Skip to content

Commit

Permalink
feat!: promote gce_pd_csi_driver to GA (terraform-google-modules#1509)
Browse files Browse the repository at this point in the history
  • Loading branch information
mnahkies authored Dec 29, 2022
1 parent 1b4e28e commit 31aefac
Show file tree
Hide file tree
Showing 34 changed files with 181 additions and 101 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,7 @@ Then perform the following commands on the root folder:
| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
| firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | <pre>[<br> "8443",<br> "9443",<br> "15017"<br>]</pre> | no |
| firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
| gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
| http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no |
Expand Down
17 changes: 8 additions & 9 deletions autogen/main/cluster.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -235,7 +235,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}


{% if autopilot_cluster != true %}
network_policy_config {
disabled = !var.network_policy
Expand All @@ -248,6 +247,14 @@ resource "google_container_cluster" "primary" {
gcp_filestore_csi_driver_config {
enabled = var.filestore_csi_driver
}

dynamic "gce_persistent_disk_csi_driver_config" {
for_each = local.cluster_gce_pd_csi_config

content {
enabled = gce_persistent_disk_csi_driver_config.value.enabled
}
}
{% endif %}
{% if beta_cluster and autopilot_cluster != true %}

Expand All @@ -264,14 +271,6 @@ resource "google_container_cluster" "primary" {
}
}

dynamic "gce_persistent_disk_csi_driver_config" {
for_each = local.cluster_gce_pd_csi_config

content {
enabled = gce_persistent_disk_csi_driver_config.value.enabled
}
}

kalm_config {
enabled = var.kalm_config
}
Expand Down
2 changes: 1 addition & 1 deletion autogen/main/main.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ locals {
enabled = false
provider = null
}]
cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
{% endif %}
{% if beta_cluster and autopilot_cluster != true %}
cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? {
Expand All @@ -109,7 +110,6 @@ locals {
)
] : []
cluster_cloudrun_enabled = var.cloudrun
cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
{% endif %}
Expand Down
12 changes: 6 additions & 6 deletions autogen/main/variables.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -605,6 +605,12 @@ variable "cluster_dns_domain" {
default = ""
}

variable "gce_pd_csi_driver" {
type = bool
description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
default = true
}

{% endif %}
variable "timeouts" {
type = map(string)
Expand Down Expand Up @@ -713,11 +719,5 @@ variable "enable_identity_service" {
description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
default = false
}

variable "gce_pd_csi_driver" {
type = bool
description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
default = false
}
{% endif %}
{% endif %}
9 changes: 8 additions & 1 deletion cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}


network_policy_config {
disabled = !var.network_policy
}
Expand All @@ -143,6 +142,14 @@ resource "google_container_cluster" "primary" {
gcp_filestore_csi_driver_config {
enabled = var.filestore_csi_driver
}

dynamic "gce_persistent_disk_csi_driver_config" {
for_each = local.cluster_gce_pd_csi_config

content {
enabled = gce_persistent_disk_csi_driver_config.value.enabled
}
}
}

datapath_provider = var.datapath_provider
Expand Down
42 changes: 42 additions & 0 deletions docs/upgrading_to_v25.0.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# Upgrading to v25.0
The v25.0 release of *kubernetes-engine* is a backwards incompatible
release.

### gce_pd_csi_driver is GA and enabled by default

`gce_pd_csi_driver` is now supported in GA modules and defaults to true. To opt out, set `gce_pd_csi_driver` to `false`.

```diff
module "gke" {
- source = "terraform-google-modules/kubernetes-engine"
- version = "~> 24.0"
+ source = "terraform-google-modules/kubernetes-engine"
+ version = "~> 25.0"
...
+ gce_pd_csi_driver = false
}
```

### Use the created service account when creating autopilot clusters

When `create_service_account` is `true` pass the created service account to the `cluster_autoscaling` -> `auto_provisioning_defaults` block
for the `beta-autopilot-private-cluster` / `beta-autopilot-public-cluster` modules.

This will mean that the `Nodes` will use the created service account, where previously the default service account was erronously used instead.

To opt out, set `create_service_account` to `false`

```diff
module "gke" {
- source = "terraform-google-modules/kubernetes-engine"
- version = "~> 24.0"
+ source = "terraform-google-modules/kubernetes-engine"
+ version = "~> 25.0"
...
+ create_service_account = false
}
```

### Minimum Google Provider versions

Minimum Google Provider versions have been updated to `4.44.0`.
1 change: 1 addition & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ locals {
enabled = false
provider = null
}]
cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]

cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{
security_group = var.authenticator_security_group
Expand Down
1 change: 0 additions & 1 deletion modules/beta-autopilot-private-cluster/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}


}

datapath_provider = var.datapath_provider
Expand Down
1 change: 0 additions & 1 deletion modules/beta-autopilot-public-cluster/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}


}

datapath_provider = var.datapath_provider
Expand Down
2 changes: 1 addition & 1 deletion modules/beta-private-cluster-update-variant/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,7 @@ Then perform the following commands on the root folder:
| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
| firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | <pre>[<br> "8443",<br> "9443",<br> "15017"<br>]</pre> | no |
| firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
| gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no |
| gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no |
| gke\_backup\_agent\_config | (Beta) Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
Expand Down
17 changes: 8 additions & 9 deletions modules/beta-private-cluster-update-variant/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}


network_policy_config {
disabled = !var.network_policy
}
Expand All @@ -200,6 +199,14 @@ resource "google_container_cluster" "primary" {
enabled = var.filestore_csi_driver
}

dynamic "gce_persistent_disk_csi_driver_config" {
for_each = local.cluster_gce_pd_csi_config

content {
enabled = gce_persistent_disk_csi_driver_config.value.enabled
}
}

istio_config {
disabled = !var.istio
auth = var.istio_auth
Expand All @@ -213,14 +220,6 @@ resource "google_container_cluster" "primary" {
}
}

dynamic "gce_persistent_disk_csi_driver_config" {
for_each = local.cluster_gce_pd_csi_config

content {
enabled = gce_persistent_disk_csi_driver_config.value.enabled
}
}

kalm_config {
enabled = var.kalm_config
}
Expand Down
8 changes: 4 additions & 4 deletions modules/beta-private-cluster-update-variant/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ locals {
enabled = false
provider = null
}]
cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? {
load_balancer_type = var.cloudrun_load_balancer_type
} : {}
Expand All @@ -93,10 +94,9 @@ locals {
local.cluster_cloudrun_config_load_balancer_config
)
] : []
cluster_cloudrun_enabled = var.cloudrun
cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
cluster_cloudrun_enabled = var.cloudrun
gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus

cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{
security_group = var.authenticator_security_group
Expand Down
12 changes: 6 additions & 6 deletions modules/beta-private-cluster-update-variant/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -578,6 +578,12 @@ variable "cluster_dns_domain" {
default = ""
}

variable "gce_pd_csi_driver" {
type = bool
description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
default = true
}

variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
Expand Down Expand Up @@ -681,9 +687,3 @@ variable "enable_identity_service" {
description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
default = false
}

variable "gce_pd_csi_driver" {
type = bool
description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
default = false
}
2 changes: 1 addition & 1 deletion modules/beta-private-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,7 @@ Then perform the following commands on the root folder:
| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
| firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | <pre>[<br> "8443",<br> "9443",<br> "15017"<br>]</pre> | no |
| firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
| gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no |
| gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no |
| gke\_backup\_agent\_config | (Beta) Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
Expand Down
17 changes: 8 additions & 9 deletions modules/beta-private-cluster/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -187,7 +187,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}


network_policy_config {
disabled = !var.network_policy
}
Expand All @@ -200,6 +199,14 @@ resource "google_container_cluster" "primary" {
enabled = var.filestore_csi_driver
}

dynamic "gce_persistent_disk_csi_driver_config" {
for_each = local.cluster_gce_pd_csi_config

content {
enabled = gce_persistent_disk_csi_driver_config.value.enabled
}
}

istio_config {
disabled = !var.istio
auth = var.istio_auth
Expand All @@ -213,14 +220,6 @@ resource "google_container_cluster" "primary" {
}
}

dynamic "gce_persistent_disk_csi_driver_config" {
for_each = local.cluster_gce_pd_csi_config

content {
enabled = gce_persistent_disk_csi_driver_config.value.enabled
}
}

kalm_config {
enabled = var.kalm_config
}
Expand Down
8 changes: 4 additions & 4 deletions modules/beta-private-cluster/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ locals {
enabled = false
provider = null
}]
cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? {
load_balancer_type = var.cloudrun_load_balancer_type
} : {}
Expand All @@ -93,10 +94,9 @@ locals {
local.cluster_cloudrun_config_load_balancer_config
)
] : []
cluster_cloudrun_enabled = var.cloudrun
cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
cluster_cloudrun_enabled = var.cloudrun
gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus

cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{
security_group = var.authenticator_security_group
Expand Down
12 changes: 6 additions & 6 deletions modules/beta-private-cluster/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -578,6 +578,12 @@ variable "cluster_dns_domain" {
default = ""
}

variable "gce_pd_csi_driver" {
type = bool
description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
default = true
}

variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
Expand Down Expand Up @@ -681,9 +687,3 @@ variable "enable_identity_service" {
description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
default = false
}

variable "gce_pd_csi_driver" {
type = bool
description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
default = false
}
2 changes: 1 addition & 1 deletion modules/beta-public-cluster-update-variant/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ Then perform the following commands on the root folder:
| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
| firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | <pre>[<br> "8443",<br> "9443",<br> "15017"<br>]</pre> | no |
| firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
| gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no |
| gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no |
| gke\_backup\_agent\_config | (Beta) Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
Expand Down
Loading

0 comments on commit 31aefac

Please sign in to comment.