From 2f4edce2a452ce6027333ee417eaf616e74753d4 Mon Sep 17 00:00:00 2001 From: Laura Seidler Date: Mon, 22 Aug 2022 18:24:13 +0200 Subject: [PATCH 1/2] Allow enabling GKE backup agent for safer cluster variants --- autogen/safer-cluster/main.tf.tmpl | 3 ++- autogen/safer-cluster/variables.tf.tmpl | 6 ++++++ modules/safer-cluster-update-variant/README.md | 1 + modules/safer-cluster-update-variant/main.tf | 3 ++- modules/safer-cluster-update-variant/variables.tf | 6 ++++++ modules/safer-cluster/README.md | 1 + modules/safer-cluster/main.tf | 3 ++- modules/safer-cluster/variables.tf | 6 ++++++ 8 files changed, 26 insertions(+), 3 deletions(-) diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl index 0893b0c0ee..b6802a44d9 100644 --- a/autogen/safer-cluster/main.tf.tmpl +++ b/autogen/safer-cluster/main.tf.tmpl @@ -141,7 +141,8 @@ module "gke" { dns_cache = var.dns_cache - config_connector = var.config_connector + config_connector = var.config_connector + gke_backup_agent_config = var.gke_backup_agent_config default_max_pods_per_node = var.default_max_pods_per_node diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl index 60e20e24b2..3b0e27cd8b 100644 --- a/autogen/safer-cluster/variables.tf.tmpl +++ b/autogen/safer-cluster/variables.tf.tmpl @@ -400,6 +400,12 @@ variable "config_connector" { default = false } +variable "gke_backup_agent_config" { + type = bool + description = "(Beta) Whether Backup for GKE agent is enabled for this cluster." + default = false +} + variable "disable_default_snat" { type = bool description = "Whether to disable the default SNAT to support the private use of public IP addresses" diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md index fb247e7dd4..c09fe73895 100644 --- a/modules/safer-cluster-update-variant/README.md +++ b/modules/safer-cluster-update-variant/README.md @@ -224,6 +224,7 @@ For simplicity, we suggest using `roles/container.admin` and | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers | `list(string)` |
[
"8443",
"9443",
"15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | +| gke\_backup\_agent\_config | (Beta) Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer role. | `bool` | `true` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | | http\_load\_balancing | Enable httpload balancer addon. The addon allows whoever can create Ingress objects to expose an application to a public IP. Network policies or Gatekeeper policies should be used to verify that only authorized applications are exposed. | `bool` | `true` | no | diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf index 856a116f2e..68a32264f3 100644 --- a/modules/safer-cluster-update-variant/main.tf +++ b/modules/safer-cluster-update-variant/main.tf @@ -137,7 +137,8 @@ module "gke" { dns_cache = var.dns_cache - config_connector = var.config_connector + config_connector = var.config_connector + gke_backup_agent_config = var.gke_backup_agent_config default_max_pods_per_node = var.default_max_pods_per_node diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf index 49fe3afbde..3fa0b866cd 100644 --- a/modules/safer-cluster-update-variant/variables.tf +++ b/modules/safer-cluster-update-variant/variables.tf @@ -400,6 +400,12 @@ variable "config_connector" { default = false } +variable "gke_backup_agent_config" { + type = bool + description = "(Beta) Whether Backup for GKE agent is enabled for this cluster." + default = false +} + variable "disable_default_snat" { type = bool description = "Whether to disable the default SNAT to support the private use of public IP addresses" diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md index fb247e7dd4..c09fe73895 100644 --- a/modules/safer-cluster/README.md +++ b/modules/safer-cluster/README.md @@ -224,6 +224,7 @@ For simplicity, we suggest using `roles/container.admin` and | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers | `list(string)` |
[
"8443",
"9443",
"15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | +| gke\_backup\_agent\_config | (Beta) Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer role. | `bool` | `true` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | | http\_load\_balancing | Enable httpload balancer addon. The addon allows whoever can create Ingress objects to expose an application to a public IP. Network policies or Gatekeeper policies should be used to verify that only authorized applications are exposed. | `bool` | `true` | no | diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf index 960a376ba3..67e41c1840 100644 --- a/modules/safer-cluster/main.tf +++ b/modules/safer-cluster/main.tf @@ -137,7 +137,8 @@ module "gke" { dns_cache = var.dns_cache - config_connector = var.config_connector + config_connector = var.config_connector + gke_backup_agent_config = var.gke_backup_agent_config default_max_pods_per_node = var.default_max_pods_per_node diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf index 49fe3afbde..3fa0b866cd 100644 --- a/modules/safer-cluster/variables.tf +++ b/modules/safer-cluster/variables.tf @@ -400,6 +400,12 @@ variable "config_connector" { default = false } +variable "gke_backup_agent_config" { + type = bool + description = "(Beta) Whether Backup for GKE agent is enabled for this cluster." + default = false +} + variable "disable_default_snat" { type = bool description = "Whether to disable the default SNAT to support the private use of public IP addresses" From 5ecba60acf8a22e24aa20c9fb78f4f818bb535d0 Mon Sep 17 00:00:00 2001 From: bharathkkb Date: Wed, 7 Sep 2022 03:12:41 +0000 Subject: [PATCH 2/2] fix extra attrib from merge conflict --- autogen/safer-cluster/main.tf.tmpl | 3 --- modules/safer-cluster-update-variant/main.tf | 3 --- modules/safer-cluster/main.tf | 3 --- 3 files changed, 9 deletions(-) diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl index 7aee39bb34..8662db08c8 100644 --- a/autogen/safer-cluster/main.tf.tmpl +++ b/autogen/safer-cluster/main.tf.tmpl @@ -151,9 +151,6 @@ module "gke" { cluster_dns_domain = var.cluster_dns_domain - config_connector = var.config_connector - - default_max_pods_per_node = var.default_max_pods_per_node database_encryption = var.database_encryption diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf index f47d288677..27d25f03c0 100644 --- a/modules/safer-cluster-update-variant/main.tf +++ b/modules/safer-cluster-update-variant/main.tf @@ -147,9 +147,6 @@ module "gke" { cluster_dns_domain = var.cluster_dns_domain - config_connector = var.config_connector - - default_max_pods_per_node = var.default_max_pods_per_node database_encryption = var.database_encryption diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf index 4b026425cb..bc33affe70 100644 --- a/modules/safer-cluster/main.tf +++ b/modules/safer-cluster/main.tf @@ -147,9 +147,6 @@ module "gke" { cluster_dns_domain = var.cluster_dns_domain - config_connector = var.config_connector - - default_max_pods_per_node = var.default_max_pods_per_node database_encryption = var.database_encryption