Skip to content

Commit

Permalink
Merge pull request #193 from SubatomicHero/feature/cluster_ipv4_cidr
Browse files Browse the repository at this point in the history
Feature/cluster ipv4 cidr
  • Loading branch information
morgante authored Jun 26, 2019
2 parents f34320d + 2c38f12 commit 075e9c2
Show file tree
Hide file tree
Showing 29 changed files with 179 additions and 116 deletions.
7 changes: 5 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
|------|-------------|:----:|:-----:|:-----:|
| basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
| basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | string | `""` | no |
| description | The description of the cluster | string | `""` | no |
| disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | string | `"true"` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | string | `"true"` | no |
Expand Down Expand Up @@ -233,8 +234,10 @@ To more cleanly handle cases where desired functionality would require complex d

The root module is generated by running `make generate`. Changes to this repository should be made in the [`autogen`](/autogen) directory where appropriate.

Note: The correct sequence to update the repo using autogen functionality is the run `make generate && make generate_docs`. This
will create the various Terraform files, and then generate the Terraform documentation using `terraform-docs`.
Note: The correct sequence to update the repo using autogen
functionality is the run `make generate && make generate_docs`. This
will create the various Terraform files, and then generate the
Terraform documentation using `terraform-docs`.

## Testing

Expand Down
5 changes: 5 additions & 0 deletions autogen/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,11 @@ To more cleanly handle cases where desired functionality would require complex d

The root module is generated by running `make generate`. Changes to this repository should be made in the [`autogen`](/autogen) directory where appropriate.

Note: The correct sequence to update the repo using autogen
functionality is the run `make generate && make generate_docs`. This
will create the various Terraform files, and then generate the
Terraform documentation using `terraform-docs`.

## Testing

### Requirements
Expand Down
11 changes: 7 additions & 4 deletions autogen/cluster_regional.tf
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@ resource "google_container_cluster" "primary" {
description = "${var.description}"
project = "${var.project_id}"

region = "${var.region}"
node_locations = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]

network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
region = "${var.region}"
node_locations = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]
cluster_ipv4_cidr = "${var.cluster_ipv4_cidr}"
network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"

network_policy {
enabled = "${var.network_policy}"
Expand Down Expand Up @@ -74,6 +74,7 @@ resource "google_container_cluster" "primary" {
disabled = "${var.network_policy ? 0 : 1}"
}
{% if beta_cluster %}

istio_config {
disabled = "${var.istio ? 0 : 1}"
}
Expand Down Expand Up @@ -114,12 +115,14 @@ resource "google_container_cluster" "primary" {
}
}
{% if private_cluster %}

private_cluster_config {
enable_private_endpoint = "${var.enable_private_endpoint}"
enable_private_nodes = "${var.enable_private_nodes}"
master_ipv4_cidr_block = "${var.master_ipv4_cidr_block}"
}
{% endif %}

remove_default_node_pool = "${var.remove_default_node_pool}"
{% if beta_cluster %}
database_encryption = ["${var.database_encryption}"]
Expand Down
11 changes: 7 additions & 4 deletions autogen/cluster_zonal.tf
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@ resource "google_container_cluster" "zonal_primary" {
description = "${var.description}"
project = "${var.project_id}"

zone = "${var.zones[0]}"
node_locations = ["${slice(var.zones,1,length(var.zones))}"]

network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
zone = "${var.zones[0]}"
node_locations = ["${slice(var.zones,1,length(var.zones))}"]
cluster_ipv4_cidr = "${var.cluster_ipv4_cidr}"
network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"

network_policy {
enabled = "${var.network_policy}"
Expand Down Expand Up @@ -74,6 +74,7 @@ resource "google_container_cluster" "zonal_primary" {
disabled = "${var.network_policy ? 0 : 1}"
}
{% if beta_cluster %}

istio_config {
disabled = "${var.istio ? 0 : 1}"
}
Expand Down Expand Up @@ -114,12 +115,14 @@ resource "google_container_cluster" "zonal_primary" {
}
}
{% if private_cluster %}

private_cluster_config {
enable_private_endpoint = "${var.enable_private_endpoint}"
enable_private_nodes = "${var.enable_private_nodes}"
master_ipv4_cidr_block = "${var.master_ipv4_cidr_block}"
}
{% endif %}

remove_default_node_pool = "${var.remove_default_node_pool}"
{% if beta_cluster %}
database_encryption = ["${var.database_encryption}"]
Expand Down
26 changes: 12 additions & 14 deletions autogen/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -163,21 +163,19 @@ locals {
cluster_master_auth_list_layer1 = "${local.cluster_type_output_master_auth[local.cluster_type]}"
cluster_master_auth_list_layer2 = "${local.cluster_master_auth_list_layer1[0]}"
cluster_master_auth_map = "${local.cluster_master_auth_list_layer2[0]}"

# cluster locals
cluster_name = "${local.cluster_type_output_name[local.cluster_type]}"
cluster_location = "${local.cluster_type_output_location[local.cluster_type]}"
cluster_region = "${local.cluster_type_output_region[local.cluster_type]}"
cluster_zones = "${sort(local.cluster_type_output_zones[local.cluster_type])}"
cluster_endpoint = "${local.cluster_type_output_endpoint[local.cluster_type]}"
cluster_ca_certificate = "${lookup(local.cluster_master_auth_map, "cluster_ca_certificate")}"
cluster_master_version = "${local.cluster_type_output_master_version[local.cluster_type]}"
cluster_min_master_version = "${local.cluster_type_output_min_master_version[local.cluster_type]}"
cluster_logging_service = "${local.cluster_type_output_logging_service[local.cluster_type]}"
cluster_monitoring_service = "${local.cluster_type_output_monitoring_service[local.cluster_type]}"
cluster_node_pools_names = "${local.cluster_type_output_node_pools_names[local.cluster_type]}"
cluster_node_pools_versions = "${local.cluster_type_output_node_pools_versions[local.cluster_type]}"

cluster_name = "${local.cluster_type_output_name[local.cluster_type]}"
cluster_location = "${local.cluster_type_output_location[local.cluster_type]}"
cluster_region = "${local.cluster_type_output_region[local.cluster_type]}"
cluster_zones = "${sort(local.cluster_type_output_zones[local.cluster_type])}"
cluster_endpoint = "${local.cluster_type_output_endpoint[local.cluster_type]}"
cluster_ca_certificate = "${lookup(local.cluster_master_auth_map, "cluster_ca_certificate")}"
cluster_master_version = "${local.cluster_type_output_master_version[local.cluster_type]}"
cluster_min_master_version = "${local.cluster_type_output_min_master_version[local.cluster_type]}"
cluster_logging_service = "${local.cluster_type_output_logging_service[local.cluster_type]}"
cluster_monitoring_service = "${local.cluster_type_output_monitoring_service[local.cluster_type]}"
cluster_node_pools_names = "${local.cluster_type_output_node_pools_names[local.cluster_type]}"
cluster_node_pools_versions = "${local.cluster_type_output_node_pools_versions[local.cluster_type]}"
cluster_network_policy_enabled = "${local.cluster_type_output_network_policy_enabled[local.cluster_type] ? false : true}"
cluster_http_load_balancing_enabled = "${local.cluster_type_output_http_load_balancing_enabled[local.cluster_type] ? false : true}"
cluster_horizontal_pod_autoscaling_enabled = "${local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type] ? false : true}"
Expand Down
4 changes: 2 additions & 2 deletions autogen/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -112,8 +112,8 @@ output "service_account" {
description = "The service account to default running nodes as if not overridden in `node_pools`."
value = "${local.service_account}"
}

{% if beta_cluster %}

output "istio_enabled" {
description = "Whether Istio is enabled"
value = "${local.cluster_istio_enabled}"
Expand All @@ -124,8 +124,8 @@ output "cloudrun_enabled" {
value = "${local.cluster_cloudrun_enabled}"
}
{% endif %}

{% if private_cluster %}

output "pod_security_policy_enabled" {
description = "Whether pod security policy is enabled"
value = "${local.cluster_pod_security_policy_enabled}"
Expand Down
9 changes: 7 additions & 2 deletions autogen/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -251,8 +251,8 @@ variable "service_account" {
description = "The service account to run nodes as if not overridden in `node_pools`. The default value will cause a cluster-specific service account to be created."
default = "create"
}

{% if private_cluster %}

variable "deploy_using_private_endpoint" {
description = "(Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment."
default = "false"
Expand All @@ -273,8 +273,8 @@ variable "master_ipv4_cidr_block" {
default = "10.0.0.0/28"
}
{% endif %}

{% if beta_cluster %}

variable "istio" {
description = "(Beta) Enable Istio addon"
default = false
Expand Down Expand Up @@ -315,3 +315,8 @@ variable "issue_client_certificate" {
description = "Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive!"
default = "false"
}

variable "cluster_ipv4_cidr" {
default = ""
description = "The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR."
}
9 changes: 5 additions & 4 deletions cluster_regional.tf
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@ resource "google_container_cluster" "primary" {
description = "${var.description}"
project = "${var.project_id}"

region = "${var.region}"
node_locations = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]

network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
region = "${var.region}"
node_locations = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]
cluster_ipv4_cidr = "${var.cluster_ipv4_cidr}"
network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"

network_policy {
enabled = "${var.network_policy}"
Expand Down Expand Up @@ -100,6 +100,7 @@ resource "google_container_cluster" "primary" {
service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"
}
}

remove_default_node_pool = "${var.remove_default_node_pool}"
}

Expand Down
9 changes: 5 additions & 4 deletions cluster_zonal.tf
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@ resource "google_container_cluster" "zonal_primary" {
description = "${var.description}"
project = "${var.project_id}"

zone = "${var.zones[0]}"
node_locations = ["${slice(var.zones,1,length(var.zones))}"]

network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
zone = "${var.zones[0]}"
node_locations = ["${slice(var.zones,1,length(var.zones))}"]
cluster_ipv4_cidr = "${var.cluster_ipv4_cidr}"
network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"

network_policy {
enabled = "${var.network_policy}"
Expand Down Expand Up @@ -100,6 +100,7 @@ resource "google_container_cluster" "zonal_primary" {
service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"
}
}

remove_default_node_pool = "${var.remove_default_node_pool}"
}

Expand Down
25 changes: 12 additions & 13 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -128,19 +128,18 @@ locals {
cluster_master_auth_map = "${local.cluster_master_auth_list_layer2[0]}"

# cluster locals
cluster_name = "${local.cluster_type_output_name[local.cluster_type]}"
cluster_location = "${local.cluster_type_output_location[local.cluster_type]}"
cluster_region = "${local.cluster_type_output_region[local.cluster_type]}"
cluster_zones = "${sort(local.cluster_type_output_zones[local.cluster_type])}"
cluster_endpoint = "${local.cluster_type_output_endpoint[local.cluster_type]}"
cluster_ca_certificate = "${lookup(local.cluster_master_auth_map, "cluster_ca_certificate")}"
cluster_master_version = "${local.cluster_type_output_master_version[local.cluster_type]}"
cluster_min_master_version = "${local.cluster_type_output_min_master_version[local.cluster_type]}"
cluster_logging_service = "${local.cluster_type_output_logging_service[local.cluster_type]}"
cluster_monitoring_service = "${local.cluster_type_output_monitoring_service[local.cluster_type]}"
cluster_node_pools_names = "${local.cluster_type_output_node_pools_names[local.cluster_type]}"
cluster_node_pools_versions = "${local.cluster_type_output_node_pools_versions[local.cluster_type]}"

cluster_name = "${local.cluster_type_output_name[local.cluster_type]}"
cluster_location = "${local.cluster_type_output_location[local.cluster_type]}"
cluster_region = "${local.cluster_type_output_region[local.cluster_type]}"
cluster_zones = "${sort(local.cluster_type_output_zones[local.cluster_type])}"
cluster_endpoint = "${local.cluster_type_output_endpoint[local.cluster_type]}"
cluster_ca_certificate = "${lookup(local.cluster_master_auth_map, "cluster_ca_certificate")}"
cluster_master_version = "${local.cluster_type_output_master_version[local.cluster_type]}"
cluster_min_master_version = "${local.cluster_type_output_min_master_version[local.cluster_type]}"
cluster_logging_service = "${local.cluster_type_output_logging_service[local.cluster_type]}"
cluster_monitoring_service = "${local.cluster_type_output_monitoring_service[local.cluster_type]}"
cluster_node_pools_names = "${local.cluster_type_output_node_pools_names[local.cluster_type]}"
cluster_node_pools_versions = "${local.cluster_type_output_node_pools_versions[local.cluster_type]}"
cluster_network_policy_enabled = "${local.cluster_type_output_network_policy_enabled[local.cluster_type] ? false : true}"
cluster_http_load_balancing_enabled = "${local.cluster_type_output_http_load_balancing_enabled[local.cluster_type] ? false : true}"
cluster_horizontal_pod_autoscaling_enabled = "${local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type] ? false : true}"
Expand Down
6 changes: 6 additions & 0 deletions modules/beta-private-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
| basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
| basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
| cloudrun | (Beta) Enable CloudRun addon | string | `"false"` | no |
| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | string | `""` | no |
| database\_encryption | Application-layer Secrets Encryption settings. Example: database_encryption = [{ state = "ENCRYPTED", key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key" }] | list | `<list>` | no |
| deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | string | `"false"` | no |
| description | The description of the cluster | string | `""` | no |
Expand Down Expand Up @@ -252,6 +253,11 @@ To more cleanly handle cases where desired functionality would require complex d

The root module is generated by running `make generate`. Changes to this repository should be made in the [`autogen`](/autogen) directory where appropriate.

Note: The correct sequence to update the repo using autogen
functionality is the run `make generate && make generate_docs`. This
will create the various Terraform files, and then generate the
Terraform documentation using `terraform-docs`.

## Testing

### Requirements
Expand Down
11 changes: 7 additions & 4 deletions modules/beta-private-cluster/cluster_regional.tf
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@ resource "google_container_cluster" "primary" {
description = "${var.description}"
project = "${var.project_id}"

region = "${var.region}"
node_locations = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]

network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
region = "${var.region}"
node_locations = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]
cluster_ipv4_cidr = "${var.cluster_ipv4_cidr}"
network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"

network_policy {
enabled = "${var.network_policy}"
Expand Down Expand Up @@ -71,6 +71,7 @@ resource "google_container_cluster" "primary" {
network_policy_config {
disabled = "${var.network_policy ? 0 : 1}"
}

istio_config {
disabled = "${var.istio ? 0 : 1}"
}
Expand Down Expand Up @@ -109,11 +110,13 @@ resource "google_container_cluster" "primary" {
service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"
}
}

private_cluster_config {
enable_private_endpoint = "${var.enable_private_endpoint}"
enable_private_nodes = "${var.enable_private_nodes}"
master_ipv4_cidr_block = "${var.master_ipv4_cidr_block}"
}

remove_default_node_pool = "${var.remove_default_node_pool}"
database_encryption = ["${var.database_encryption}"]
}
Expand Down
11 changes: 7 additions & 4 deletions modules/beta-private-cluster/cluster_zonal.tf
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,10 @@ resource "google_container_cluster" "zonal_primary" {
description = "${var.description}"
project = "${var.project_id}"

zone = "${var.zones[0]}"
node_locations = ["${slice(var.zones,1,length(var.zones))}"]

network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
zone = "${var.zones[0]}"
node_locations = ["${slice(var.zones,1,length(var.zones))}"]
cluster_ipv4_cidr = "${var.cluster_ipv4_cidr}"
network = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"

network_policy {
enabled = "${var.network_policy}"
Expand Down Expand Up @@ -71,6 +71,7 @@ resource "google_container_cluster" "zonal_primary" {
network_policy_config {
disabled = "${var.network_policy ? 0 : 1}"
}

istio_config {
disabled = "${var.istio ? 0 : 1}"
}
Expand Down Expand Up @@ -109,11 +110,13 @@ resource "google_container_cluster" "zonal_primary" {
service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"
}
}

private_cluster_config {
enable_private_endpoint = "${var.enable_private_endpoint}"
enable_private_nodes = "${var.enable_private_nodes}"
master_ipv4_cidr_block = "${var.master_ipv4_cidr_block}"
}

remove_default_node_pool = "${var.remove_default_node_pool}"
database_encryption = ["${var.database_encryption}"]
}
Expand Down
Loading

0 comments on commit 075e9c2

Please sign in to comment.