From 425729c5f991eef6ba57d18b42e6dd90ba0a7ae9 Mon Sep 17 00:00:00 2001 From: pp Date: Mon, 19 Aug 2019 18:21:16 +0300 Subject: [PATCH] Added check for beta feature fields, as well as support for resource usage export config * Based on PR https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/230 * Add support for beta feature resource_usage_export_config (Fixes #232) * Fixed `google-beta` provider version --- CHANGELOG.md | 3 +++ autogen/cluster.tf | 6 +++--- autogen/main.tf | 6 +++--- autogen/variables.tf | 9 ++++++++- autogen/versions.tf | 4 ++++ examples/deploy_service/main.tf | 6 ++---- examples/disable_client_cert/main.tf | 6 ++---- examples/node_pool/main.tf | 6 ++---- examples/shared_vpc/main.tf | 6 ++---- examples/simple_regional/main.tf | 6 ++---- examples/simple_regional_beta/main.tf | 2 -- examples/simple_regional_private/main.tf | 3 +-- examples/simple_regional_private_beta/main.tf | 1 - examples/simple_zonal/main.tf | 6 ++---- examples/simple_zonal_private/main.tf | 3 +-- examples/stub_domains/main.tf | 6 ++---- examples/stub_domains_private/main.tf | 3 +-- examples/stub_domains_upstream_nameservers/main.tf | 6 ++---- examples/upstream_nameservers/main.tf | 6 ++---- examples/workload_metadata_config/main.tf | 3 +-- modules/beta-private-cluster/README.md | 3 ++- modules/beta-private-cluster/cluster.tf | 6 +++--- modules/beta-private-cluster/main.tf | 6 +++--- modules/beta-private-cluster/variables.tf | 9 ++++++++- modules/beta-private-cluster/versions.tf | 4 ++++ modules/beta-public-cluster/README.md | 3 ++- modules/beta-public-cluster/cluster.tf | 6 +++--- modules/beta-public-cluster/main.tf | 6 +++--- modules/beta-public-cluster/variables.tf | 9 ++++++++- modules/beta-public-cluster/versions.tf | 4 ++++ modules/private-cluster/versions.tf | 4 ++++ versions.tf | 4 ++++ 32 files changed, 91 insertions(+), 70 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d431d08077..91cdb1b8ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,8 @@ Extending the adopted spec, each change should have a link to its corresponding ## [Unreleased] ### Added +* Added check for beta feature fields, as well as support for resource usage export config [#238] + * Support for Intranode Visbiility (IV) and Veritical Pod Autoscaling (VPA) beta features [#216] * **Breaking**: Support for Workload Identity beta feature [#234] @@ -168,6 +170,7 @@ Extending the adopted spec, each change should have a link to its corresponding [v0.3.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.2.0...v0.3.0 [v0.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.1.0...v0.2.0 +[#238]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/238 [#216]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/216 [#214]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/214 [#210]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/210 diff --git a/autogen/cluster.tf b/autogen/cluster.tf index 0ee73fedf0..94bb639b00 100644 --- a/autogen/cluster.tf +++ b/autogen/cluster.tf @@ -67,11 +67,11 @@ resource "google_container_cluster" "primary" { } } dynamic "resource_usage_export_config" { - for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : [] + for_each = var.resource_usage_export_dataset_id != "" || var.resource_usage_export_network_egress_metering ? [var.resource_usage_export_network_egress_metering] : [] content { - enable_network_egress_metering = true + enable_network_egress_metering = resource_usage_export_network_egress_metering.value bigquery_destination { - dataset_id = resource_usage_export_dataset_id.value + dataset_id = var.resource_usage_export_dataset_id } } } diff --git a/autogen/main.tf b/autogen/main.tf index 4874a63c35..5b0abf3107 100644 --- a/autogen/main.tf +++ b/autogen/main.tf @@ -98,10 +98,10 @@ locals { {% if beta_cluster %} # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true" - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false" + cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : true + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false" + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false # /BETA features {% endif %} diff --git a/autogen/variables.tf b/autogen/variables.tf index af601db3c4..45593cb278 100644 --- a/autogen/variables.tf +++ b/autogen/variables.tf @@ -361,10 +361,17 @@ variable "pod_security_policy_config" { } variable "resource_usage_export_dataset_id" { - description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic." + type = string + description = "The dataset id of network egress metering for this cluster." default = "" } +variable "resource_usage_export_network_egress_metering" { + type = bool + description = "Enable/disable network egress metering for this cluster." + default = false +} + variable "node_metadata" { description = "Specifies how node metadata is exposed to the workload running on the node" default = "UNSPECIFIED" diff --git a/autogen/versions.tf b/autogen/versions.tf index 832ec1df39..fe8bc38c6d 100644 --- a/autogen/versions.tf +++ b/autogen/versions.tf @@ -16,4 +16,8 @@ terraform { required_version = ">= 0.12" + required_providers { + google-beta = "~> 2.12.0" + google = "~> 2.9.0" + } } diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf index 76c6993459..d3aaf29c35 100644 --- a/examples/deploy_service/main.tf +++ b/examples/deploy_service/main.tf @@ -19,13 +19,11 @@ locals { } provider "google" { - version = "~> 2.9.0" - region = var.region + region = var.region } provider "google-beta" { - version = "~> 2.9.0" - region = var.region + region = var.region } provider "kubernetes" { diff --git a/examples/disable_client_cert/main.tf b/examples/disable_client_cert/main.tf index e08e132216..d9e7a2dd25 100644 --- a/examples/disable_client_cert/main.tf +++ b/examples/disable_client_cert/main.tf @@ -19,13 +19,11 @@ locals { } provider "google" { - version = "~> 2.9.0" - region = var.region + region = var.region } provider "google-beta" { - version = "~> 2.9.0" - region = var.region + region = var.region } module "gke" { diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index df0761466a..cf12067e21 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -19,13 +19,11 @@ locals { } provider "google" { - version = "~> 2.9.0" - region = var.region + region = var.region } provider "google-beta" { - version = "~> 2.9.0" - region = var.region + region = var.region } module "gke" { diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf index c3dc9ee9cd..016a1d5d2d 100644 --- a/examples/shared_vpc/main.tf +++ b/examples/shared_vpc/main.tf @@ -19,13 +19,11 @@ locals { } provider "google" { - version = "~> 2.9.0" - region = var.region + region = var.region } provider "google-beta" { - version = "~> 2.9.0" - region = var.region + region = var.region } module "gke" { diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf index 506f4337b1..c5373140bf 100644 --- a/examples/simple_regional/main.tf +++ b/examples/simple_regional/main.tf @@ -19,13 +19,11 @@ locals { } provider "google" { - version = "~> 2.9.0" - region = var.region + region = var.region } provider "google-beta" { - version = "~> 2.9.0" - region = var.region + region = var.region } module "gke" { diff --git a/examples/simple_regional_beta/main.tf b/examples/simple_regional_beta/main.tf index 0de45757a7..c68dcc7ead 100644 --- a/examples/simple_regional_beta/main.tf +++ b/examples/simple_regional_beta/main.tf @@ -19,13 +19,11 @@ locals { } provider "google" { - version = "~> 2.9.0" credentials = file(var.credentials_path) region = var.region } provider "google-beta" { - version = "~> 2.9.0" credentials = file(var.credentials_path) region = var.region } diff --git a/examples/simple_regional_private/main.tf b/examples/simple_regional_private/main.tf index 6413c4d70b..2b6e678c0d 100644 --- a/examples/simple_regional_private/main.tf +++ b/examples/simple_regional_private/main.tf @@ -19,8 +19,7 @@ locals { } provider "google-beta" { - version = "~> 2.9.0" - region = var.region + region = var.region } data "google_compute_subnetwork" "subnetwork" { diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf index 406228a1a9..2074074d46 100644 --- a/examples/simple_regional_private_beta/main.tf +++ b/examples/simple_regional_private_beta/main.tf @@ -19,7 +19,6 @@ locals { } provider "google-beta" { - version = "~> 2.9.0" credentials = file(var.credentials_path) region = var.region } diff --git a/examples/simple_zonal/main.tf b/examples/simple_zonal/main.tf index 0d44fabcd9..4e92019941 100644 --- a/examples/simple_zonal/main.tf +++ b/examples/simple_zonal/main.tf @@ -19,13 +19,11 @@ locals { } provider "google" { - version = "~> 2.9.0" - region = var.region + region = var.region } provider "google-beta" { - version = "~> 2.9.0" - region = var.region + region = var.region } module "gke" { diff --git a/examples/simple_zonal_private/main.tf b/examples/simple_zonal_private/main.tf index 0c9f4d1ce8..6d786f7c0f 100644 --- a/examples/simple_zonal_private/main.tf +++ b/examples/simple_zonal_private/main.tf @@ -19,8 +19,7 @@ locals { } provider "google-beta" { - version = "~> 2.9.0" - region = var.region + region = var.region } data "google_compute_subnetwork" "subnetwork" { diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf index f8d12abaa6..f1175f4ce8 100644 --- a/examples/stub_domains/main.tf +++ b/examples/stub_domains/main.tf @@ -19,13 +19,11 @@ locals { } provider "google" { - version = "~> 2.9.0" - region = var.region + region = var.region } provider "google-beta" { - version = "~> 2.9.0" - region = var.region + region = var.region } module "gke" { diff --git a/examples/stub_domains_private/main.tf b/examples/stub_domains_private/main.tf index 6c4005de7b..38763e33c0 100644 --- a/examples/stub_domains_private/main.tf +++ b/examples/stub_domains_private/main.tf @@ -15,8 +15,7 @@ */ provider "google-beta" { - version = "~> 2.9.0" - region = var.region + region = var.region } provider "random" { diff --git a/examples/stub_domains_upstream_nameservers/main.tf b/examples/stub_domains_upstream_nameservers/main.tf index 253cb56742..443dce3375 100644 --- a/examples/stub_domains_upstream_nameservers/main.tf +++ b/examples/stub_domains_upstream_nameservers/main.tf @@ -19,13 +19,11 @@ locals { } provider "google" { - version = "~> 2.9.0" - region = var.region + region = var.region } provider "google-beta" { - version = "~> 2.9.0" - region = var.region + region = var.region } module "gke" { diff --git a/examples/upstream_nameservers/main.tf b/examples/upstream_nameservers/main.tf index af7a9821fa..99a7a16f0f 100644 --- a/examples/upstream_nameservers/main.tf +++ b/examples/upstream_nameservers/main.tf @@ -19,13 +19,11 @@ locals { } provider "google" { - version = "~> 2.9.0" - region = var.region + region = var.region } provider "google-beta" { - version = "~> 2.9.0" - region = var.region + region = var.region } module "gke" { diff --git a/examples/workload_metadata_config/main.tf b/examples/workload_metadata_config/main.tf index e5e0c6d811..333e549821 100644 --- a/examples/workload_metadata_config/main.tf +++ b/examples/workload_metadata_config/main.tf @@ -19,8 +19,7 @@ locals { } provider "google-beta" { - version = "~> 2.9.0" - region = var.region + region = var.region } data "google_compute_subnetwork" "subnetwork" { diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index fb647807b3..b0d56eb0bf 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -189,7 +189,8 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | region | The region to host the cluster in (required) | string | n/a | yes | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool | `"true"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no | -| resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no | +| resource\_usage\_export\_dataset\_id | The dataset id of network egress metering for this cluster. | string | `""` | no | +| resource\_usage\_export\_network\_egress\_metering | Enable/disable network egress metering for this cluster. | bool | `"false"` | no | | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `` | no | | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index f00394278d..6d406cf776 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -62,11 +62,11 @@ resource "google_container_cluster" "primary" { } } dynamic "resource_usage_export_config" { - for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : [] + for_each = var.resource_usage_export_dataset_id != "" || var.resource_usage_export_network_egress_metering ? [var.resource_usage_export_network_egress_metering] : [] content { - enable_network_egress_metering = true + enable_network_egress_metering = resource_usage_export_network_egress_metering.value bigquery_destination { - dataset_id = resource_usage_export_dataset_id.value + dataset_id = var.resource_usage_export_dataset_id } } } diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index d1dc27229d..a28fde9c14 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -87,10 +87,10 @@ locals { cluster_output_kubernetes_dashboard_enabled = google_container_cluster.primary.addons_config.0.kubernetes_dashboard.0.disabled # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true" - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false" + cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : true + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false" + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false # /BETA features diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index ae4f570b56..4767353531 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -358,10 +358,17 @@ variable "pod_security_policy_config" { } variable "resource_usage_export_dataset_id" { - description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic." + type = string + description = "The dataset id of network egress metering for this cluster." default = "" } +variable "resource_usage_export_network_egress_metering" { + type = bool + description = "Enable/disable network egress metering for this cluster." + default = false +} + variable "node_metadata" { description = "Specifies how node metadata is exposed to the workload running on the node" default = "UNSPECIFIED" diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 832ec1df39..fe8bc38c6d 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -16,4 +16,8 @@ terraform { required_version = ">= 0.12" + required_providers { + google-beta = "~> 2.12.0" + google = "~> 2.9.0" + } } diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index d8a8f3e3eb..df6b12cee4 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -180,7 +180,8 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | region | The region to host the cluster in (required) | string | n/a | yes | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool | `"true"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no | -| resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no | +| resource\_usage\_export\_dataset\_id | The dataset id of network egress metering for this cluster. | string | `""` | no | +| resource\_usage\_export\_network\_egress\_metering | Enable/disable network egress metering for this cluster. | bool | `"false"` | no | | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `` | no | | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 9909ede921..fac52f7420 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -62,11 +62,11 @@ resource "google_container_cluster" "primary" { } } dynamic "resource_usage_export_config" { - for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : [] + for_each = var.resource_usage_export_dataset_id != "" || var.resource_usage_export_network_egress_metering ? [var.resource_usage_export_network_egress_metering] : [] content { - enable_network_egress_metering = true + enable_network_egress_metering = resource_usage_export_network_egress_metering.value bigquery_destination { - dataset_id = resource_usage_export_dataset_id.value + dataset_id = var.resource_usage_export_dataset_id } } } diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index 1bd1953174..d65077b371 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -87,10 +87,10 @@ locals { cluster_output_kubernetes_dashboard_enabled = google_container_cluster.primary.addons_config.0.kubernetes_dashboard.0.disabled # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true" - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false" + cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : true + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false" + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : false # /BETA features diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 0645734e3c..ebf5526bf1 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -334,10 +334,17 @@ variable "pod_security_policy_config" { } variable "resource_usage_export_dataset_id" { - description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic." + type = string + description = "The dataset id of network egress metering for this cluster." default = "" } +variable "resource_usage_export_network_egress_metering" { + type = bool + description = "Enable/disable network egress metering for this cluster." + default = false +} + variable "node_metadata" { description = "Specifies how node metadata is exposed to the workload running on the node" default = "UNSPECIFIED" diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index 832ec1df39..fe8bc38c6d 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -16,4 +16,8 @@ terraform { required_version = ">= 0.12" + required_providers { + google-beta = "~> 2.12.0" + google = "~> 2.9.0" + } } diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index 832ec1df39..fe8bc38c6d 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -16,4 +16,8 @@ terraform { required_version = ">= 0.12" + required_providers { + google-beta = "~> 2.12.0" + google = "~> 2.9.0" + } } diff --git a/versions.tf b/versions.tf index 832ec1df39..fe8bc38c6d 100644 --- a/versions.tf +++ b/versions.tf @@ -16,4 +16,8 @@ terraform { required_version = ">= 0.12" + required_providers { + google-beta = "~> 2.12.0" + google = "~> 2.9.0" + } }