Skip to content

Commit

Permalink
Merge pull request #206 from terraform-google-modules/aaron-lane-v3.0.0
Browse files Browse the repository at this point in the history
v3.0
  • Loading branch information
aaron-lane authored Jul 8, 2019
2 parents f15c674 + 321eabe commit 0cb8bd6
Show file tree
Hide file tree
Showing 64 changed files with 1,435 additions and 37 deletions.
14 changes: 14 additions & 0 deletions .kitchen.yml
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,20 @@ suites:
systems:
- name: stub_domains_private
backend: local
- name: "upstream_nameservers"
driver:
root_module_directory: test/fixtures/upstream_nameservers
verifier:
systems:
- name: upstream_nameservers
backend: local
- name: "stub_domains_upstream_nameservers"
driver:
root_module_directory: test/fixtures/stub_domains_upstream_nameservers
verifier:
systems:
- name: stub_domains_upstream_nameservers
backend: local
- name: "workload_metadata_config"
driver:
root_module_directory: test/fixtures/workload_metadata_config
Expand Down
14 changes: 10 additions & 4 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ Extending the adopted spec, each change should have a link to its corresponding

## [Unreleased]

## [v3.0.0] - 2019-07-08

### Added

* Add configuration flag for enable BinAuthZ Admission controller [#160] [#188]
Expand All @@ -16,15 +18,16 @@ Extending the adopted spec, each change should have a link to its corresponding
* Support to scale the default node cluster. [#149]
* Support for configuring the network policy provider. [#159]
* Support for database encryption. [#165]
* Submodules for public and private clusters with beta features. [#124] [#188]
* Submodules for public and private clusters with beta features. [#124] [#188] [#203]
* Support for configuring cluster IPv4 CIDRs. [#193]
* Support for configuring IP Masquerade. [#187]
* Support for v2.9 of the Google providers. [#198]
* Support for upstreamNameservers. [#207]

### Fixed

* Dropped support for v2.7 of the Google providers; these versions were
incompatible with the guest accelerator. [#198]
* Dropped support for versions of the Google provider earlier than v2.9; these versions multiple
incompatibilities with the module. [#198]

## [v2.1.0] - 2019-05-30

Expand Down Expand Up @@ -131,7 +134,8 @@ Extending the adopted spec, each change should have a link to its corresponding

* Initial release of module.

[Unreleased]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v2.1.0...HEAD
[Unreleased]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v3.0.0...HEAD
[v3.0.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v2.1.0...v3.0.0
[v2.1.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v2.0.1...v2.1.0
[v2.0.1]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v2.0.0...v2.0.1
[v2.0.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v1.0.1...v2.0.0
Expand All @@ -142,6 +146,8 @@ Extending the adopted spec, each change should have a link to its corresponding
[v0.3.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.2.0...v0.3.0
[v0.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.1.0...v0.2.0

[#207]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/207
[#203]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/203
[#198]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/198
[#197]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/197
[#193]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/193
Expand Down
10 changes: 9 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,11 @@ Then perform the following commands on the root folder:
- `terraform apply` to apply the infrastructure build
- `terraform destroy` to destroy the built infrastructure

## Upgrade to v3.0.0

v3.0.0 is a breaking release. Refer to the
[Upgrading to v3.0 guide][upgrading-to-v3.0] for details.

## Upgrade to v2.0.0

v2.0.0 is a breaking release. Refer to the
Expand Down Expand Up @@ -154,6 +159,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
| service\_account | The service account to run nodes as if not overridden in `node_pools`. The default value will cause a cluster-specific service account to be created. | string | `"create"` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map | `<map>` | no |
| subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes |
| upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | list | `<list>` | no |
| zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | list | `<list>` | no |

## Outputs
Expand Down Expand Up @@ -198,7 +204,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
- [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
#### Terraform and Plugins
- [Terraform](https://www.terraform.io/downloads.html) 0.11.x
- [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) v2.3, v2.6, v2.9
- [Terraform Provider for GCP][terraform-provider-google] v2.9

### Configure a Service Account
In order to execute this module you must have a Service Account with the
Expand Down Expand Up @@ -366,3 +372,5 @@ command.
* Dockerfiles - hadolint. Can be found in homebrew

[upgrading-to-v2.0]: docs/upgrading_to_v2.0.md
[upgrading-to-v3.0]: docs/upgrading_to_v3.0.md
[terraform-provider-google]: https://github.com/terraform-providers/terraform-provider-google
19 changes: 17 additions & 2 deletions autogen/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,11 @@ Then perform the following commands on the root folder:
- `terraform apply` to apply the infrastructure build
- `terraform destroy` to destroy the built infrastructure

## Upgrade to v3.0.0

v3.0.0 is a breaking release. Refer to the
[Upgrading to v3.0 guide][upgrading-to-v3.0] for details.

## Upgrade to v2.0.0

v2.0.0 is a breaking release. Refer to the
Expand Down Expand Up @@ -142,9 +147,9 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
#### Terraform and Plugins
- [Terraform](https://www.terraform.io/downloads.html) 0.11.x
{% if private_cluster or beta_cluster %}
- [terraform-provider-google-beta](https://github.com/terraform-providers/terraform-provider-google-beta) v2.3, v2.6, v2.9
- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v2.9
{% else %}
- [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) v2.3, v2.6, v2.9
- [Terraform Provider for GCP][terraform-provider-google] v2.9
{% endif %}

### Configure a Service Account
Expand Down Expand Up @@ -317,3 +322,13 @@ command.
{% else %}
[upgrading-to-v2.0]: docs/upgrading_to_v2.0.md
{% endif %}
{% if private_cluster or beta_cluster %}
[upgrading-to-v3.0]: ../../docs/upgrading_to_v3.0.md
{% else %}
[upgrading-to-v3.0]: docs/upgrading_to_v3.0.md
{% endif %}
{% if private_cluster or beta_cluster %}
[terraform-provider-google-beta]: https://github.com/terraform-providers/terraform-provider-google-beta
{% else %}
[terraform-provider-google]: https://github.com/terraform-providers/terraform-provider-google
{% endif %}
1 change: 1 addition & 0 deletions autogen/cluster_regional.tf
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ resource "google_container_cluster" "primary" {
node_config {
service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"
{% if beta_cluster %}

workload_metadata_config = "${local.cluster_node_metadata_config["${var.node_metadata == "UNSPECIFIED" ? "unspecified" : "specified"}"]}"
{% endif %}
}
Expand Down
7 changes: 4 additions & 3 deletions autogen/cluster_zonal.tf
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,10 @@ resource "google_container_cluster" "zonal_primary" {
monitoring_service = "${var.monitoring_service}"

{% if beta_cluster %}
enable_binary_authorization = "${var.enable_binary_authorization}"
pod_security_policy_config = "${var.pod_security_policy_config}"
{% endif %}
enable_binary_authorization = "${var.enable_binary_authorization}"
pod_security_policy_config = "${var.pod_security_policy_config}"

{% endif %}
master_authorized_networks_config = ["${var.master_authorized_networks_config}"]

master_auth {
Expand Down Expand Up @@ -108,6 +108,7 @@ resource "google_container_cluster" "zonal_primary" {
node_config {
service_account = "${lookup(var.node_pools[0], "service_account", local.service_account)}"
{% if beta_cluster %}

workload_metadata_config = "${local.cluster_node_metadata_config["${var.node_metadata == "UNSPECIFIED" ? "unspecified" : "specified"}"]}"
{% endif %}
}
Expand Down
50 changes: 48 additions & 2 deletions autogen/dns.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
Delete default kube-dns configmap
*****************************************/
resource "null_resource" "delete_default_kube_dns_configmap" {
count = "${local.custom_kube_dns_config ? 1 : 0}"
count = "${local.custom_kube_dns_config || local.upstream_nameservers_config ? 1 : 0}"

provisioner "local-exec" {
command = "${path.module}/scripts/kubectl_wrapper.sh https://${local.cluster_endpoint} ${data.google_client_config.default.access_token} ${local.cluster_ca_certificate} ${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"
Expand All @@ -33,7 +33,7 @@ resource "null_resource" "delete_default_kube_dns_configmap" {
Create kube-dns confimap
*****************************************/
resource "kubernetes_config_map" "kube-dns" {
count = "${local.custom_kube_dns_config ? 1 : 0}"
count = "${local.custom_kube_dns_config && !local.upstream_nameservers_config ? 1 : 0}"

metadata {
name = "kube-dns"
Expand All @@ -52,3 +52,49 @@ EOF

depends_on = ["null_resource.delete_default_kube_dns_configmap", "data.google_client_config.default", "google_container_cluster.primary", "google_container_node_pool.pools", "google_container_cluster.zonal_primary", "google_container_node_pool.zonal_pools"]
}

resource "kubernetes_config_map" "kube-dns-upstream-namservers" {
count = "${!local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0}"

metadata {
name = "kube-dns"
namespace = "kube-system"

labels {
maintained_by = "terraform"
}
}

data {
upstreamNameservers = <<EOF
${jsonencode(var.upstream_nameservers)}
EOF
}

depends_on = ["null_resource.delete_default_kube_dns_configmap", "data.google_client_config.default", "google_container_cluster.primary", "google_container_node_pool.pools", "google_container_cluster.zonal_primary", "google_container_node_pool.zonal_pools"]
}

resource "kubernetes_config_map" "kube-dns-upstream-nameservers-and-stub-domains" {
count = "${local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0}"

metadata {
name = "kube-dns"
namespace = "kube-system"

labels {
maintained_by = "terraform"
}
}

data {
upstreamNameservers = <<EOF
${jsonencode(var.upstream_nameservers)}
EOF

stubDomains = <<EOF
${jsonencode(var.stub_domains)}
EOF
}

depends_on = ["null_resource.delete_default_kube_dns_configmap", "data.google_client_config.default", "google_container_cluster.primary", "google_container_node_pool.pools", "google_container_cluster.zonal_primary", "google_container_node_pool.zonal_pools"]
}
6 changes: 3 additions & 3 deletions autogen/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ locals {
node_version_regional = "${var.node_version != "" && var.regional ? var.node_version : local.kubernetes_version_regional}"
node_version_zonal = "${var.node_version != "" && !var.regional ? var.node_version : local.kubernetes_version_zonal}"
custom_kube_dns_config = "${length(keys(var.stub_domains)) > 0 ? true : false}"
upstream_nameservers_config = "${length(var.upstream_nameservers) > 0 ? true : false}"
network_project_id = "${var.network_project_id != "" ? var.network_project_id : var.project_id}"

cluster_type = "${var.regional ? "regional" : "zonal"}"
Expand Down Expand Up @@ -195,9 +196,8 @@ locals {
cluster_kubernetes_dashboard_enabled = "${local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type] ? false : true}"
{% if beta_cluster %}
# BETA features
cluster_istio_enabled = "${local.cluster_type_output_istio_enabled[local.cluster_type] ? false : true}"
cluster_cloudrun_enabled = "${var.cloudrun}"

cluster_istio_enabled = "${local.cluster_type_output_istio_enabled[local.cluster_type] ? false : true}"
cluster_cloudrun_enabled = "${var.cloudrun}"
cluster_pod_security_policy_enabled = "${local.cluster_type_output_pod_security_policy_enabled[local.cluster_type] ? true : false}"
# /BETA features
{% endif %}
Expand Down
1 change: 1 addition & 0 deletions autogen/outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,7 @@ output "service_account" {
value = "${local.service_account}"
}
{% if beta_cluster %}

output "istio_enabled" {
description = "Whether Istio is enabled"
value = "${local.cluster_istio_enabled}"
Expand Down
6 changes: 6 additions & 0 deletions autogen/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,12 @@ variable "stub_domains" {
default = {}
}

variable "upstream_nameservers" {
type = "list"
description = "If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf"
default = []
}

variable "non_masquerade_cidrs" {
type = "list"
description = "List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading."
Expand Down
1 change: 0 additions & 1 deletion cluster_zonal.tf
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ resource "google_container_cluster" "zonal_primary" {
logging_service = "${var.logging_service}"
monitoring_service = "${var.monitoring_service}"


master_authorized_networks_config = ["${var.master_authorized_networks_config}"]

master_auth {
Expand Down
50 changes: 48 additions & 2 deletions dns.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
Delete default kube-dns configmap
*****************************************/
resource "null_resource" "delete_default_kube_dns_configmap" {
count = "${local.custom_kube_dns_config ? 1 : 0}"
count = "${local.custom_kube_dns_config || local.upstream_nameservers_config ? 1 : 0}"

provisioner "local-exec" {
command = "${path.module}/scripts/kubectl_wrapper.sh https://${local.cluster_endpoint} ${data.google_client_config.default.access_token} ${local.cluster_ca_certificate} ${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"
Expand All @@ -33,7 +33,7 @@ resource "null_resource" "delete_default_kube_dns_configmap" {
Create kube-dns confimap
*****************************************/
resource "kubernetes_config_map" "kube-dns" {
count = "${local.custom_kube_dns_config ? 1 : 0}"
count = "${local.custom_kube_dns_config && !local.upstream_nameservers_config ? 1 : 0}"

metadata {
name = "kube-dns"
Expand All @@ -52,3 +52,49 @@ EOF

depends_on = ["null_resource.delete_default_kube_dns_configmap", "data.google_client_config.default", "google_container_cluster.primary", "google_container_node_pool.pools", "google_container_cluster.zonal_primary", "google_container_node_pool.zonal_pools"]
}

resource "kubernetes_config_map" "kube-dns-upstream-namservers" {
count = "${!local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0}"

metadata {
name = "kube-dns"
namespace = "kube-system"

labels {
maintained_by = "terraform"
}
}

data {
upstreamNameservers = <<EOF
${jsonencode(var.upstream_nameservers)}
EOF
}

depends_on = ["null_resource.delete_default_kube_dns_configmap", "data.google_client_config.default", "google_container_cluster.primary", "google_container_node_pool.pools", "google_container_cluster.zonal_primary", "google_container_node_pool.zonal_pools"]
}

resource "kubernetes_config_map" "kube-dns-upstream-nameservers-and-stub-domains" {
count = "${local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0}"

metadata {
name = "kube-dns"
namespace = "kube-system"

labels {
maintained_by = "terraform"
}
}

data {
upstreamNameservers = <<EOF
${jsonencode(var.upstream_nameservers)}
EOF

stubDomains = <<EOF
${jsonencode(var.stub_domains)}
EOF
}

depends_on = ["null_resource.delete_default_kube_dns_configmap", "data.google_client_config.default", "google_container_cluster.primary", "google_container_node_pool.pools", "google_container_cluster.zonal_primary", "google_container_node_pool.zonal_pools"]
}
Loading

0 comments on commit 0cb8bd6

Please sign in to comment.