --git a/examples/disable_client_cert/main.tf b/examples/disable_client_cert/main.tf index c64f09fd67..221eb994ce 100644 --- a/examples/disable_client_cert/main.tf +++ b/examples/disable_client_cert/main.tf @@ -23,11 +23,6 @@ provider "google" { region = var.region } -provider "google-beta" { - version = "~> 2.12.0" - region = var.region -} - module "gke" { source = "../../" diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index 2fb447fbb3..6662bb84ac 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -18,18 +18,13 @@ locals { cluster_type = "node-pool" } -provider "google" { - version = "~> 2.12.0" - region = var.region -} - provider "google-beta" { version = "~> 2.12.0" region = var.region } module "gke" { - source = "../../" + source = "../../modules/beta-public-cluster/" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" regional = false diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf index a0221ca360..766239ead8 100644 --- a/examples/shared_vpc/main.tf +++ b/examples/shared_vpc/main.tf @@ -23,11 +23,6 @@ provider "google" { region = var.region } -provider "google-beta" { - version = "~> 2.12.0" - region = var.region -} - module "gke" { source = "../../" project_id = var.project_id diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf index bd42f43d1a..4662435fbd 100644 --- a/examples/simple_regional/main.tf +++ b/examples/simple_regional/main.tf @@ -23,11 +23,6 @@ provider "google" { region = var.region } -provider "google-beta" { - version = "~> 2.12.0" - region = var.region -} - module "gke" { source = "../../" project_id = var.project_id diff --git a/examples/simple_regional_beta/main.tf b/examples/simple_regional_beta/main.tf index 9eaf2b6117..fc95090ede 100644 --- a/examples/simple_regional_beta/main.tf +++ b/examples/simple_regional_beta/main.tf @@ -18,12 +18,6 @@ locals { cluster_type = "simple-regional-beta" } -provider "google" { - version = "~> 2.12.0" - credentials = file(var.credentials_path) - region = var.region -} - provider "google-beta" { version = "~> 2.12.0" credentials = file(var.credentials_path) diff --git a/examples/simple_regional_private/main.tf b/examples/simple_regional_private/main.tf index b79c21c770..89568e86ee 100644 --- a/examples/simple_regional_private/main.tf +++ b/examples/simple_regional_private/main.tf @@ -18,7 +18,7 @@ locals { cluster_type = "simple-regional-private" } -provider "google-beta" { +provider "google" { version = "~> 2.12.0" region = var.region } diff --git a/examples/simple_zonal/main.tf b/examples/simple_zonal/main.tf index 7e04d7e4fe..edd90f7a0d 100644 --- a/examples/simple_zonal/main.tf +++ b/examples/simple_zonal/main.tf @@ -23,11 +23,6 @@ provider "google" { region = var.region } -provider "google-beta" { - version = "~> 2.12.0" - region = var.region -} - module "gke" { source = "../../" project_id = var.project_id diff --git a/examples/simple_zonal_private/main.tf b/examples/simple_zonal_private/main.tf index 2192787516..428218d76a 100644 --- a/examples/simple_zonal_private/main.tf +++ b/examples/simple_zonal_private/main.tf @@ -18,7 +18,7 @@ locals { cluster_type = "simple-regional-private" } -provider "google-beta" { +provider "google" { version = "~> 2.12.0" region = var.region } diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf index 4227aac952..37264f781b 100644 --- a/examples/stub_domains/main.tf +++ b/examples/stub_domains/main.tf @@ -23,11 +23,6 @@ provider "google" { region = var.region } -provider "google-beta" { - version = "~> 2.12.0" - region = var.region -} - module "gke" { source = "../../" project_id = var.project_id diff --git a/examples/stub_domains_private/main.tf b/examples/stub_domains_private/main.tf index 046f9838c0..65bc48247d 100644 --- a/examples/stub_domains_private/main.tf +++ b/examples/stub_domains_private/main.tf @@ -14,7 +14,7 @@ * limitations under the License. */ -provider "google-beta" { +provider "google" { version = "~> 2.12.0" region = var.region } diff --git a/examples/stub_domains_upstream_nameservers/main.tf b/examples/stub_domains_upstream_nameservers/main.tf index 42f3967d5a..0da83b95c6 100644 --- a/examples/stub_domains_upstream_nameservers/main.tf +++ b/examples/stub_domains_upstream_nameservers/main.tf @@ -23,11 +23,6 @@ provider "google" { region = var.region } -provider "google-beta" { - version = "~> 2.12.0" - region = var.region -} - module "gke" { source = "../../" project_id = var.project_id diff --git a/examples/upstream_nameservers/main.tf b/examples/upstream_nameservers/main.tf index 8a997e8c7a..ecded7c29c 100644 --- a/examples/upstream_nameservers/main.tf +++ b/examples/upstream_nameservers/main.tf @@ -23,11 +23,6 @@ provider "google" { region = var.region } -provider "google-beta" { - version = "~> 2.12.0" - region = var.region -} - module "gke" { source = "../../" project_id = var.project_id diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 035adc403e..10ffe18910 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -170,7 +170,6 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `` | no | | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | -| node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `` | no | | node\_version | The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation. | string | `""` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `` | no | | project\_id | The project ID to host the cluster in (required) | string | n/a | yes | @@ -225,7 +224,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 0.12 -- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v2.9 +- [Terraform Provider for GCP][terraform-provider-google] v2.9 ### Configure a Service Account In order to execute this module you must have a Service Account with the @@ -395,6 +394,6 @@ command. [upgrading-to-v2.0]: ../../docs/upgrading_to_v2.0.md [upgrading-to-v3.0]: ../../docs/upgrading_to_v3.0.md -[terraform-provider-google-beta]: https://github.com/terraform-providers/terraform-provider-google-beta +[terraform-provider-google]: https://github.com/terraform-providers/terraform-provider-google [3.0.0]: https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google/3.0.0 [terraform-0.12-upgrade]: https://www.terraform.io/upgrade-guides/0-12.html diff --git a/modules/private-cluster/auth.tf b/modules/private-cluster/auth.tf index c177eee5a7..48e7cc6a5f 100644 --- a/modules/private-cluster/auth.tf +++ b/modules/private-cluster/auth.tf @@ -20,7 +20,7 @@ Retrieve authentication token *****************************************/ data "google_client_config" "default" { - provider = google-beta + provider = google } /****************************************** diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 6ea5394b02..d6af244b8a 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -20,7 +20,7 @@ Create Container Cluster *****************************************/ resource "google_container_cluster" "primary" { - provider = google-beta + provider = google name = var.name description = var.description @@ -130,7 +130,7 @@ resource "google_container_cluster" "primary" { Create Container Cluster node pools *****************************************/ resource "google_container_node_pool" "pools" { - provider = google-beta + provider = google count = length(var.node_pools) name = var.node_pools[count.index]["name"] project = var.project_id @@ -183,17 +183,6 @@ resource "google_container_node_pool" "pools" { "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints }, ) - dynamic "taint" { - for_each = concat( - var.node_pools_taints["all"], - var.node_pools_taints[var.node_pools[count.index]["name"]], - ) - content { - effect = taint.value.effect - key = taint.value.key - value = taint.value.value - } - } tags = concat( ["gke-${var.name}"], ["gke-${var.name}-${var.node_pools[count.index]["name"]}"], diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index 9c8dc629eb..bfe746401c 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -20,7 +20,7 @@ Get available zones in region *****************************************/ data "google_compute_zones" "available" { - provider = google-beta + provider = google project = var.project_id region = var.region diff --git a/modules/private-cluster/networks.tf b/modules/private-cluster/networks.tf index 14ea500e03..a382073dc0 100644 --- a/modules/private-cluster/networks.tf +++ b/modules/private-cluster/networks.tf @@ -17,14 +17,14 @@ // This file was automatically generated from a template in ./autogen data "google_compute_network" "gke_network" { - provider = google-beta + provider = google name = var.network project = local.network_project_id } data "google_compute_subnetwork" "gke_subnetwork" { - provider = google-beta + provider = google name = var.subnetwork region = var.region diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 1aba1057a2..bad2d93ba3 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -178,16 +178,6 @@ variable "node_pools_metadata" { } } -variable "node_pools_taints" { - type = map(list(object({ key = string, value = string, effect = string }))) - description = "Map of lists containing node taints by node-pool name" - - default = { - all = [] - default-node-pool = [] - } -} - variable "node_pools_tags" { type = map(list(string)) description = "Map of lists containing node network tags by node-pool name" diff --git a/test/fixtures/simple_regional_private/network.tf b/test/fixtures/simple_regional_private/network.tf index c50c2d12d1..f34f629069 100644 --- a/test/fixtures/simple_regional_private/network.tf +++ b/test/fixtures/simple_regional_private/network.tf @@ -20,10 +20,6 @@ resource "random_string" "suffix" { upper = false } -provider "google-beta" { - project = var.project_id -} - resource "google_compute_network" "main" { project = var.project_id name = "cft-gke-test-${random_string.suffix.result}" diff --git a/test/fixtures/simple_zonal_private/network.tf b/test/fixtures/simple_zonal_private/network.tf index c50c2d12d1..76d33f6bfc 100644 --- a/test/fixtures/simple_zonal_private/network.tf +++ b/test/fixtures/simple_zonal_private/network.tf @@ -20,9 +20,6 @@ resource "random_string" "suffix" { upper = false } -provider "google-beta" { - project = var.project_id -} resource "google_compute_network" "main" { project = var.project_id diff --git a/variables.tf b/variables.tf index 3c64fd5562..4f7a18b26a 100644 --- a/variables.tf +++ b/variables.tf @@ -178,16 +178,6 @@ variable "node_pools_metadata" { } } -variable "node_pools_taints" { - type = map(list(object({ key = string, value = string, effect = string }))) - description = "Map of lists containing node taints by node-pool name" - - default = { - all = [] - default-node-pool = [] - } -} - variable "node_pools_tags" { type = map(list(string)) description = "Map of lists containing node network tags by node-pool name" From b65204fa376277e8f4d262e2fc89f47ec74f408a Mon Sep 17 00:00:00 2001 From: Morgante Pell Date: Wed, 28 Aug 2019 14:49:37 -0400 Subject: [PATCH 08/14] Update CHANGELOG.md --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 706682fbf1..bfbcc1cba3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ Extending the adopted spec, each change should have a link to its corresponding * Support for Intranode Visbiility (IV) and Veritical Pod Autoscaling (VPA) beta features [#216] * Support for Workload Identity beta feature [#234] * Support for Google Groups based RBAC beta feature [#217] +* Support for disabling node pool autoscaling by setting `autoscaling` to `false` within the node pool variable. [#250] ## [v4.1.0] 2019-07-24 @@ -170,6 +171,7 @@ Extending the adopted spec, each change should have a link to its corresponding [v0.3.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.2.0...v0.3.0 [v0.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.1.0...v0.2.0 +[#250]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/250 [#236]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/236 [#217]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/217 [#234]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/234 From b3404152c01d9309747f5b510ccb9c80c3d39795 Mon Sep 17 00:00:00 2001 From: "Julian V. Modesto" Date: Thu, 29 Aug 2019 11:45:25 -0400 Subject: [PATCH 09/14] Check null and length of beta feature outputs --- autogen/main.tf | 4 ++-- modules/beta-private-cluster/main.tf | 4 ++-- modules/beta-public-cluster/main.tf | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/autogen/main.tf b/autogen/main.tf index c4b070f9a3..0f5b0edc06 100644 --- a/autogen/main.tf +++ b/autogen/main.tf @@ -105,9 +105,9 @@ locals { {% if beta_cluster %} # BETA features cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config.0.enabled + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false # /BETA features {% endif %} diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index ad6116e7ef..1199f2dfa6 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -94,9 +94,9 @@ locals { # BETA features cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config.0.enabled + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false # /BETA features diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index c956463414..e4e7548a3a 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -94,9 +94,9 @@ locals { # BETA features cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config.0.enabled + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false # /BETA features From 979836cff2f72c2fb707da724b558f3e2195c94d Mon Sep 17 00:00:00 2001 From: "Julian V. Modesto" Date: Thu, 29 Aug 2019 13:08:46 -0400 Subject: [PATCH 10/14] Fix autogen module source --- autogen/README.md | 2 +- helpers/generate_modules/generate_modules.py | 3 +++ modules/beta-private-cluster/README.md | 2 +- modules/beta-public-cluster/README.md | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/autogen/README.md b/autogen/README.md index 620aa422c5..73a6314289 100644 --- a/autogen/README.md +++ b/autogen/README.md @@ -28,7 +28,7 @@ There are multiple examples included in the [examples](./examples/) folder but s ```hcl module "gke" { - source = "terraform-google-modules/kubernetes-engine/google{% if private_cluster %}//modules/private-cluster{% endif %}" + source = "terraform-google-modules/kubernetes-engine/google{{ module_path }}" project_id = "" name = "gke-test-1" region = "us-central1" diff --git a/helpers/generate_modules/generate_modules.py b/helpers/generate_modules/generate_modules.py index f6beb84832..c235e7ad65 100755 --- a/helpers/generate_modules/generate_modules.py +++ b/helpers/generate_modules/generate_modules.py @@ -46,13 +46,16 @@ def template_options(self, base): 'private_cluster': False, }), Module("./modules/private-cluster", { + 'module_path': '//modules/private-cluster', 'private_cluster': True }), Module("./modules/beta-private-cluster", { + 'module_path': '//modules/beta-private-cluster', 'private_cluster': True, 'beta_cluster': True, }), Module("./modules/beta-public-cluster", { + 'module_path': '//modules/beta-public-cluster', 'private_cluster': False, 'beta_cluster': True, }), diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 74bd64c022..dbc69c4d14 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -25,7 +25,7 @@ There are multiple examples included in the [examples](./examples/) folder but s ```hcl module "gke" { - source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" + source = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster" project_id = "" name = "gke-test-1" region = "us-central1" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 316f46d43e..db41d10821 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -23,7 +23,7 @@ There are multiple examples included in the [examples](./examples/) folder but s ```hcl module "gke" { - source = "terraform-google-modules/kubernetes-engine/google" + source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster" project_id = "" name = "gke-test-1" region = "us-central1" From 9bb2f29923beeb88839f68300ed484ae75df729a Mon Sep 17 00:00:00 2001 From: "Julian V. Modesto" Date: Thu, 29 Aug 2019 13:11:52 -0400 Subject: [PATCH 11/14] Set cluster initial node count from var --- autogen/cluster.tf | 1 + cluster.tf | 1 + modules/beta-private-cluster/cluster.tf | 1 + modules/beta-public-cluster/cluster.tf | 1 + modules/private-cluster/cluster.tf | 1 + 5 files changed, 5 insertions(+) diff --git a/autogen/cluster.tf b/autogen/cluster.tf index 9ae4414a18..17f6653ad9 100644 --- a/autogen/cluster.tf +++ b/autogen/cluster.tf @@ -152,6 +152,7 @@ resource "google_container_cluster" "primary" { delete = "30m" } + initial_node_count = var.initial_node_count node_pool { name = "default-pool" initial_node_count = var.initial_node_count diff --git a/cluster.tf b/cluster.tf index 0f94ddb0e5..62766e122a 100644 --- a/cluster.tf +++ b/cluster.tf @@ -108,6 +108,7 @@ resource "google_container_cluster" "primary" { delete = "30m" } + initial_node_count = var.initial_node_count node_pool { name = "default-pool" initial_node_count = var.initial_node_count diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 901ae674eb..6fce4d8598 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -144,6 +144,7 @@ resource "google_container_cluster" "primary" { delete = "30m" } + initial_node_count = var.initial_node_count node_pool { name = "default-pool" initial_node_count = var.initial_node_count diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 1c8561344a..c36f99c596 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -144,6 +144,7 @@ resource "google_container_cluster" "primary" { delete = "30m" } + initial_node_count = var.initial_node_count node_pool { name = "default-pool" initial_node_count = var.initial_node_count diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index a5bb5da979..5954739abd 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -108,6 +108,7 @@ resource "google_container_cluster" "primary" { delete = "30m" } + initial_node_count = var.initial_node_count node_pool { name = "default-pool" initial_node_count = var.initial_node_count From 10be6f3c523653bf69c81c8f9b59cd8e4554185f Mon Sep 17 00:00:00 2001 From: "Julian V. Modesto" Date: Wed, 4 Sep 2019 10:45:38 -0400 Subject: [PATCH 12/14] Ignore changes to initial node count --- autogen/cluster.tf | 3 +-- cluster.tf | 3 +-- modules/beta-private-cluster/cluster.tf | 3 +-- modules/beta-public-cluster/cluster.tf | 3 +-- modules/private-cluster/cluster.tf | 3 +-- 5 files changed, 5 insertions(+), 10 deletions(-) diff --git a/autogen/cluster.tf b/autogen/cluster.tf index 17f6653ad9..4e5fd74d55 100644 --- a/autogen/cluster.tf +++ b/autogen/cluster.tf @@ -143,7 +143,7 @@ resource "google_container_cluster" "primary" { } lifecycle { - ignore_changes = [node_pool] + ignore_changes = [node_pool, initial_node_count] } timeouts { @@ -152,7 +152,6 @@ resource "google_container_cluster" "primary" { delete = "30m" } - initial_node_count = var.initial_node_count node_pool { name = "default-pool" initial_node_count = var.initial_node_count diff --git a/cluster.tf b/cluster.tf index 62766e122a..ffdb27b0fc 100644 --- a/cluster.tf +++ b/cluster.tf @@ -99,7 +99,7 @@ resource "google_container_cluster" "primary" { } lifecycle { - ignore_changes = [node_pool] + ignore_changes = [node_pool, initial_node_count] } timeouts { @@ -108,7 +108,6 @@ resource "google_container_cluster" "primary" { delete = "30m" } - initial_node_count = var.initial_node_count node_pool { name = "default-pool" initial_node_count = var.initial_node_count diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 6fce4d8598..c481c69a35 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -135,7 +135,7 @@ resource "google_container_cluster" "primary" { } lifecycle { - ignore_changes = [node_pool] + ignore_changes = [node_pool, initial_node_count] } timeouts { @@ -144,7 +144,6 @@ resource "google_container_cluster" "primary" { delete = "30m" } - initial_node_count = var.initial_node_count node_pool { name = "default-pool" initial_node_count = var.initial_node_count diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index c36f99c596..a264e932b9 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -135,7 +135,7 @@ resource "google_container_cluster" "primary" { } lifecycle { - ignore_changes = [node_pool] + ignore_changes = [node_pool, initial_node_count] } timeouts { @@ -144,7 +144,6 @@ resource "google_container_cluster" "primary" { delete = "30m" } - initial_node_count = var.initial_node_count node_pool { name = "default-pool" initial_node_count = var.initial_node_count diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 5954739abd..412e8295ed 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -99,7 +99,7 @@ resource "google_container_cluster" "primary" { } lifecycle { - ignore_changes = [node_pool] + ignore_changes = [node_pool, initial_node_count] } timeouts { @@ -108,7 +108,6 @@ resource "google_container_cluster" "primary" { delete = "30m" } - initial_node_count = var.initial_node_count node_pool { name = "default-pool" initial_node_count = var.initial_node_count From 350157a48c059b016d5ed60d734efce5c7cf5583 Mon Sep 17 00:00:00 2001 From: Richard Song Date: Tue, 10 Sep 2019 00:54:57 -0400 Subject: [PATCH 13/14] added feature check for beta feature istio, and added more accurate naming --- autogen/main.tf | 4 ++-- modules/beta-private-cluster/main.tf | 4 ++-- modules/beta-public-cluster/main.tf | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/autogen/main.tf b/autogen/main.tf index 0f5b0edc06..ce787f1fc0 100644 --- a/autogen/main.tf +++ b/autogen/main.tf @@ -104,7 +104,7 @@ locals { {% if beta_cluster %} # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled + cluster_output_istio_disabled = google_container_cluster.primary.addons_config.0.istio_config != null && length(google_container_cluster.primary.addons_config.0.istio_config) == 1 ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : false cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false @@ -137,7 +137,7 @@ locals { cluster_kubernetes_dashboard_enabled = ! local.cluster_output_kubernetes_dashboard_enabled {% if beta_cluster %} # BETA features - cluster_istio_enabled = ! local.cluster_output_istio_enabled + cluster_istio_enabled = ! local.cluster_output_istio_disabled cluster_cloudrun_enabled = var.cloudrun cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled cluster_intranode_visibility_enabled = local.cluster_output_intranode_visbility_enabled diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 1199f2dfa6..fc38644871 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -93,7 +93,7 @@ locals { cluster_output_kubernetes_dashboard_enabled = google_container_cluster.primary.addons_config.0.kubernetes_dashboard.0.disabled # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled + cluster_output_istio_disabled = google_container_cluster.primary.addons_config.0.istio_config != null && length(google_container_cluster.primary.addons_config.0.istio_config) == 1 ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : false cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false @@ -124,7 +124,7 @@ locals { cluster_horizontal_pod_autoscaling_enabled = ! local.cluster_output_horizontal_pod_autoscaling_enabled cluster_kubernetes_dashboard_enabled = ! local.cluster_output_kubernetes_dashboard_enabled # BETA features - cluster_istio_enabled = ! local.cluster_output_istio_enabled + cluster_istio_enabled = ! local.cluster_output_istio_disabled cluster_cloudrun_enabled = var.cloudrun cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled cluster_intranode_visibility_enabled = local.cluster_output_intranode_visbility_enabled diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index e4e7548a3a..dea58d4de5 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -93,7 +93,7 @@ locals { cluster_output_kubernetes_dashboard_enabled = google_container_cluster.primary.addons_config.0.kubernetes_dashboard.0.disabled # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled + cluster_output_istio_disabled = google_container_cluster.primary.addons_config.0.istio_config != null && length(google_container_cluster.primary.addons_config.0.istio_config) == 1 ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : false cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false @@ -124,7 +124,7 @@ locals { cluster_horizontal_pod_autoscaling_enabled = ! local.cluster_output_horizontal_pod_autoscaling_enabled cluster_kubernetes_dashboard_enabled = ! local.cluster_output_kubernetes_dashboard_enabled # BETA features - cluster_istio_enabled = ! local.cluster_output_istio_enabled + cluster_istio_enabled = ! local.cluster_output_istio_disabled cluster_cloudrun_enabled = var.cloudrun cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled cluster_intranode_visibility_enabled = local.cluster_output_intranode_visbility_enabled From f880d6610cc2b03e08eb2905eebe8eccbf23cb96 Mon Sep 17 00:00:00 2001 From: Richard Song Date: Tue, 10 Sep 2019 01:11:52 -0400 Subject: [PATCH 14/14] fixed spacing --- autogen/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/autogen/main.tf b/autogen/main.tf index ce787f1fc0..d9ad888d01 100644 --- a/autogen/main.tf +++ b/autogen/main.tf @@ -104,7 +104,7 @@ locals { {% if beta_cluster %} # BETA features - cluster_output_istio_disabled = google_container_cluster.primary.addons_config.0.istio_config != null && length(google_container_cluster.primary.addons_config.0.istio_config) == 1 ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : false + cluster_output_istio_disabled = google_container_cluster.primary.addons_config.0.istio_config != null && length(google_container_cluster.primary.addons_config.0.istio_config) == 1 ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : false cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false