-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat!: update TPG version constraints to 4.0 #1129
Changes from 33 commits
65aa00e
d988d3e
84f737c
fc4abaf
190ae7f
a493bc2
de86662
69fffa0
5c14247
93925ae
eb289be
2ce599a
a47d6e6
b722774
15eef37
21ed39a
f2d7f82
c687275
a304f6d
6b56495
b7f094f
df47f35
f9b7ec3
8ea9a16
6adaa60
5a9480a
cfeb0db
8a6809a
88f2ab8
c01a336
2d8e5eb
280cb8f
e83bfc3
616a0f7
3f9ebce
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -128,8 +128,6 @@ Then perform the following commands on the root folder: | |
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | ||
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | ||
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no | | ||
| basic\_auth\_password | The password to be used with Basic Authentication. | `string` | `""` | no | | ||
| basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | `string` | `""` | no | | ||
| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | <pre>object({<br> enabled = bool<br> min_cpu_cores = number<br> max_cpu_cores = number<br> min_memory_gb = number<br> max_memory_gb = number<br> gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))<br> })</pre> | <pre>{<br> "enabled": false,<br> "gpu_resources": [],<br> "max_cpu_cores": 0,<br> "max_memory_gb": 0,<br> "min_cpu_cores": 0,<br> "min_memory_gb": 0<br>}</pre> | no | | ||
| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `any` | `null` | no | | ||
| cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | ||
|
@@ -151,7 +149,7 @@ Then perform the following commands on the root folder: | |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | ||
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | | ||
| http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no | | ||
| identity\_namespace | Workload Identity namespace. (Default value of `enabled` automatically sets project based namespace `[project_id].svc.id.goog`) | `string` | `"enabled"` | no | | ||
| identity\_namespace | The workload pool to attach all Kubernetes service accounts to. (Default value of `enabled` automatically sets project-based pool `[project_id].svc.id.goog`) | `string` | `"enabled"` | no | | ||
| impersonate\_service\_account | An optional service account to impersonate for gcloud commands. If this service account is not specified, the module will use Application Default Credentials. | `string` | `""` | no | | ||
| initial\_node\_count | The number of nodes to create in this cluster's default node pool. | `number` | `0` | no | | ||
| ip\_masq\_link\_local | Whether to masquerade traffic to the link-local prefix (169.254.0.0/16). | `bool` | `false` | no | | ||
|
@@ -170,7 +168,7 @@ Then perform the following commands on the root folder: | |
| network\_policy | Enable network policy addon | `bool` | `false` | no | | ||
| network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | ||
| network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | | ||
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no | | ||
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no | | ||
| node\_pools | List of maps containing node pools | `list(map(string))` | <pre>[<br> {<br> "name": "default-node-pool"<br> }<br>]</pre> | no | | ||
| node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | <pre>{<br> "all": {},<br> "default-node-pool": {}<br>}</pre> | no | | ||
| node\_pools\_metadata | Map of maps containing node metadata by node-pool name | `map(map(string))` | <pre>{<br> "all": {},<br> "default-node-pool": {}<br>}</pre> | no | | ||
|
@@ -202,7 +200,7 @@ Then perform the following commands on the root folder: | |
| endpoint | Cluster endpoint | | ||
| horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | ||
| http\_load\_balancing\_enabled | Whether http load balancing enabled | | ||
| identity\_namespace | Workload Identity namespace | | ||
| identity\_namespace | Workload Identity pool | | ||
| instance\_group\_urls | List of GKE generated instance groups | | ||
| location | Cluster location (region if regional cluster, zone if zonal cluster) | | ||
| logging\_service | Logging service used | | ||
|
@@ -213,7 +211,7 @@ Then perform the following commands on the root folder: | |
| name | Cluster name | | ||
| network\_policy\_enabled | Whether network policy enabled | | ||
| node\_pools\_names | List of node pools names | | ||
| node\_pools\_versions | List of node pools versions | | ||
| node\_pools\_versions | Node pool versions by node pool name | | ||
| region | Cluster region | | ||
| release\_channel | The release channel of this cluster | | ||
| service\_account | The service account to default running nodes as if not overridden in `node_pools`. | | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
# Upgrading to v18.0 | ||
|
||
The v18.0 release of *kubernetes-engine* is a backwards incompatible release. | ||
|
||
### Google Cloud Platform Provider upgrade | ||
The Terraform Kubernetes Engine Module now requires version 4.0 or higher of | ||
the Google Cloud Platform Provider. | ||
|
||
```diff | ||
terraform { | ||
required_providers { | ||
google = { | ||
source = "hashicorp/google" | ||
- version = "~> 3.0" | ||
+ version = "~> 4.0" | ||
} | ||
google-beta = { | ||
source = "hashicorp/google-beta" | ||
- version = "~> 3.0" | ||
+ version = "~> 4.0" | ||
} | ||
|
||
} | ||
} | ||
``` | ||
|
||
### Kubernetes Basic Authentication removed | ||
Basic authentication is deprecated and has been removed in GKE 1.19 and later. | ||
Owing to this, the `basic_auth_username` and `basic_auth_password` variables | ||
have been eliminated. | ||
|
||
```diff | ||
module "gke" { | ||
source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" | ||
- version = "~> 17.0" | ||
+ version = "~> 18.0" | ||
|
||
- basic_auth_username = "admin" | ||
- basic_auth_password = "s3crets!" | ||
} | ||
``` | ||
|
||
### Acceptable values for node_metadata modified | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Instead of requiring users to change this, I think we can provide a mapping at very low effort to ourselves. Could you add that? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I updated the doc in e83bfc3 to make this a recommendation instead, encouraging users to switch to values that are supported by the provider. |
||
It is recommended to update `node_metadata` variable to one of `GKE_METADATA`, | ||
`GCE_METADATA` or `UNSPECIFIED`. `GKE_METADATA` replaces the previous | ||
`GKE_METADATA_SERVER` value, `GCE_METADATA` should be used in place of | ||
`EXPOSE`, however old values continue to be supported for backwards compatibility. | ||
The `SECURE` option, previously deprecated, has now been removed. | ||
|
||
```diff | ||
module "gke" { | ||
source = "../../modules/safer-cluster" | ||
|
||
node_pools = [ | ||
{ | ||
|
||
- node_metadata = "GKE_METADATA_SERVER" | ||
+ node_metadata = "GKE_METADATA" | ||
} | ||
] | ||
} | ||
``` | ||
|
||
### node_pools_versions is now keyed by node-pool name | ||
The `node_pools_versions` output is now an object keyed by node pool name, | ||
rather than a list as previously. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Workaround for hashicorp/terraform-provider-google#10494. Long term fix maybe GoogleCloudPlatform/magic-modules#5526 but will need to validate.