Skip to content

Commit

Permalink
feat: GKE autopilot support (terraform-google-modules#1148)
Browse files Browse the repository at this point in the history
* adding auto-pilot support

* fixes

* add kitchen tests

* Update main.tf

* fix: add back in

* Update examples/simple_autopilot_private/README.md

Co-authored-by: Bharath KKB <[email protected]>

* Update examples/simple_autopilot_private/README.md

Co-authored-by: Bharath KKB <[email protected]>

* Update modules/beta-autopilot-public-cluster/versions.tf

Co-authored-by: Bharath KKB <[email protected]>

* Update examples/simple_autopilot_private/main.tf

Co-authored-by: Bharath KKB <[email protected]>

* update dates and remove Vars

* fixes

* i hate symlinks

* add vars and outputs

* docs generation

* add random string to subnet names

* Update main.tf

* adding auto-pilot support

* fixes

* add kitchen tests

* Update main.tf

* fix: add back in

* Update examples/simple_autopilot_private/README.md

Co-authored-by: Bharath KKB <[email protected]>

* Update examples/simple_autopilot_private/README.md

Co-authored-by: Bharath KKB <[email protected]>

* Update modules/beta-autopilot-public-cluster/versions.tf

Co-authored-by: Bharath KKB <[email protected]>

* Update examples/simple_autopilot_private/main.tf

Co-authored-by: Bharath KKB <[email protected]>

* update dates and remove Vars

* fixes

* i hate symlinks

* add vars and outputs

* docs generation

* add random string to subnet names

* Update main.tf

* remove random name

Co-authored-by: Corey McGalliard <[email protected]>
Co-authored-by: Bharath KKB <[email protected]>
  • Loading branch information
3 people authored Mar 2, 2022
1 parent 43e9362 commit 904e925
Show file tree
Hide file tree
Showing 167 changed files with 5,083 additions and 272 deletions.
14 changes: 14 additions & 0 deletions .kitchen.yml
Original file line number Diff line number Diff line change
Expand Up @@ -244,3 +244,17 @@ suites:
controls:
- gcloud
- kubectl
- name: "simple_autopilot_private"
driver:
root_module_directory: test/fixtures/simple_autopilot_private
verifier:
systems:
- name: simple_autopilot_private
backend: local
- name: "simple_autopilot_public"
driver:
root_module_directory: test/fixtures/simple_autopilot_public
verifier:
systems:
- name: simple_autopilot_public
backend: local
4 changes: 1 addition & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@ module "gke" {
ip_range_pods = "us-central1-01-gke-01-pods"
ip_range_services = "us-central1-01-gke-01-services"
http_load_balancing = false
horizontal_pod_autoscaling = true
network_policy = false
horizontal_pod_autoscaling = true
node_pools = [
{
Expand Down Expand Up @@ -253,8 +253,6 @@ The node_pools variable takes the following parameters:
| tags | The list of instance tags applied to all nodes | | Required |
| value | The value for the taint | | Required |
| version | The Kubernetes version for the nodes in this pool. Should only be set if auto_upgrade is false | " " | Optional |


## Requirements

Before this module can be used on a project, you must ensure that the following pre-requisites are fulfilled:
Expand Down
21 changes: 14 additions & 7 deletions autogen/main/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -72,20 +72,26 @@ module "gke" {
subnetwork = "us-central1-01"
ip_range_pods = "us-central1-01-gke-01-pods"
ip_range_services = "us-central1-01-gke-01-services"
{% if autopilot_cluster != true %}
http_load_balancing = false
horizontal_pod_autoscaling = true
network_policy = false
{% endif %}
horizontal_pod_autoscaling = true
{% if private_cluster %}
enable_private_endpoint = true
enable_private_nodes = true
master_ipv4_cidr_block = "10.0.0.0/28"
{% endif %}
{% if beta_cluster %}
istio = true
cloudrun = true
dns_cache = false
{% if beta_cluster and autopilot_cluster != true %}
istio = true
cloudrun = true
dns_cache = false
{% endif %}
{% if autopilot_cluster %}
enable_autopilot = true
{% endif %}
{% if autopilot_cluster != true %}
node_pools = [
{
name = "default-node-pool"
Expand Down Expand Up @@ -152,6 +158,7 @@ module "gke" {
"default-node-pool",
]
}
{% endif %}
}
```

Expand All @@ -166,6 +173,7 @@ Then perform the following commands on the root folder:
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

{% if autopilot_cluster != true %}
## node_pools variable
The node_pools variable takes the following parameters:

Expand Down Expand Up @@ -220,8 +228,7 @@ The node_pools variable takes the following parameters:
| tags | The list of instance tags applied to all nodes | | Required |
| value | The value for the taint | | Required |
| version | The Kubernetes version for the nodes in this pool. Should only be set if auto_upgrade is false | " " | Optional |


{% endif %}
## Requirements

Before this module can be used on a project, you must ensure that the following pre-requisites are fulfilled:
Expand Down
59 changes: 36 additions & 23 deletions autogen/main/cluster.tf.tmpl
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Copyright 2018 Google LLC
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -35,7 +35,7 @@ resource "google_container_cluster" "primary" {
node_locations = local.node_locations
cluster_ipv4_cidr = var.cluster_ipv4_cidr
network = "projects/${local.network_project_id}/global/networks/${var.network}"

{% if autopilot_cluster != true %}
dynamic "network_policy" {
for_each = local.cluster_network_policy

Expand All @@ -44,6 +44,7 @@ resource "google_container_cluster" "primary" {
provider = network_policy.value.provider
}
}
{% endif %}

dynamic "release_channel" {
for_each = local.release_channel
Expand All @@ -64,13 +65,13 @@ resource "google_container_cluster" "primary" {
subnetwork = "projects/${local.network_project_id}/regions/${local.region}/subnetworks/${var.subnetwork}"

{% if beta_cluster %}
default_snat_status{
default_snat_status {
disabled = var.disable_default_snat
}
{% endif %}
min_master_version = var.release_channel != null ? null : local.master_version

{% if beta_cluster %}
{% if beta_cluster and autopilot_cluster != true %}
dynamic "cluster_telemetry" {
for_each = local.cluster_telemetry_type_is_set ? [1] : []
content {
Expand Down Expand Up @@ -98,7 +99,7 @@ resource "google_container_cluster" "primary" {
logging_service = var.logging_service
monitoring_service = var.monitoring_service
{% endif %}

{% if autopilot_cluster != true %}
cluster_autoscaling {
enabled = var.cluster_autoscaling.enabled
dynamic "auto_provisioning_defaults" {
Expand All @@ -107,14 +108,14 @@ resource "google_container_cluster" "primary" {
content {
service_account = local.service_account
oauth_scopes = local.node_pools_oauth_scopes["all"]
{% if beta_cluster %}
{% if beta_cluster %}
min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "")
{% endif %}
{% endif %}
}
}
{% if beta_cluster %}
{% if beta_cluster %}
autoscaling_profile = var.cluster_autoscaling.autoscaling_profile != null ? var.cluster_autoscaling.autoscaling_profile : "BALANCED"
{% endif %}
{% endif %}
dynamic "resource_limits" {
for_each = local.autoscaling_resource_limits
content {
Expand All @@ -124,16 +125,15 @@ resource "google_container_cluster" "primary" {
}
}
}

{% endif %}
vertical_pod_autoscaling {
enabled = var.enable_vertical_pod_autoscaling
}

{% if autopilot_cluster != true %}
default_max_pods_per_node = var.default_max_pods_per_node

enable_shielded_nodes = var.enable_shielded_nodes
enable_binary_authorization = var.enable_binary_authorization
{% if beta_cluster %}
{% if beta_cluster %}
enable_intranode_visibility = var.enable_intranode_visibility
enable_kubernetes_alpha = var.enable_kubernetes_alpha
enable_tpu = var.enable_tpu
Expand All @@ -153,6 +153,10 @@ resource "google_container_cluster" "primary" {
}

enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
{% endif %}
{% endif %}
{% if autopilot_cluster %}
enable_autopilot = true
{% endif %}
dynamic "master_authorized_networks_config" {
for_each = local.master_authorized_networks_config
Expand Down Expand Up @@ -181,14 +185,15 @@ resource "google_container_cluster" "primary" {
horizontal_pod_autoscaling {
disabled = !var.horizontal_pod_autoscaling
}

{% if autopilot_cluster != true %}
network_policy_config {
disabled = !var.network_policy
}
{% if beta_cluster %}
{% endif %}
{% if beta_cluster and autopilot_cluster != true %}

istio_config {
disabled = ! var.istio
disabled = !var.istio
auth = var.istio_auth
}

Expand Down Expand Up @@ -258,24 +263,25 @@ resource "google_container_cluster" "primary" {
end_time = maintenance_exclusion.value.end_time
}
}

{% else %}
daily_maintenance_window {
start_time = var.maintenance_start_time
}
{% endif %}
}

{% if autopilot_cluster != true %}
lifecycle {
ignore_changes = [node_pool, initial_node_count, resource_labels["asmv"], resource_labels["mesh_id"]]
}
{% endif %}

timeouts {
create = "45m"
update = "45m"
delete = "45m"
}

{% if autopilot_cluster != true %}
node_pool {
name = "default-pool"
initial_node_count = var.initial_node_count
Expand Down Expand Up @@ -321,6 +327,7 @@ resource "google_container_cluster" "primary" {
}
}
}
{% endif %}

dynamic "resource_usage_export_config" {
for_each = var.resource_usage_export_dataset_id != "" ? [{
Expand Down Expand Up @@ -362,6 +369,7 @@ resource "google_container_cluster" "primary" {
}
{% endif %}

{% if autopilot_cluster != true %}
remove_default_node_pool = var.remove_default_node_pool

dynamic "database_encryption" {
Expand All @@ -380,27 +388,30 @@ resource "google_container_cluster" "primary" {
workload_pool = workload_identity_config.value.workload_pool
}
}
{% endif %}

{% if autopilot_cluster != true %}
dynamic "authenticator_groups_config" {
for_each = local.cluster_authenticator_security_group
content {
security_group = authenticator_groups_config.value.security_group
}
}

{% if beta_cluster %}
{% endif %}
{% if beta_cluster %}
notification_config {
pubsub {
enabled = var.notification_config_topic != "" ? true : false
topic = var.notification_config_topic
topic = var.notification_config_topic
}
}
{% endif %}
{% endif %}
}

{% if autopilot_cluster != true %}
/******************************************
Create Container Cluster node pools
*****************************************/
{% endif %}
{% if update_variant %}
locals {
force_node_pool_recreation_resources = [
Expand Down Expand Up @@ -491,6 +502,7 @@ resource "random_id" "name" {
}

{% endif %}
{% if autopilot_cluster != true %}
resource "google_container_node_pool" "pools" {
{% if beta_cluster %}
provider = google-beta
Expand Down Expand Up @@ -698,3 +710,4 @@ resource "google_container_node_pool" "pools" {
delete = "45m"
}
}
{% endif %}
10 changes: 9 additions & 1 deletion autogen/main/dns.tf.tmpl
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Copyright 2018 Google LLC
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -35,7 +35,9 @@ module "gcloud_delete_default_kube_dns_configmap" {

module_depends_on = concat(
[google_container_cluster.primary.master_version],
{% if autopilot_cluster != true %}
[for pool in google_container_node_pool.pools : pool.name]
{% endif %}
)
}

Expand Down Expand Up @@ -63,7 +65,9 @@ EOF
depends_on = [
module.gcloud_delete_default_kube_dns_configmap.wait,
google_container_cluster.primary,
{% if autopilot_cluster != true %}
google_container_node_pool.pools,
{% endif %}
]
}

Expand All @@ -89,7 +93,9 @@ EOF
depends_on = [
module.gcloud_delete_default_kube_dns_configmap.wait,
google_container_cluster.primary,
{% if autopilot_cluster != true %}
google_container_node_pool.pools,
{% endif %}
]
}

Expand Down Expand Up @@ -118,6 +124,8 @@ EOF
depends_on = [
module.gcloud_delete_default_kube_dns_configmap.wait,
google_container_cluster.primary,
{% if autopilot_cluster != true %}
google_container_node_pool.pools,
{% endif %}
]
}
2 changes: 1 addition & 1 deletion autogen/main/firewall.tf.tmpl
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/**
* Copyright 2018 Google LLC
* Copyright 2022 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down
Loading

0 comments on commit 904e925

Please sign in to comment.