Skip to content

Commit

Permalink
Add additional functionality for autopilot clusters
Browse files Browse the repository at this point in the history
  • Loading branch information
kliu47 committed Jul 2, 2024
1 parent 165a4ae commit 51fdf95
Show file tree
Hide file tree
Showing 23 changed files with 153 additions and 34 deletions.
12 changes: 7 additions & 5 deletions autogen/main/cluster.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -324,6 +324,13 @@ resource "google_container_cluster" "primary" {
}
}



config_connector_config {
enabled = var.config_connector
}
{% endif %}

dynamic "gke_backup_agent_config" {
for_each = local.gke_backup_agent_config

Expand All @@ -347,11 +354,6 @@ resource "google_container_cluster" "primary" {
enabled = stateful_ha_config.value.enabled
}
}

config_connector_config {
enabled = var.config_connector
}
{% endif %}
{% if beta_cluster and autopilot_cluster != true %}

istio_config {
Expand Down
3 changes: 2 additions & 1 deletion autogen/main/variables.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -741,6 +741,7 @@ variable "gce_pd_csi_driver" {
default = true
}

{% endif %}
variable "gke_backup_agent_config" {
type = bool
description = "Whether Backup for GKE agent is enabled for this cluster."
Expand All @@ -759,7 +760,7 @@ variable "stateful_ha" {
default = false
}

{% endif %}

variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
Expand Down
10 changes: 6 additions & 4 deletions cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,12 @@ resource "google_container_cluster" "primary" {
}
}



config_connector_config {
enabled = var.config_connector
}

dynamic "gke_backup_agent_config" {
for_each = local.gke_backup_agent_config

Expand All @@ -267,10 +273,6 @@ resource "google_container_cluster" "primary" {
enabled = stateful_ha_config.value.enabled
}
}

config_connector_config {
enabled = var.config_connector
}
}

datapath_provider = var.datapath_provider
Expand Down
3 changes: 3 additions & 0 deletions examples/simple_autopilot_public/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -49,4 +49,7 @@ module "gke" {
network_tags = [local.cluster_type]
deletion_protection = false
enable_l4_ilb_subsetting = true
gcs_fuse_csi_driver = true
stateful_ha = false
gke_backup_agent_config = false
}
3 changes: 3 additions & 0 deletions modules/beta-autopilot-private-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,8 @@ Then perform the following commands on the root folder:
| fleet\_project | (Optional) Register the cluster with the fleet in this project. | `string` | `null` | no |
| fleet\_project\_grant\_service\_agent | (Optional) Grant the fleet project service identity the `roles/gkehub.serviceAgent` and `roles/gkehub.crossProjectServiceAgent` roles. | `bool` | `false` | no |
| gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no |
| gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no |
| gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
| http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no |
Expand Down Expand Up @@ -141,6 +143,7 @@ Then perform the following commands on the root folder:
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | <pre>object({<br> metadata = string<br> })</pre> | <pre>{<br> "metadata": "INCLUDE_ALL_METADATA"<br>}</pre> | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
| stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no |
| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
Expand Down
24 changes: 24 additions & 0 deletions modules/beta-autopilot-private-cluster/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,30 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}


dynamic "gke_backup_agent_config" {
for_each = local.gke_backup_agent_config

content {
enabled = gke_backup_agent_config.value.enabled
}
}

dynamic "gcs_fuse_csi_driver_config" {
for_each = local.gcs_fuse_csi_driver_config

content {
enabled = gcs_fuse_csi_driver_config.value.enabled
}
}

dynamic "stateful_ha_config" {
for_each = local.stateful_ha_config

content {
enabled = stateful_ha_config.value.enabled
}
}
}

allow_net_admin = var.allow_net_admin
Expand Down
19 changes: 19 additions & 0 deletions modules/beta-autopilot-private-cluster/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -453,6 +453,25 @@ variable "database_encryption" {
}


variable "gke_backup_agent_config" {
type = bool
description = "Whether Backup for GKE agent is enabled for this cluster."
default = false
}

variable "gcs_fuse_csi_driver" {
type = bool
description = "Whether GCE FUSE CSI driver is enabled for this cluster."
default = false
}

variable "stateful_ha" {
type = bool
description = "Whether the Stateful HA Addon is enabled for this cluster."
default = false
}


variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
Expand Down
3 changes: 3 additions & 0 deletions modules/beta-autopilot-public-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,8 @@ Then perform the following commands on the root folder:
| fleet\_project | (Optional) Register the cluster with the fleet in this project. | `string` | `null` | no |
| fleet\_project\_grant\_service\_agent | (Optional) Grant the fleet project service identity the `roles/gkehub.serviceAgent` and `roles/gkehub.crossProjectServiceAgent` roles. | `bool` | `false` | no |
| gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no |
| gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no |
| gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
| http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no |
Expand Down Expand Up @@ -130,6 +132,7 @@ Then perform the following commands on the root folder:
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | <pre>object({<br> metadata = string<br> })</pre> | <pre>{<br> "metadata": "INCLUDE_ALL_METADATA"<br>}</pre> | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
| stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no |
| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
Expand Down
24 changes: 24 additions & 0 deletions modules/beta-autopilot-public-cluster/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -135,6 +135,30 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}


dynamic "gke_backup_agent_config" {
for_each = local.gke_backup_agent_config

content {
enabled = gke_backup_agent_config.value.enabled
}
}

dynamic "gcs_fuse_csi_driver_config" {
for_each = local.gcs_fuse_csi_driver_config

content {
enabled = gcs_fuse_csi_driver_config.value.enabled
}
}

dynamic "stateful_ha_config" {
for_each = local.stateful_ha_config

content {
enabled = stateful_ha_config.value.enabled
}
}
}

allow_net_admin = var.allow_net_admin
Expand Down
19 changes: 19 additions & 0 deletions modules/beta-autopilot-public-cluster/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -423,6 +423,25 @@ variable "database_encryption" {
}


variable "gke_backup_agent_config" {
type = bool
description = "Whether Backup for GKE agent is enabled for this cluster."
default = false
}

variable "gcs_fuse_csi_driver" {
type = bool
description = "Whether GCE FUSE CSI driver is enabled for this cluster."
default = false
}

variable "stateful_ha" {
type = bool
description = "Whether the Stateful HA Addon is enabled for this cluster."
default = false
}


variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
Expand Down
10 changes: 6 additions & 4 deletions modules/beta-private-cluster-update-variant/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,12 @@ resource "google_container_cluster" "primary" {
}
}



config_connector_config {
enabled = var.config_connector
}

dynamic "gke_backup_agent_config" {
for_each = local.gke_backup_agent_config

Expand All @@ -291,10 +297,6 @@ resource "google_container_cluster" "primary" {
}
}

config_connector_config {
enabled = var.config_connector
}

istio_config {
disabled = !var.istio
auth = var.istio_auth
Expand Down
1 change: 1 addition & 0 deletions modules/beta-private-cluster-update-variant/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -728,6 +728,7 @@ variable "stateful_ha" {
default = false
}


variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
Expand Down
10 changes: 6 additions & 4 deletions modules/beta-private-cluster/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,12 @@ resource "google_container_cluster" "primary" {
}
}



config_connector_config {
enabled = var.config_connector
}

dynamic "gke_backup_agent_config" {
for_each = local.gke_backup_agent_config

Expand All @@ -291,10 +297,6 @@ resource "google_container_cluster" "primary" {
}
}

config_connector_config {
enabled = var.config_connector
}

istio_config {
disabled = !var.istio
auth = var.istio_auth
Expand Down
1 change: 1 addition & 0 deletions modules/beta-private-cluster/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -728,6 +728,7 @@ variable "stateful_ha" {
default = false
}


variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
Expand Down
10 changes: 6 additions & 4 deletions modules/beta-public-cluster-update-variant/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,12 @@ resource "google_container_cluster" "primary" {
}
}



config_connector_config {
enabled = var.config_connector
}

dynamic "gke_backup_agent_config" {
for_each = local.gke_backup_agent_config

Expand All @@ -291,10 +297,6 @@ resource "google_container_cluster" "primary" {
}
}

config_connector_config {
enabled = var.config_connector
}

istio_config {
disabled = !var.istio
auth = var.istio_auth
Expand Down
1 change: 1 addition & 0 deletions modules/beta-public-cluster-update-variant/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -698,6 +698,7 @@ variable "stateful_ha" {
default = false
}


variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
Expand Down
10 changes: 6 additions & 4 deletions modules/beta-public-cluster/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,12 @@ resource "google_container_cluster" "primary" {
}
}



config_connector_config {
enabled = var.config_connector
}

dynamic "gke_backup_agent_config" {
for_each = local.gke_backup_agent_config

Expand All @@ -291,10 +297,6 @@ resource "google_container_cluster" "primary" {
}
}

config_connector_config {
enabled = var.config_connector
}

istio_config {
disabled = !var.istio
auth = var.istio_auth
Expand Down
1 change: 1 addition & 0 deletions modules/beta-public-cluster/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -698,6 +698,7 @@ variable "stateful_ha" {
default = false
}


variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
Expand Down
10 changes: 6 additions & 4 deletions modules/private-cluster-update-variant/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -244,6 +244,12 @@ resource "google_container_cluster" "primary" {
}
}



config_connector_config {
enabled = var.config_connector
}

dynamic "gke_backup_agent_config" {
for_each = local.gke_backup_agent_config

Expand All @@ -267,10 +273,6 @@ resource "google_container_cluster" "primary" {
enabled = stateful_ha_config.value.enabled
}
}

config_connector_config {
enabled = var.config_connector
}
}

datapath_provider = var.datapath_provider
Expand Down
1 change: 1 addition & 0 deletions modules/private-cluster-update-variant/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -703,6 +703,7 @@ variable "stateful_ha" {
default = false
}


variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
Expand Down
Loading

0 comments on commit 51fdf95

Please sign in to comment.