Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add enable_cilium_clusterwide_network_policy support #1972

Conversation

SavvasM1
Copy link
Contributor

@SavvasM1 SavvasM1 commented Jun 9, 2024

Leverage the existing configuration field on the google container cluster module to optionally declare usage of cilium clusterwide network policy CRDs

  • Non-Beta
  • Defaults to false
  • Located at the base of the module

@SavvasM1 SavvasM1 requested review from ericyz, gtsorbo and a team as code owners June 9, 2024 12:22
@SavvasM1 SavvasM1 changed the title feat: Add enable_cilium_clusterwide_network_policy in submodules feat: Add enable_cilium_clusterwide_network_policy support Jun 9, 2024
Copy link
Collaborator

@apeabody apeabody left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution @SavvasM1!

From the lint test:

Checking submodule's files generation
diff -r '--exclude=.terraform' '--exclude=.kitchen' '--exclude=.git' /workspace/README.md /tmp/tmp.dH7WdF6rzI/workspace/README.md
164d163
< | enable\_cilium\_clusterwide\_network\_policy | Enable Cilium Cluster Wide Network Policies on the cluster | `bool` | `false` | no |
diff -r '--exclude=.terraform' '--exclude=.kitchen' '--exclude=.git' /workspace/modules/private-cluster/README.md /tmp/tmp.dH7WdF6rzI/workspace/modules/private-cluster/README.md
171d170
< | enable\_cilium\_clusterwide\_network\_policy | Enable Cilium Cluster Wide Network Policies on the cluster | `bool` | `false` | no |
diff -r '--exclude=.terraform' '--exclude=.kitchen' '--exclude=.git' /workspace/modules/private-cluster/variables.tf /tmp/tmp.dH7WdF6rzI/workspace/modules/private-cluster/variables.tf
541,546d540
< variable "enable_cilium_clusterwide_network_policy" {
<   type        = bool
<   description = "Enable Cilium Cluster Wide Network Policies on the cluster"
<   default     = false
< }
< 
diff -r '--exclude=.terraform' '--exclude=.kitchen' '--exclude=.git' /workspace/modules/private-cluster-update-variant/README.md /tmp/tmp.dH7WdF6rzI/workspace/modules/private-cluster-update-variant/README.md
193d192
< | enable\_cilium\_clusterwide\_network\_policy | Enable Cilium Cluster Wide Network Policies on the cluster | `bool` | `false` | no |
diff -r '--exclude=.terraform' '--exclude=.kitchen' '--exclude=.git' /workspace/modules/private-cluster-update-variant/variables.tf /tmp/tmp.dH7WdF6rzI/workspace/modules/private-cluster-update-variant/variables.tf
541,546d540
< variable "enable_cilium_clusterwide_network_policy" {
<   type        = bool
<   description = "Enable Cilium Cluster Wide Network Policies on the cluster"
<   default     = false
< }
< 
diff -r '--exclude=.terraform' '--exclude=.kitchen' '--exclude=.git' /workspace/variables.tf /tmp/tmp.dH7WdF6rzI/workspace/variables.tf
726,731d725
< variable "enable_cilium_clusterwide_network_policy" {
<   type        = bool
<   description = "Enable Cilium Cluster Wide Network Policies on the cluster"
<   default     = false
< }
< 
Error: submodule's files generation has not been run, please run the
'make build' command and commit changes

@SavvasM1
Copy link
Contributor Author

SavvasM1 commented Jun 16, 2024

Thanks for the contribution @SavvasM1!

From the lint test:

Checking submodule's files generation
diff -r '--exclude=.terraform' '--exclude=.kitchen' '--exclude=.git' /workspace/README.md /tmp/tmp.dH7WdF6rzI/workspace/README.md
164d163
< | enable\_cilium\_clusterwide\_network\_policy | Enable Cilium Cluster Wide Network Policies on the cluster | `bool` | `false` | no |
diff -r '--exclude=.terraform' '--exclude=.kitchen' '--exclude=.git' /workspace/modules/private-cluster/README.md /tmp/tmp.dH7WdF6rzI/workspace/modules/private-cluster/README.md
171d170
< | enable\_cilium\_clusterwide\_network\_policy | Enable Cilium Cluster Wide Network Policies on the cluster | `bool` | `false` | no |
diff -r '--exclude=.terraform' '--exclude=.kitchen' '--exclude=.git' /workspace/modules/private-cluster/variables.tf /tmp/tmp.dH7WdF6rzI/workspace/modules/private-cluster/variables.tf
541,546d540
< variable "enable_cilium_clusterwide_network_policy" {
<   type        = bool
<   description = "Enable Cilium Cluster Wide Network Policies on the cluster"
<   default     = false
< }
< 
diff -r '--exclude=.terraform' '--exclude=.kitchen' '--exclude=.git' /workspace/modules/private-cluster-update-variant/README.md /tmp/tmp.dH7WdF6rzI/workspace/modules/private-cluster-update-variant/README.md
193d192
< | enable\_cilium\_clusterwide\_network\_policy | Enable Cilium Cluster Wide Network Policies on the cluster | `bool` | `false` | no |
diff -r '--exclude=.terraform' '--exclude=.kitchen' '--exclude=.git' /workspace/modules/private-cluster-update-variant/variables.tf /tmp/tmp.dH7WdF6rzI/workspace/modules/private-cluster-update-variant/variables.tf
541,546d540
< variable "enable_cilium_clusterwide_network_policy" {
<   type        = bool
<   description = "Enable Cilium Cluster Wide Network Policies on the cluster"
<   default     = false
< }
< 
diff -r '--exclude=.terraform' '--exclude=.kitchen' '--exclude=.git' /workspace/variables.tf /tmp/tmp.dH7WdF6rzI/workspace/variables.tf
726,731d725
< variable "enable_cilium_clusterwide_network_policy" {
<   type        = bool
<   description = "Enable Cilium Cluster Wide Network Policies on the cluster"
<   default     = false
< }
< 
Error: submodule's files generation has not been run, please run the
'make build' command and commit changes

Heya @apeabody , thanks :)

It should be OK now. Dockerized lint tests report as successful.

@SavvasM1 SavvasM1 requested a review from apeabody June 16, 2024 12:34
@apeabody
Copy link
Collaborator

/gcbrun

@apeabody
Copy link
Collaborator

/gcbrun

@apeabody
Copy link
Collaborator

/gcbrun

@SavvasM1
Copy link
Contributor Author

SavvasM1 commented Jun 22, 2024

Hey @apeabody :). I've run make build once more -- should be good for another lint/gcbrun.

@apeabody
Copy link
Collaborator

/gcbrun

@apeabody
Copy link
Collaborator

confirmed enable_cilium_clusterwide_network_policy is present in v5.25.0 and defaults to false.

Copy link
Collaborator

@apeabody apeabody left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution @SavvasM1!

@apeabody apeabody merged commit 72cf873 into terraform-google-modules:master Jun 25, 2024
4 checks passed
@SavvasM1
Copy link
Contributor Author

SavvasM1 commented Jun 25, 2024

Thanks for the contribution @SavvasM1!

Thanks for your help Andrew.

CPL-markus pushed a commit to WALTER-GROUP/terraform-google-kubernetes-engine that referenced this pull request Jul 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants