Skip to content

Commit

Permalink
fix: remove dns from autopilot (#2152)
Browse files Browse the repository at this point in the history
  • Loading branch information
apeabody authored Oct 30, 2024
1 parent 6a82192 commit 2e645cd
Show file tree
Hide file tree
Showing 14 changed files with 14 additions and 208 deletions.
2 changes: 2 additions & 0 deletions autogen/main/dns.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

{{ autogeneration_note }}

{% if autopilot_cluster != true %}
/******************************************
Manage kube-dns configmaps
*****************************************/
Expand Down Expand Up @@ -95,3 +96,4 @@ EOF
{% endif %}
]
}
{% endif %}
2 changes: 2 additions & 0 deletions autogen/main/main.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -78,8 +78,10 @@ locals {
{% endif %}


{% if autopilot_cluster != true %}
custom_kube_dns_config = length(keys(var.stub_domains)) > 0
upstream_nameservers_config = length(var.upstream_nameservers) > 0
{% endif %}
network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id
zone_count = length(var.zones)
cluster_type = var.regional ? "regional" : "zonal"
Expand Down
2 changes: 2 additions & 0 deletions autogen/main/moved.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
* limitations under the License.
*/

{% if autopilot_cluster != true %}
# Updates for kebab to snake case, to match best practices and Google style.
moved {
from = kubernetes_config_map_v1_data.kube-dns
Expand All @@ -30,6 +31,7 @@ moved {
from = kubernetes_config_map_v1_data.kube-dns-upstream-nameservers-and-stub-domains
to = kubernetes_config_map_v1_data.kube_dns_upstream_nameservers_and_stub_domains
}
{% endif %}

moved {
from = kubernetes_config_map.ip-masq-agent
Expand Down
2 changes: 2 additions & 0 deletions autogen/main/variables.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -357,6 +357,7 @@ variable "network_tags" {
default = []
}

{% if autopilot_cluster != true %}
variable "stub_domains" {
type = map(list(string))
description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
Expand All @@ -368,6 +369,7 @@ variable "upstream_nameservers" {
description = "If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf"
default = []
}
{% endif %}

variable "non_masquerade_cidrs" {
type = list(string)
Expand Down
2 changes: 0 additions & 2 deletions modules/beta-autopilot-private-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -152,10 +152,8 @@ Then perform the following commands on the root folder:
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
| stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no |
| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
| upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no |
| workload\_config\_audit\_mode | (beta) Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC. | `string` | `"DISABLED"` | no |
| workload\_vulnerability\_mode | (beta) Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC. | `string` | `""` | no |
| zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no |
Expand Down
70 changes: 0 additions & 70 deletions modules/beta-autopilot-private-cluster/dns.tf
Original file line number Diff line number Diff line change
Expand Up @@ -16,73 +16,3 @@

// This file was automatically generated from a template in ./autogen/main

/******************************************
Manage kube-dns configmaps
*****************************************/

resource "kubernetes_config_map_v1_data" "kube_dns" {
count = local.custom_kube_dns_config && !local.upstream_nameservers_config ? 1 : 0

metadata {
name = "kube-dns"
namespace = "kube-system"
}

data = {
stubDomains = <<EOF
${jsonencode(var.stub_domains)}
EOF
}

force = true

depends_on = [
google_container_cluster.primary,
]
}

resource "kubernetes_config_map_v1_data" "kube_dns_upstream_nameservers" {
count = !local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0

metadata {
name = "kube-dns"
namespace = "kube-system"
}

data = {
upstreamNameservers = <<EOF
${jsonencode(var.upstream_nameservers)}
EOF
}

force = true

depends_on = [
google_container_cluster.primary,
]
}

resource "kubernetes_config_map_v1_data" "kube_dns_upstream_nameservers_and_stub_domains" {
count = local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0

metadata {
name = "kube-dns"
namespace = "kube-system"
}

data = {
upstreamNameservers = <<EOF
${jsonencode(var.upstream_nameservers)}
EOF

stubDomains = <<EOF
${jsonencode(var.stub_domains)}
EOF
}

force = true

depends_on = [
google_container_cluster.primary,
]
}
8 changes: 3 additions & 5 deletions modules/beta-autopilot-private-cluster/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -56,11 +56,9 @@ locals {



custom_kube_dns_config = length(keys(var.stub_domains)) > 0
upstream_nameservers_config = length(var.upstream_nameservers) > 0
network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id
zone_count = length(var.zones)
cluster_type = var.regional ? "regional" : "zonal"
network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id
zone_count = length(var.zones)
cluster_type = var.regional ? "regional" : "zonal"

cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}
Expand Down
16 changes: 0 additions & 16 deletions modules/beta-autopilot-private-cluster/moved.tf
Original file line number Diff line number Diff line change
Expand Up @@ -14,22 +14,6 @@
* limitations under the License.
*/

# Updates for kebab to snake case, to match best practices and Google style.
moved {
from = kubernetes_config_map_v1_data.kube-dns
to = kubernetes_config_map_v1_data.kube_dns
}

# Typo fix and snake case at the same time
moved {
from = kubernetes_config_map_v1_data.kube-dns-upstream-namservers
to = kubernetes_config_map_v1_data.kube_dns_upstream_nameservers
}

moved {
from = kubernetes_config_map_v1_data.kube-dns-upstream-nameservers-and-stub-domains
to = kubernetes_config_map_v1_data.kube_dns_upstream_nameservers_and_stub_domains
}

moved {
from = kubernetes_config_map.ip-masq-agent
Expand Down
11 changes: 0 additions & 11 deletions modules/beta-autopilot-private-cluster/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -185,17 +185,6 @@ variable "network_tags" {
default = []
}

variable "stub_domains" {
type = map(list(string))
description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
default = {}
}

variable "upstream_nameservers" {
type = list(string)
description = "If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf"
default = []
}

variable "non_masquerade_cidrs" {
type = list(string)
Expand Down
2 changes: 0 additions & 2 deletions modules/beta-autopilot-public-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -140,10 +140,8 @@ Then perform the following commands on the root folder:
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
| stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no |
| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
| upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no |
| workload\_config\_audit\_mode | (beta) Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC. | `string` | `"DISABLED"` | no |
| workload\_vulnerability\_mode | (beta) Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC. | `string` | `""` | no |
| zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no |
Expand Down
70 changes: 0 additions & 70 deletions modules/beta-autopilot-public-cluster/dns.tf
Original file line number Diff line number Diff line change
Expand Up @@ -16,73 +16,3 @@

// This file was automatically generated from a template in ./autogen/main

/******************************************
Manage kube-dns configmaps
*****************************************/

resource "kubernetes_config_map_v1_data" "kube_dns" {
count = local.custom_kube_dns_config && !local.upstream_nameservers_config ? 1 : 0

metadata {
name = "kube-dns"
namespace = "kube-system"
}

data = {
stubDomains = <<EOF
${jsonencode(var.stub_domains)}
EOF
}

force = true

depends_on = [
google_container_cluster.primary,
]
}

resource "kubernetes_config_map_v1_data" "kube_dns_upstream_nameservers" {
count = !local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0

metadata {
name = "kube-dns"
namespace = "kube-system"
}

data = {
upstreamNameservers = <<EOF
${jsonencode(var.upstream_nameservers)}
EOF
}

force = true

depends_on = [
google_container_cluster.primary,
]
}

resource "kubernetes_config_map_v1_data" "kube_dns_upstream_nameservers_and_stub_domains" {
count = local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0

metadata {
name = "kube-dns"
namespace = "kube-system"
}

data = {
upstreamNameservers = <<EOF
${jsonencode(var.upstream_nameservers)}
EOF

stubDomains = <<EOF
${jsonencode(var.stub_domains)}
EOF
}

force = true

depends_on = [
google_container_cluster.primary,
]
}
8 changes: 3 additions & 5 deletions modules/beta-autopilot-public-cluster/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -56,11 +56,9 @@ locals {



custom_kube_dns_config = length(keys(var.stub_domains)) > 0
upstream_nameservers_config = length(var.upstream_nameservers) > 0
network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id
zone_count = length(var.zones)
cluster_type = var.regional ? "regional" : "zonal"
network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id
zone_count = length(var.zones)
cluster_type = var.regional ? "regional" : "zonal"

cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}
Expand Down
16 changes: 0 additions & 16 deletions modules/beta-autopilot-public-cluster/moved.tf
Original file line number Diff line number Diff line change
Expand Up @@ -14,22 +14,6 @@
* limitations under the License.
*/

# Updates for kebab to snake case, to match best practices and Google style.
moved {
from = kubernetes_config_map_v1_data.kube-dns
to = kubernetes_config_map_v1_data.kube_dns
}

# Typo fix and snake case at the same time
moved {
from = kubernetes_config_map_v1_data.kube-dns-upstream-namservers
to = kubernetes_config_map_v1_data.kube_dns_upstream_nameservers
}

moved {
from = kubernetes_config_map_v1_data.kube-dns-upstream-nameservers-and-stub-domains
to = kubernetes_config_map_v1_data.kube_dns_upstream_nameservers_and_stub_domains
}

moved {
from = kubernetes_config_map.ip-masq-agent
Expand Down
11 changes: 0 additions & 11 deletions modules/beta-autopilot-public-cluster/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -185,17 +185,6 @@ variable "network_tags" {
default = []
}

variable "stub_domains" {
type = map(list(string))
description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
default = {}
}

variable "upstream_nameservers" {
type = list(string)
description = "If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf"
default = []
}

variable "non_masquerade_cidrs" {
type = list(string)
Expand Down

0 comments on commit 2e645cd

Please sign in to comment.