Skip to content

Commit

Permalink
Moved sanbox_config to node_pool resouce (Fix #240)
Browse files Browse the repository at this point in the history
  • Loading branch information
paulpalamarchuk committed Oct 18, 2019
1 parent aa048e1 commit b3c8466
Show file tree
Hide file tree
Showing 19 changed files with 305 additions and 77 deletions.
7 changes: 7 additions & 0 deletions .kitchen.yml
Original file line number Diff line number Diff line change
Expand Up @@ -131,3 +131,10 @@ suites:
systems:
- name: workload_metadata_config
backend: local
- name: "sandbox_enabled"
driver:
root_module_directory: test/fixtures/sandbox_enabled
verifier:
systems:
- name: sandbox_enabled
backend: local
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
# Make will use bash instead of sh
SHELL := /usr/bin/env bash

DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.1.0
DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.4.2
DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
REGISTRY_URL := gcr.io/cloud-foundation-cicd

Expand Down
16 changes: 8 additions & 8 deletions autogen/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -167,14 +167,6 @@ resource "google_container_cluster" "primary" {
node_metadata = workload_metadata_config.value.node_metadata
}
}

dynamic "sandbox_config" {
for_each = local.cluster_sandbox_enabled

content {
sandbox_type = sandbox_config.value
}
}
{% endif %}
}
}
Expand Down Expand Up @@ -415,6 +407,14 @@ resource "google_container_node_pool" "pools" {
node_metadata = workload_metadata_config.value.node_metadata
}
}

dynamic "sandbox_config" {
for_each = local.cluster_sandbox_enabled

content {
sandbox_type = sandbox_config.value
}
}
{% endif %}
}

Expand Down
2 changes: 1 addition & 1 deletion build/int.cloudbuild.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -38,4 +38,4 @@ tags:
- 'integration'
substitutions:
_DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
_DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.1.0'
_DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.4.2'
2 changes: 1 addition & 1 deletion build/lint.cloudbuild.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,4 @@ tags:
- 'lint'
substitutions:
_DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
_DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.1.0'
_DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.4.2'
11 changes: 6 additions & 5 deletions examples/simple_regional_beta/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,22 +2,24 @@

This example illustrates how to create a simple cluster with beta features.

[^]: (autogen_docs_start)

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| cloudrun | Boolean to enable / disable CloudRun | string | `"true"` | no |
| cluster\_name\_suffix | A suffix to append to the default cluster name | string | `""` | no |
| compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | string | n/a | yes |
| credentials\_path | The path to the GCP credentials JSON file | string | n/a | yes |
| ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes |
| ip\_range\_services | The secondary ip range to use for pods | string | n/a | yes |
| istio | Boolean to enable / disable Istio | string | `"true"` | no |
| network | The VPC network to host the cluster in | string | n/a | yes |
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | string | `"SECURE"` | no |
| node\_pools | List of maps containing node pools | list(map(string)) | `<list>` | no |
| project\_id | The project ID to host the cluster in | string | n/a | yes |
| region | The region to host the cluster in | string | n/a | yes |
| remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no |
| sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it). | bool | `"false"` | no |
| subnetwork | The subnetwork to host the cluster in | string | n/a | yes |

## Outputs
Expand All @@ -27,7 +29,6 @@ This example illustrates how to create a simple cluster with beta features.
| ca\_certificate | |
| client\_token | |
| cluster\_name | Cluster name |
| credentials\_path | |
| ip\_range\_pods | The secondary IP range used for pods |
| ip\_range\_services | The secondary IP range used for services |
| kubernetes\_endpoint | |
Expand All @@ -40,7 +41,7 @@ This example illustrates how to create a simple cluster with beta features.
| subnetwork | |
| zones | List of zones in which the cluster resides |

[^]: (autogen_docs_end)
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

To provision this example, run the following from within this directory:
- `terraform init` to get the plugins
Expand Down
35 changes: 19 additions & 16 deletions examples/simple_regional_beta/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,25 +19,28 @@ locals {
}

provider "google-beta" {
version = "~> 2.12.0"
credentials = file(var.credentials_path)
region = var.region
version = "~> 2.12.0"
region = var.region
}

module "gke" {
source = "../../modules/beta-public-cluster/"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
regional = true
region = var.region
network = var.network
subnetwork = var.subnetwork
ip_range_pods = var.ip_range_pods
ip_range_services = var.ip_range_services
create_service_account = false
service_account = var.compute_engine_service_account
istio = var.istio
cloudrun = var.cloudrun
source = "../../modules/beta-public-cluster/"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
regional = true
region = var.region
network = var.network
subnetwork = var.subnetwork
ip_range_pods = var.ip_range_pods
ip_range_services = var.ip_range_services
create_service_account = false
service_account = var.compute_engine_service_account
istio = var.istio
cloudrun = var.cloudrun
node_metadata = var.node_metadata
sandbox_enabled = var.sandbox_enabled
remove_default_node_pool = var.remove_default_node_pool
node_pools = var.node_pools
}

data "google_client_config" "default" {
Expand Down
4 changes: 0 additions & 4 deletions examples/simple_regional_beta/test_outputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,6 @@ output "project_id" {
value = var.project_id
}

output "credentials_path" {
value = var.credentials_path
}

output "region" {
value = module.gke.region
}
Expand Down
33 changes: 29 additions & 4 deletions examples/simple_regional_beta/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,6 @@ variable "project_id" {
description = "The project ID to host the cluster in"
}

variable "credentials_path" {
description = "The path to the GCP credentials JSON file"
}

variable "cluster_name_suffix" {
description = "A suffix to append to the default cluster name"
default = ""
Expand Down Expand Up @@ -60,3 +56,32 @@ variable "cloudrun" {
description = "Boolean to enable / disable CloudRun"
default = true
}

variable "node_metadata" {
description = "Specifies how node metadata is exposed to the workload running on the node"
default = "SECURE"
type = string
}

variable "sandbox_enabled" {
type = bool
description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it)."
default = false
}

variable "remove_default_node_pool" {
type = bool
description = "Remove default node pool while setting up the cluster"
default = false
}

variable "node_pools" {
type = list(map(string))
description = "List of maps containing node pools"

default = [
{
name = "default-node-pool"
},
]
}
16 changes: 8 additions & 8 deletions modules/beta-private-cluster-update-variant/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -158,14 +158,6 @@ resource "google_container_cluster" "primary" {
node_metadata = workload_metadata_config.value.node_metadata
}
}

dynamic "sandbox_config" {
for_each = local.cluster_sandbox_enabled

content {
sandbox_type = sandbox_config.value
}
}
}
}

Expand Down Expand Up @@ -386,6 +378,14 @@ resource "google_container_node_pool" "pools" {
node_metadata = workload_metadata_config.value.node_metadata
}
}

dynamic "sandbox_config" {
for_each = local.cluster_sandbox_enabled

content {
sandbox_type = sandbox_config.value
}
}
}

lifecycle {
Expand Down
16 changes: 8 additions & 8 deletions modules/beta-private-cluster/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -158,14 +158,6 @@ resource "google_container_cluster" "primary" {
node_metadata = workload_metadata_config.value.node_metadata
}
}

dynamic "sandbox_config" {
for_each = local.cluster_sandbox_enabled

content {
sandbox_type = sandbox_config.value
}
}
}
}

Expand Down Expand Up @@ -314,6 +306,14 @@ resource "google_container_node_pool" "pools" {
node_metadata = workload_metadata_config.value.node_metadata
}
}

dynamic "sandbox_config" {
for_each = local.cluster_sandbox_enabled

content {
sandbox_type = sandbox_config.value
}
}
}

lifecycle {
Expand Down
16 changes: 8 additions & 8 deletions modules/beta-public-cluster/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -158,14 +158,6 @@ resource "google_container_cluster" "primary" {
node_metadata = workload_metadata_config.value.node_metadata
}
}

dynamic "sandbox_config" {
for_each = local.cluster_sandbox_enabled

content {
sandbox_type = sandbox_config.value
}
}
}
}

Expand Down Expand Up @@ -309,6 +301,14 @@ resource "google_container_node_pool" "pools" {
node_metadata = workload_metadata_config.value.node_metadata
}
}

dynamic "sandbox_config" {
for_each = local.cluster_sandbox_enabled

content {
sandbox_type = sandbox_config.value
}
}
}

lifecycle {
Expand Down
40 changes: 40 additions & 0 deletions test/fixtures/sandbox_enabled/example.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
/**
* Copyright 2019 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

module "example" {
source = "../../../examples/simple_regional_beta"

project_id = var.project_id
cluster_name_suffix = "-${random_string.suffix.result}"
region = var.region
network = google_compute_network.main.name
subnetwork = google_compute_subnetwork.main.name
ip_range_pods = google_compute_subnetwork.main.secondary_ip_range[0].range_name
ip_range_services = google_compute_subnetwork.main.secondary_ip_range[1].range_name
compute_engine_service_account = var.compute_engine_service_account
istio = false
cloudrun = false
node_metadata = "UNSPECIFIED"
sandbox_enabled = true
remove_default_node_pool = true

node_pools = [
{
name = "default-node-pool"
image_type = "COS_CONTAINERD"
},
]
}
48 changes: 48 additions & 0 deletions test/fixtures/sandbox_enabled/network.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
/**
* Copyright 2019 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

resource "random_string" "suffix" {
length = 4
special = false
upper = false
}

provider "google" {
project = var.project_id
}

resource "google_compute_network" "main" {
name = "cft-gke-test-${random_string.suffix.result}"
auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "main" {
name = "cft-gke-test-${random_string.suffix.result}"
ip_cidr_range = "10.0.0.0/17"
region = var.region
network = google_compute_network.main.self_link

secondary_ip_range {
range_name = "cft-gke-test-pods-${random_string.suffix.result}"
ip_cidr_range = "192.168.0.0/18"
}

secondary_ip_range {
range_name = "cft-gke-test-services-${random_string.suffix.result}"
ip_cidr_range = "192.168.64.0/18"
}
}

1 change: 1 addition & 0 deletions test/fixtures/sandbox_enabled/outputs.tf
1 change: 1 addition & 0 deletions test/fixtures/sandbox_enabled/variables.tf
Loading

0 comments on commit b3c8466

Please sign in to comment.