Merge branch 'master' into add_var_to_pass_ssh-key_in_acm

terraform-google-modules · Nov 26, 2019 · efece2f · efece2f
2 parents 9bdec62 + d856f2b
commit efece2f
Show file tree

Hide file tree

Showing 80 changed files with 2,012 additions and 98 deletions.
diff --git a/.kitchen.yml b/.kitchen.yml
@@ -45,6 +45,13 @@ suites:
       systems:
         - name: shared_vpc
           backend: local
+  - name: "safer_cluster"
+    driver:
+      root_module_directory: test/fixtures/safer_cluster
+    verifier:
+      systems:
+        - name: safer_cluster
+          backend: local
   - name: "simple_regional"
     driver:
       root_module_directory: test/fixtures/simple_regional

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,12 +14,30 @@ Extending the adopted spec, each change should have a link to its corresponding
 * Support for setting node_locations on node pools. [#303]
 * Fix for specifying  `node_count` on node pools when autoscaling is disabled. [#311]
 * Added submodule for installing Anthos Config Management. [#268]
-* Support for `local_ssd_count` in node pool configuration. [#244]
+* Support for `local_ssd_count` in node pool configuration. [#339]
 * Wait for cluster to be ready before returning endpoint. [#340]
+* `safer-cluster` submodule. [#315]
+* `simple_regional_with_networking` example. [#195]
+* `release_channel` variable for beta submodules. [#271]
+* The `node_locations` attribute to the `node_pools` object for beta submodules. [#290]
+* `private_zonal_with_nteworking` example. [#308]
+* `regional_private_node_pool_oauth_scopes` example. [#321]
+
+### Changed
+
+* The `node_pool_labels`, `node_pool_tags`, and `node_pool_taints` variables have defaults and can be overridden within the
+  `node_pools` object. [#3]
+* `upstream_nameservers` variable is typed as a list of strings. [#350]
 
 ### Removed
 
 * **Breaking**: Removed support for enabling the Kubernetes dashboard, as this is deprecated on GKE. [#337]
+* **Beaking**: Removed support for versions of the Google provider and the Google Beta provider older than 2.18. [#261]
+
+### Fixed
+
+* `identity_namespace` output depends on the `google_container_cluster.primary` resource. [#301]
+* Idempotency of the beta submodules. [#326]
 
 ## [v5.1.1] - 2019-10-25
 
@@ -217,7 +235,8 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 
 * Initial release of module.
 
-[Unreleased]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.1.1...HEAD
+[Unreleased]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.2.0...HEAD
+[v5.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.1.1...v5.2.0
 [v5.1.1]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.1.0...v5.1.1
 [v5.1.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.0.0...v5.1.0
 [v5.0.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v4.1.0...v5.0.0
@@ -234,17 +253,27 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [v0.3.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.2.0...v0.3.0
 [v0.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.1.0...v0.2.0
 
-[#337]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/337
+[#350]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/350
 [#340]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/340
-[#268]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/268
+[#339]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/339
+[#337]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/337
+[#326]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/326
+[#321]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/321
+[#315]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/315
 [#311]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/311
+[#308]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/308
 [#303]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/303
+[#301]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/301
 [#300]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/300
+[#290]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/290
 [#286]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/286
 [#285]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/285
 [#284]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/284
 [#282]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/282
 [#273]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/273
+[#271]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/271
+[#268]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/268
+[#261]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/261
 [#258]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/258
 [#256]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/256
 [#248]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/248
@@ -253,7 +282,6 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [#238]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/238
 [#241]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/241
 [#250]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/250
-[#244]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/244
 [#236]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/236
 [#217]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/217
 [#234]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/234
@@ -265,6 +293,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [#203]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/203
 [#198]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/198
 [#197]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/197
+[#195]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/195
 [#193]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/193
 [#188]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/188
 [#187]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/187
@@ -312,6 +341,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [#15]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/15
 [#10]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/10
 [#9]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/9
+[#3]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/3
 
 [upgrading-to-v2.0]: docs/upgrading_to_v2.0.md
 [upgrading-to-v3.0]: docs/upgrading_to_v3.0.md

diff --git a/README.md b/README.md
@@ -172,7 +172,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | bool | `"false"` | no |
 | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `<map>` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes |
-| upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | list | `<list>` | no |
+| upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | list(string) | `<list>` | no |
 | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | list(string) | `<list>` | no |
 
 ## Outputs

diff --git a/autogen/variables.tf.tmpl b/autogen/variables.tf.tmpl
@@ -217,7 +217,7 @@ variable "stub_domains" {
 }
 
 variable "upstream_nameservers" {
-  type        = "list"
+  type        = list(string)
   description = "If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf"
   default     = []
 }

diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
@@ -64,6 +64,26 @@ steps:
     - verify shared-vpc-local
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy shared-vpc-local']
+- id: create safer-cluster-local
+  waitFor:
+    - prepare
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create safer-cluster-local']
+- id: converge safer-cluster-local
+  waitFor:
+    - create safer-cluster-local
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge safer-cluster-local']
+- id: verify safer-cluster-local
+  waitFor:
+    - converge safer-cluster-local
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify safer-cluster-local']
+- id: destroy safer-cluster-local
+  waitFor:
+    - verify safer-cluster-local
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy safer-cluster-local']
 - id: create simple-regional-local
   waitFor:
     - prepare

diff --git a/examples/regional_private_node_pool_oauth_scopes/README.md b/examples/regional_private_node_pool_oauth_scopes/README.md
@@ -0,0 +1,44 @@
+# Regional Private Cluster with node pool and oauth scopes
+
+This example illustrates how to create a private cluster with node pool specifications, oauth scopes along with required network and subnet creation.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| project\_id | The project ID to host the cluster in | string | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| ca\_certificate | Cluster ca certificate (base64 encoded) |
+| cluster\_name | Cluster name |
+| endpoint | Cluster endpoint |
+| horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled |
+| http\_load\_balancing\_enabled | Whether http load balancing enabled |
+| location | Cluster location (region if regional cluster, zone if zonal cluster) |
+| logging\_service | Logging service used |
+| master\_authorized\_networks\_config | Networks from which access to master is permitted |
+| master\_version | Current master kubernetes version |
+| min\_master\_version | Minimum master kubernetes version |
+| monitoring\_service | Monitoring service used |
+| network\_module | network module output |
+| network\_policy\_enabled | Whether network policy enabled |
+| node\_pools\_names | List of node pools names |
+| node\_pools\_versions | List of node pools versions |
+| region | Cluster region |
+| service\_account | The service account to default running nodes as if not overridden in `node_pools`. |
+| subnets\_ips | The IP and cidrs of the subnets being created |
+| subnets\_secondary\_ranges | The secondary ranges associated with these subnets |
+| type | Cluster type (regional / zonal) |
+| zones | List of zones in which the cluster resides |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+To provision this example, run the following from within this directory:
+- `terraform init` to get the plugins
+- `terraform plan` to see the infrastructure plan
+- `terraform apply` to apply the infrastructure build
+- `terraform destroy` to destroy the built infrastructure
diff --git a/examples/regional_private_node_pool_oauth_scopes/main.tf b/examples/regional_private_node_pool_oauth_scopes/main.tf
@@ -0,0 +1,104 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "gke" {
+  source                            = "../../modules/private-cluster"
+  project_id                        = var.project_id
+  name                              = "random-test-cluster"
+  region                            = "us-west1"
+  regional                          = true
+  network                           = module.gke-network.network_name
+  subnetwork                        = module.gke-network.subnets_names[0]
+  ip_range_pods                     = module.gke-network.subnets_secondary_ranges[0].*.range_name[0]
+  ip_range_services                 = module.gke-network.subnets_secondary_ranges[0].*.range_name[1]
+  enable_private_endpoint           = true
+  enable_private_nodes              = true
+  master_ipv4_cidr_block            = "172.16.0.16/28"
+  network_policy                    = true
+  horizontal_pod_autoscaling        = true
+  service_account                   = "create"
+  remove_default_node_pool          = true
+  disable_legacy_metadata_endpoints = true
+
+  master_authorized_networks_config = [
+    {
+      cidr_blocks = [
+        {
+          cidr_block   = module.gke-network.subnets_ips[0]
+          display_name = "VPC"
+        },
+      ]
+    },
+  ]
+
+  node_pools = [
+    {
+      name               = "my-node-pool"
+      machine_type       = "n1-standard-1"
+      min_count          = 1
+      max_count          = 1
+      disk_size_gb       = 100
+      disk_type          = "pd-ssd"
+      image_type         = "COS"
+      auto_repair        = true
+      auto_upgrade       = false
+      preemptible        = false
+      initial_node_count = 1
+    },
+  ]
+
+  node_pools_oauth_scopes = {
+    all = [
+      "https://www.googleapis.com/auth/trace.append",
+      "https://www.googleapis.com/auth/service.management.readonly",
+      "https://www.googleapis.com/auth/monitoring",
+      "https://www.googleapis.com/auth/devstorage.read_only",
+      "https://www.googleapis.com/auth/servicecontrol",
+    ]
+
+    my-node-pool = [
+      "https://www.googleapis.com/auth/trace.append",
+      "https://www.googleapis.com/auth/service.management.readonly",
+      "https://www.googleapis.com/auth/monitoring",
+      "https://www.googleapis.com/auth/devstorage.read_only",
+      "https://www.googleapis.com/auth/servicecontrol",
+    ]
+  }
+
+  node_pools_labels = {
+
+    all = {
+
+    }
+    my-node-pool = {
+
+    }
+  }
+
+  node_pools_metadata = {
+    all = {}
+
+    my-node-pool = {}
+
+  }
+
+  node_pools_tags = {
+    all = []
+
+    my-node-pool = []
+
+  }
+}
diff --git a/examples/regional_private_node_pool_oauth_scopes/network.tf b/examples/regional_private_node_pool_oauth_scopes/network.tf
@@ -0,0 +1,42 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "gke-network" {
+  source       = "terraform-google-modules/network/google"
+  version      = "~> 1.5"
+  project_id   = var.project_id
+  network_name = "random-gke-network"
+
+  subnets = [
+    {
+      subnet_name   = "random-gke-subnet"
+      subnet_ip     = "10.0.0.0/24"
+      subnet_region = "us-west1"
+    },
+  ]
+
+  secondary_ranges = {
+    "random-gke-subnet" = [
+      {
+        range_name    = "random-ip-range-pods"
+        ip_cidr_range = "10.1.0.0/16"
+      },
+      {
+        range_name    = "random-ip-range-services"
+        ip_cidr_range = "10.2.0.0/20"
+      },
+  ] }
+}