From 51fdf95e709585111737ec0f02ad74829f98b212 Mon Sep 17 00:00:00 2001 From: kliu47 <88392374+kliu47@users.noreply.github.com> Date: Tue, 2 Jul 2024 16:32:47 -0500 Subject: [PATCH] Add additional functionality for autopilot clusters --- autogen/main/cluster.tf.tmpl | 12 ++++++---- autogen/main/variables.tf.tmpl | 3 ++- cluster.tf | 10 ++++---- examples/simple_autopilot_public/main.tf | 3 +++ .../beta-autopilot-private-cluster/README.md | 3 +++ .../beta-autopilot-private-cluster/cluster.tf | 24 +++++++++++++++++++ .../variables.tf | 19 +++++++++++++++ .../beta-autopilot-public-cluster/README.md | 3 +++ .../beta-autopilot-public-cluster/cluster.tf | 24 +++++++++++++++++++ .../variables.tf | 19 +++++++++++++++ .../cluster.tf | 10 ++++---- .../variables.tf | 1 + modules/beta-private-cluster/cluster.tf | 10 ++++---- modules/beta-private-cluster/variables.tf | 1 + .../cluster.tf | 10 ++++---- .../variables.tf | 1 + modules/beta-public-cluster/cluster.tf | 10 ++++---- modules/beta-public-cluster/variables.tf | 1 + .../private-cluster-update-variant/cluster.tf | 10 ++++---- .../variables.tf | 1 + modules/private-cluster/cluster.tf | 10 ++++---- modules/private-cluster/variables.tf | 1 + variables.tf | 1 + 23 files changed, 153 insertions(+), 34 deletions(-) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 633ba69312..0e3b657b4f 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -324,6 +324,13 @@ resource "google_container_cluster" "primary" { } } + + + config_connector_config { + enabled = var.config_connector + } + {% endif %} + dynamic "gke_backup_agent_config" { for_each = local.gke_backup_agent_config @@ -347,11 +354,6 @@ resource "google_container_cluster" "primary" { enabled = stateful_ha_config.value.enabled } } - - config_connector_config { - enabled = var.config_connector - } - {% endif %} {% if beta_cluster and autopilot_cluster != true %} istio_config { diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 515a8af1fd..46d339f41e 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -741,6 +741,7 @@ variable "gce_pd_csi_driver" { default = true } +{% endif %} variable "gke_backup_agent_config" { type = bool description = "Whether Backup for GKE agent is enabled for this cluster." @@ -759,7 +760,7 @@ variable "stateful_ha" { default = false } -{% endif %} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/cluster.tf b/cluster.tf index 01f808aeea..282a63e417 100644 --- a/cluster.tf +++ b/cluster.tf @@ -244,6 +244,12 @@ resource "google_container_cluster" "primary" { } } + + + config_connector_config { + enabled = var.config_connector + } + dynamic "gke_backup_agent_config" { for_each = local.gke_backup_agent_config @@ -267,10 +273,6 @@ resource "google_container_cluster" "primary" { enabled = stateful_ha_config.value.enabled } } - - config_connector_config { - enabled = var.config_connector - } } datapath_provider = var.datapath_provider diff --git a/examples/simple_autopilot_public/main.tf b/examples/simple_autopilot_public/main.tf index dfad96d0dc..38741490cb 100644 --- a/examples/simple_autopilot_public/main.tf +++ b/examples/simple_autopilot_public/main.tf @@ -49,4 +49,7 @@ module "gke" { network_tags = [local.cluster_type] deletion_protection = false enable_l4_ilb_subsetting = true + gcs_fuse_csi_driver = true + stateful_ha = false + gke_backup_agent_config = false } diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 751d7fca52..46887b7b64 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -104,6 +104,8 @@ Then perform the following commands on the root folder: | fleet\_project | (Optional) Register the cluster with the fleet in this project. | `string` | `null` | no | | fleet\_project\_grant\_service\_agent | (Optional) Grant the fleet project service identity the `roles/gkehub.serviceAgent` and `roles/gkehub.crossProjectServiceAgent` roles. | `bool` | `false` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | +| gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | +| gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | | http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no | @@ -141,6 +143,7 @@ Then perform the following commands on the root folder: | shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. |
object({
metadata = string
})
|
{
"metadata": "INCLUDE_ALL_METADATA"
}
| no | | shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no | | stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no | +| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index bfee2c0445..8f36118449 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -135,6 +135,30 @@ resource "google_container_cluster" "primary" { disabled = !var.horizontal_pod_autoscaling } + + dynamic "gke_backup_agent_config" { + for_each = local.gke_backup_agent_config + + content { + enabled = gke_backup_agent_config.value.enabled + } + } + + dynamic "gcs_fuse_csi_driver_config" { + for_each = local.gcs_fuse_csi_driver_config + + content { + enabled = gcs_fuse_csi_driver_config.value.enabled + } + } + + dynamic "stateful_ha_config" { + for_each = local.stateful_ha_config + + content { + enabled = stateful_ha_config.value.enabled + } + } } allow_net_admin = var.allow_net_admin diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 6e6f2b157a..edfea70c99 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -453,6 +453,25 @@ variable "database_encryption" { } +variable "gke_backup_agent_config" { + type = bool + description = "Whether Backup for GKE agent is enabled for this cluster." + default = false +} + +variable "gcs_fuse_csi_driver" { + type = bool + description = "Whether GCE FUSE CSI driver is enabled for this cluster." + default = false +} + +variable "stateful_ha" { + type = bool + description = "Whether the Stateful HA Addon is enabled for this cluster." + default = false +} + + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 2adc826408..257b5b398b 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -95,6 +95,8 @@ Then perform the following commands on the root folder: | fleet\_project | (Optional) Register the cluster with the fleet in this project. | `string` | `null` | no | | fleet\_project\_grant\_service\_agent | (Optional) Grant the fleet project service identity the `roles/gkehub.serviceAgent` and `roles/gkehub.crossProjectServiceAgent` roles. | `bool` | `false` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | +| gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | +| gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | | http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no | @@ -130,6 +132,7 @@ Then perform the following commands on the root folder: | shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. |
object({
metadata = string
})
|
{
"metadata": "INCLUDE_ALL_METADATA"
}
| no | | shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no | | stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no | +| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 8fb6118780..2945356182 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -135,6 +135,30 @@ resource "google_container_cluster" "primary" { disabled = !var.horizontal_pod_autoscaling } + + dynamic "gke_backup_agent_config" { + for_each = local.gke_backup_agent_config + + content { + enabled = gke_backup_agent_config.value.enabled + } + } + + dynamic "gcs_fuse_csi_driver_config" { + for_each = local.gcs_fuse_csi_driver_config + + content { + enabled = gcs_fuse_csi_driver_config.value.enabled + } + } + + dynamic "stateful_ha_config" { + for_each = local.stateful_ha_config + + content { + enabled = stateful_ha_config.value.enabled + } + } } allow_net_admin = var.allow_net_admin diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index 173fc99402..5feec41291 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -423,6 +423,25 @@ variable "database_encryption" { } +variable "gke_backup_agent_config" { + type = bool + description = "Whether Backup for GKE agent is enabled for this cluster." + default = false +} + +variable "gcs_fuse_csi_driver" { + type = bool + description = "Whether GCE FUSE CSI driver is enabled for this cluster." + default = false +} + +variable "stateful_ha" { + type = bool + description = "Whether the Stateful HA Addon is enabled for this cluster." + default = false +} + + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 359d57c007..82544a5f6e 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -267,6 +267,12 @@ resource "google_container_cluster" "primary" { } } + + + config_connector_config { + enabled = var.config_connector + } + dynamic "gke_backup_agent_config" { for_each = local.gke_backup_agent_config @@ -291,10 +297,6 @@ resource "google_container_cluster" "primary" { } } - config_connector_config { - enabled = var.config_connector - } - istio_config { disabled = !var.istio auth = var.istio_auth diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 9733efd774..bbe142902d 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -728,6 +728,7 @@ variable "stateful_ha" { default = false } + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 3a3f911291..52b26aad7c 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -267,6 +267,12 @@ resource "google_container_cluster" "primary" { } } + + + config_connector_config { + enabled = var.config_connector + } + dynamic "gke_backup_agent_config" { for_each = local.gke_backup_agent_config @@ -291,10 +297,6 @@ resource "google_container_cluster" "primary" { } } - config_connector_config { - enabled = var.config_connector - } - istio_config { disabled = !var.istio auth = var.istio_auth diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 9733efd774..bbe142902d 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -728,6 +728,7 @@ variable "stateful_ha" { default = false } + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 3c3f34f0cb..19a7fcd078 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -267,6 +267,12 @@ resource "google_container_cluster" "primary" { } } + + + config_connector_config { + enabled = var.config_connector + } + dynamic "gke_backup_agent_config" { for_each = local.gke_backup_agent_config @@ -291,10 +297,6 @@ resource "google_container_cluster" "primary" { } } - config_connector_config { - enabled = var.config_connector - } - istio_config { disabled = !var.istio auth = var.istio_auth diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index a55430896e..cca7b39013 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -698,6 +698,7 @@ variable "stateful_ha" { default = false } + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index fe6a6c242e..5e1726efd2 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -267,6 +267,12 @@ resource "google_container_cluster" "primary" { } } + + + config_connector_config { + enabled = var.config_connector + } + dynamic "gke_backup_agent_config" { for_each = local.gke_backup_agent_config @@ -291,10 +297,6 @@ resource "google_container_cluster" "primary" { } } - config_connector_config { - enabled = var.config_connector - } - istio_config { disabled = !var.istio auth = var.istio_auth diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index a55430896e..cca7b39013 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -698,6 +698,7 @@ variable "stateful_ha" { default = false } + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 04837e28e6..2e6ed48edf 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -244,6 +244,12 @@ resource "google_container_cluster" "primary" { } } + + + config_connector_config { + enabled = var.config_connector + } + dynamic "gke_backup_agent_config" { for_each = local.gke_backup_agent_config @@ -267,10 +273,6 @@ resource "google_container_cluster" "primary" { enabled = stateful_ha_config.value.enabled } } - - config_connector_config { - enabled = var.config_connector - } } datapath_provider = var.datapath_provider diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index d032c417db..289278dc1c 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -703,6 +703,7 @@ variable "stateful_ha" { default = false } + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 31573d02a9..724aa5ed90 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -244,6 +244,12 @@ resource "google_container_cluster" "primary" { } } + + + config_connector_config { + enabled = var.config_connector + } + dynamic "gke_backup_agent_config" { for_each = local.gke_backup_agent_config @@ -267,10 +273,6 @@ resource "google_container_cluster" "primary" { enabled = stateful_ha_config.value.enabled } } - - config_connector_config { - enabled = var.config_connector - } } datapath_provider = var.datapath_provider diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index d032c417db..289278dc1c 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -703,6 +703,7 @@ variable "stateful_ha" { default = false } + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/variables.tf b/variables.tf index d36fe30142..386ff4f309 100644 --- a/variables.tf +++ b/variables.tf @@ -673,6 +673,7 @@ variable "stateful_ha" { default = false } + variable "timeouts" { type = map(string) description = "Timeout for cluster operations."