diff --git a/.kitchen.yml b/.kitchen.yml index 7da9695cbb..d024d0c5e9 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -30,93 +30,50 @@ platforms: suites: - name: "deploy_service" driver: - name: "terraform" - command_timeout: 1800 root_module_directory: test/fixtures/deploy_service verifier: - name: terraform - color: false systems: - name: deploy_service backend: local - lifecycle: - pre_verify: - - sleep 10 - provisioner: - name: terraform - name: "disable_client_cert" driver: - name: "terraform" - command_timeout: 1800 root_module_directory: test/fixtures/disable_client_cert verifier: - name: terraform - color: false systems: - name: disable_client_cert backend: local - provisioner: - name: terraform - name: "node_pool" driver: - name: "terraform" - command_timeout: 1800 root_module_directory: test/fixtures/node_pool verifier: - name: terraform - color: false systems: - name: node_pool backend: local - provisioner: - name: terraform - name: "shared_vpc" driver: - name: "terraform" - command_timeout: 1800 root_module_directory: test/fixtures/shared_vpc verifier: - name: terraform - color: false systems: - name: shared_vpc backend: local - provisioner: - name: terraform - name: "simple_regional" driver: - name: "terraform" - command_timeout: 1800 root_module_directory: test/fixtures/simple_regional verifier: - name: terraform - color: false systems: - name: simple_regional backend: local - provisioner: - name: terraform - name: "simple_regional_private" driver: - name: "terraform" - command_timeout: 1800 root_module_directory: test/fixtures/simple_regional_private verifier: - name: terraform - color: false systems: - name: simple_regional_private backend: local - provisioner: - name: terraform - name: "simple_zonal" driver: - name: "terraform" - command_timeout: 1800 root_module_directory: test/fixtures/simple_zonal verifier: - name: terraform - color: false systems: - name: gcloud backend: local @@ -126,34 +83,20 @@ suites: backend: gcp controls: - gcp - provisioner: - name: terraform - name: "simple_zonal_private" driver: - name: "terraform" - command_timeout: 1800 root_module_directory: test/fixtures/simple_zonal_private verifier: - name: terraform - color: false systems: - name: simple_zonal_private backend: local - provisioner: - name: terraform - name: "stub_domains" driver: - name: "terraform" - command_timeout: 1800 root_module_directory: test/fixtures/stub_domains verifier: - name: terraform - color: false systems: - name: stub_domains backend: local - provisioner: - name: terraform - name: stub_domains_private driver: root_module_directory: test/fixtures/stub_domains_private diff --git a/README.md b/README.md index 1122903c41..e56d7db123 100644 --- a/README.md +++ b/README.md @@ -135,6 +135,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | name | The name of the cluster (required) | string | n/a | yes | | network | The VPC network to host the cluster in (required) | string | n/a | yes | | network\_policy | Enable network policy addon | string | `"false"` | no | +| network\_policy\_provider | The network policy provider. | string | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | string | `""` | no | | node\_pools | List of maps containing node pools | list | `` | no | | node\_pools\_labels | Map of maps containing node labels by node-pool name | map | `` | no | diff --git a/autogen/cluster_regional.tf b/autogen/cluster_regional.tf index bb521ed4c3..46e5e7710e 100644 --- a/autogen/cluster_regional.tf +++ b/autogen/cluster_regional.tf @@ -29,7 +29,13 @@ resource "google_container_cluster" "primary" { region = "${var.region}" node_locations = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"] - network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}" + network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}" + + network_policy { + enabled = "${var.network_policy}" + provider = "${var.network_policy_provider}" + } + subnetwork = "${replace(data.google_compute_subnetwork.gke_subnetwork.self_link, "https://www.googleapis.com/compute/v1/", "")}" min_master_version = "${local.kubernetes_version_regional}" diff --git a/autogen/cluster_zonal.tf b/autogen/cluster_zonal.tf index 557d5b4f90..261fcc04c2 100644 --- a/autogen/cluster_zonal.tf +++ b/autogen/cluster_zonal.tf @@ -29,7 +29,13 @@ resource "google_container_cluster" "zonal_primary" { zone = "${var.zones[0]}" node_locations = ["${slice(var.zones,1,length(var.zones))}"] - network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}" + network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}" + + network_policy { + enabled = "${var.network_policy}" + provider = "${var.network_policy_provider}" + } + subnetwork = "${replace(data.google_compute_subnetwork.gke_subnetwork.self_link, "https://www.googleapis.com/compute/v1/", "")}" min_master_version = "${local.kubernetes_version_zonal}" diff --git a/autogen/variables.tf b/autogen/variables.tf index 407c68fc0b..49af377738 100644 --- a/autogen/variables.tf +++ b/autogen/variables.tf @@ -106,6 +106,11 @@ variable "network_policy" { default = false } +variable "network_policy_provider" { + description = "The network policy provider." + default = "CALICO" +} + variable "maintenance_start_time" { description = "Time window specified for daily maintenance operations in RFC3339 format" default = "05:00" diff --git a/cluster_regional.tf b/cluster_regional.tf index ce081d9081..518ef23a9c 100644 --- a/cluster_regional.tf +++ b/cluster_regional.tf @@ -29,7 +29,13 @@ resource "google_container_cluster" "primary" { region = "${var.region}" node_locations = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"] - network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}" + network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}" + + network_policy { + enabled = "${var.network_policy}" + provider = "${var.network_policy_provider}" + } + subnetwork = "${replace(data.google_compute_subnetwork.gke_subnetwork.self_link, "https://www.googleapis.com/compute/v1/", "")}" min_master_version = "${local.kubernetes_version_regional}" diff --git a/cluster_zonal.tf b/cluster_zonal.tf index 8dc2d0c353..9b214db43b 100644 --- a/cluster_zonal.tf +++ b/cluster_zonal.tf @@ -29,7 +29,13 @@ resource "google_container_cluster" "zonal_primary" { zone = "${var.zones[0]}" node_locations = ["${slice(var.zones,1,length(var.zones))}"] - network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}" + network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}" + + network_policy { + enabled = "${var.network_policy}" + provider = "${var.network_policy_provider}" + } + subnetwork = "${replace(data.google_compute_subnetwork.gke_subnetwork.self_link, "https://www.googleapis.com/compute/v1/", "")}" min_master_version = "${local.kubernetes_version_zonal}" diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index e1978dd332..e50dc73b3f 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -144,6 +144,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | name | The name of the cluster (required) | string | n/a | yes | | network | The VPC network to host the cluster in (required) | string | n/a | yes | | network\_policy | Enable network policy addon | string | `"false"` | no | +| network\_policy\_provider | The network policy provider. | string | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | string | `""` | no | | node\_pools | List of maps containing node pools | list | `` | no | | node\_pools\_labels | Map of maps containing node labels by node-pool name | map | `` | no | diff --git a/modules/private-cluster/cluster_regional.tf b/modules/private-cluster/cluster_regional.tf index 34625f72fb..34f21fd9d1 100644 --- a/modules/private-cluster/cluster_regional.tf +++ b/modules/private-cluster/cluster_regional.tf @@ -29,7 +29,13 @@ resource "google_container_cluster" "primary" { region = "${var.region}" node_locations = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"] - network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}" + network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}" + + network_policy { + enabled = "${var.network_policy}" + provider = "${var.network_policy_provider}" + } + subnetwork = "${replace(data.google_compute_subnetwork.gke_subnetwork.self_link, "https://www.googleapis.com/compute/v1/", "")}" min_master_version = "${local.kubernetes_version_regional}" diff --git a/modules/private-cluster/cluster_zonal.tf b/modules/private-cluster/cluster_zonal.tf index 9ffdac36a9..692cc1a6a6 100644 --- a/modules/private-cluster/cluster_zonal.tf +++ b/modules/private-cluster/cluster_zonal.tf @@ -29,7 +29,13 @@ resource "google_container_cluster" "zonal_primary" { zone = "${var.zones[0]}" node_locations = ["${slice(var.zones,1,length(var.zones))}"] - network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}" + network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}" + + network_policy { + enabled = "${var.network_policy}" + provider = "${var.network_policy_provider}" + } + subnetwork = "${replace(data.google_compute_subnetwork.gke_subnetwork.self_link, "https://www.googleapis.com/compute/v1/", "")}" min_master_version = "${local.kubernetes_version_zonal}" diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 4e376876cb..005a04228e 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -106,6 +106,11 @@ variable "network_policy" { default = false } +variable "network_policy_provider" { + description = "The network policy provider." + default = "CALICO" +} + variable "maintenance_start_time" { description = "Time window specified for daily maintenance operations in RFC3339 format" default = "05:00" diff --git a/test/ci_integration.sh b/test/ci_integration.sh index ba92fd5558..365ed3862e 100755 --- a/test/ci_integration.sh +++ b/test/ci_integration.sh @@ -61,7 +61,6 @@ main() { # Execute the test lifecycle kitchen create "$SUITE" kitchen converge "$SUITE" - kitchen converge "$SUITE" kitchen verify "$SUITE" } diff --git a/variables.tf b/variables.tf index 8a95caab5e..2723a39df5 100644 --- a/variables.tf +++ b/variables.tf @@ -106,6 +106,11 @@ variable "network_policy" { default = false } +variable "network_policy_provider" { + description = "The network policy provider." + default = "CALICO" +} + variable "maintenance_start_time" { description = "Time window specified for daily maintenance operations in RFC3339 format" default = "05:00"