Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat!: update kube-dns configMap using kubernetes_config_map_v1_data #1214

Merged
merged 2 commits into from
Apr 14, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -148,12 +148,10 @@ Then perform the following commands on the root folder:
| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
| firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | <pre>[<br> "8443",<br> "9443",<br> "15017"<br>]</pre> | no |
| firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
| gcloud\_upgrade | Whether to upgrade gcloud at runtime | `bool` | `false` | no |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
| http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no |
| identity\_namespace | The workload pool to attach all Kubernetes service accounts to. (Default value of `enabled` automatically sets project-based pool `[project_id].svc.id.goog`) | `string` | `"enabled"` | no |
| impersonate\_service\_account | An optional service account to impersonate for gcloud commands. If this service account is not specified, the module will use Application Default Credentials. | `string` | `""` | no |
| initial\_node\_count | The number of nodes to create in this cluster's default node pool. | `number` | `0` | no |
| ip\_masq\_link\_local | Whether to masquerade traffic to the link-local prefix (169.254.0.0/16). | `bool` | `false` | no |
| ip\_masq\_resync\_interval | The interval at which the agent attempts to sync its ConfigMap file from the disk. | `string` | `"60s"` | no |
Expand Down
56 changes: 11 additions & 45 deletions autogen/main/dns.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -17,43 +17,15 @@
{{ autogeneration_note }}

/******************************************
Delete default kube-dns configmap
Manage kube-dns configmaps
*****************************************/
module "gcloud_delete_default_kube_dns_configmap" {
source = "terraform-google-modules/gcloud/google//modules/kubectl-wrapper"
version = "~> 3.1"

enabled = (local.custom_kube_dns_config || local.upstream_nameservers_config) && !var.skip_provisioners
cluster_name = google_container_cluster.primary.name
cluster_location = google_container_cluster.primary.location
project_id = var.project_id
upgrade = var.gcloud_upgrade
impersonate_service_account = var.impersonate_service_account
apeabody marked this conversation as resolved.
Show resolved Hide resolved

kubectl_create_command = "${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"
kubectl_destroy_command = ""

module_depends_on = concat(
[google_container_cluster.primary.master_version],
{% if autopilot_cluster != true %}
[for pool in google_container_node_pool.pools : pool.name]
{% endif %}
)
}

/******************************************
Create kube-dns confimap
*****************************************/
resource "kubernetes_config_map" "kube-dns" {
resource "kubernetes_config_map_v1_data" "kube-dns" {
count = local.custom_kube_dns_config && !local.upstream_nameservers_config ? 1 : 0

metadata {
name = "kube-dns"
namespace = "kube-system"

labels = {
maintained_by = "terraform"
}
}

data = {
Expand All @@ -62,26 +34,22 @@ ${jsonencode(var.stub_domains)}
EOF
}

force = true

depends_on = [
module.gcloud_delete_default_kube_dns_configmap.wait,
google_container_cluster.primary,
{% if autopilot_cluster != true %}
google_container_node_pool.pools,
{% endif %}
]
}

resource "kubernetes_config_map" "kube-dns-upstream-namservers" {
resource "kubernetes_config_map_v1_data" "kube-dns-upstream-namservers" {
count = !local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0

metadata {
name = "kube-dns"

name = "kube-dns"
namespace = "kube-system"

labels = {
maintained_by = "terraform"
}
}

data = {
Expand All @@ -90,25 +58,22 @@ ${jsonencode(var.upstream_nameservers)}
EOF
}

force = true

depends_on = [
module.gcloud_delete_default_kube_dns_configmap.wait,
google_container_cluster.primary,
{% if autopilot_cluster != true %}
google_container_node_pool.pools,
{% endif %}
]
}

resource "kubernetes_config_map" "kube-dns-upstream-nameservers-and-stub-domains" {
resource "kubernetes_config_map_v1_data" "kube-dns-upstream-nameservers-and-stub-domains" {
count = local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0

metadata {
name = "kube-dns"
namespace = "kube-system"

labels = {
maintained_by = "terraform"
}
}

data = {
Expand All @@ -121,8 +86,9 @@ ${jsonencode(var.stub_domains)}
EOF
}

force = true

depends_on = [
module.gcloud_delete_default_kube_dns_configmap.wait,
google_container_cluster.primary,
{% if autopilot_cluster != true %}
google_container_node_pool.pools,
Expand Down
12 changes: 0 additions & 12 deletions autogen/main/variables.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -458,12 +458,6 @@ variable "firewall_inbound_ports" {
default = ["8443", "9443", "15017"]
}

variable "gcloud_upgrade" {
type = bool
description = "Whether to upgrade gcloud at runtime"
default = false
}

variable "add_shadow_firewall_rules" {
type = bool
description = "Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled)."
Expand All @@ -490,12 +484,6 @@ variable "disable_default_snat" {
}
{% endif %}

variable "impersonate_service_account" {
type = string
description = "An optional service account to impersonate for gcloud commands. If this service account is not specified, the module will use Application Default Credentials."
default = ""
}

{% if beta_cluster %}
variable "notification_config_topic" {
type = string
Expand Down
4 changes: 2 additions & 2 deletions autogen/main/versions.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ terraform {
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "~> 2.0"
version = "~> 2.10"
}
}
provider_meta "google-beta" {
Expand All @@ -42,7 +42,7 @@ terraform {
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "~> 2.0"
version = "~> 2.10"
}
}
provider_meta "google" {
Expand Down
54 changes: 11 additions & 43 deletions dns.tf
Original file line number Diff line number Diff line change
Expand Up @@ -17,41 +17,15 @@
// This file was automatically generated from a template in ./autogen/main

/******************************************
Delete default kube-dns configmap
Manage kube-dns configmaps
*****************************************/
module "gcloud_delete_default_kube_dns_configmap" {
source = "terraform-google-modules/gcloud/google//modules/kubectl-wrapper"
version = "~> 3.1"

enabled = (local.custom_kube_dns_config || local.upstream_nameservers_config) && !var.skip_provisioners
cluster_name = google_container_cluster.primary.name
cluster_location = google_container_cluster.primary.location
project_id = var.project_id
upgrade = var.gcloud_upgrade
impersonate_service_account = var.impersonate_service_account

kubectl_create_command = "${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"
kubectl_destroy_command = ""

module_depends_on = concat(
[google_container_cluster.primary.master_version],
[for pool in google_container_node_pool.pools : pool.name]
)
}

/******************************************
Create kube-dns confimap
*****************************************/
resource "kubernetes_config_map" "kube-dns" {
resource "kubernetes_config_map_v1_data" "kube-dns" {
count = local.custom_kube_dns_config && !local.upstream_nameservers_config ? 1 : 0

metadata {
name = "kube-dns"
namespace = "kube-system"

labels = {
maintained_by = "terraform"
}
}

data = {
Expand All @@ -60,24 +34,20 @@ ${jsonencode(var.stub_domains)}
EOF
}

force = true

depends_on = [
module.gcloud_delete_default_kube_dns_configmap.wait,
google_container_cluster.primary,
google_container_node_pool.pools,
]
}

resource "kubernetes_config_map" "kube-dns-upstream-namservers" {
resource "kubernetes_config_map_v1_data" "kube-dns-upstream-namservers" {
count = !local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0

metadata {
name = "kube-dns"

name = "kube-dns"
namespace = "kube-system"

labels = {
maintained_by = "terraform"
}
}

data = {
Expand All @@ -86,23 +56,20 @@ ${jsonencode(var.upstream_nameservers)}
EOF
}

force = true

depends_on = [
module.gcloud_delete_default_kube_dns_configmap.wait,
google_container_cluster.primary,
google_container_node_pool.pools,
]
}

resource "kubernetes_config_map" "kube-dns-upstream-nameservers-and-stub-domains" {
resource "kubernetes_config_map_v1_data" "kube-dns-upstream-nameservers-and-stub-domains" {
count = local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0

metadata {
name = "kube-dns"
namespace = "kube-system"

labels = {
maintained_by = "terraform"
}
}

data = {
Expand All @@ -115,8 +82,9 @@ ${jsonencode(var.stub_domains)}
EOF
}

force = true

depends_on = [
module.gcloud_delete_default_kube_dns_configmap.wait,
google_container_cluster.primary,
google_container_node_pool.pools,
]
Expand Down
16 changes: 16 additions & 0 deletions docs/upgrading_to_v21.0.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Upgrading to v21.0

The v21.0 release of *kubernetes-engine* is a backwards incompatible
release.

### Terraform Kubernetes Engine Module

The [Terraform Kubernetes Engine Module](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine) has been rewritten to use the 'kubernetes_config_map_v1_data' resouce added to the Terraform Kubernetes provider version 2.10.

1. Run `terraform state rm module.gke.kubernetes_config_map.kube-dns`
2. Update the module version to v21.0
bharathkkb marked this conversation as resolved.
Show resolved Hide resolved
4. Run `terraform apply`

### Kubernetes Provider upgrade
The Terraform Kubernetes Engine module now requires version 2.10 or higher of
the Kubernetes Provider.
2 changes: 0 additions & 2 deletions modules/beta-autopilot-private-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -91,12 +91,10 @@ Then perform the following commands on the root folder:
| enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no |
| firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | <pre>[<br> "8443",<br> "9443",<br> "15017"<br>]</pre> | no |
| firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
| gcloud\_upgrade | Whether to upgrade gcloud at runtime | `bool` | `false` | no |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
| http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no |
| identity\_namespace | The workload pool to attach all Kubernetes service accounts to. (Default value of `enabled` automatically sets project-based pool `[project_id].svc.id.goog`) | `string` | `"enabled"` | no |
| impersonate\_service\_account | An optional service account to impersonate for gcloud commands. If this service account is not specified, the module will use Application Default Credentials. | `string` | `""` | no |
| ip\_masq\_link\_local | Whether to masquerade traffic to the link-local prefix (169.254.0.0/16). | `bool` | `false` | no |
| ip\_masq\_resync\_interval | The interval at which the agent attempts to sync its ConfigMap file from the disk. | `string` | `"60s"` | no |
| ip\_range\_pods | The _name_ of the secondary subnet ip range to use for pods | `string` | n/a | yes |
Expand Down
Loading