diff --git a/CHANGELOG.md b/CHANGELOG.md index 822536262a..70416fbfad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 Extending the adopted spec, each change should have a link to its corresponding pull request appended. ## [Unreleased] +### Added + +* Support for Intranode Visbiility (IV) and Veritical Pod Autoscaling (VPA) beta features [#216] ## [v4.1.0] 2019-07-24 @@ -164,6 +167,7 @@ Extending the adopted spec, each change should have a link to its corresponding [v0.3.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.2.0...v0.3.0 [v0.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.1.0...v0.2.0 +[#216]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/216 [#214]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/214 [#210]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/210 [#207]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/207 diff --git a/autogen/cluster_regional.tf b/autogen/cluster_regional.tf index c749487814..bc8c7b4b79 100644 --- a/autogen/cluster_regional.tf +++ b/autogen/cluster_regional.tf @@ -58,6 +58,11 @@ resource "google_container_cluster" "primary" { {% if beta_cluster %} enable_binary_authorization = var.enable_binary_authorization + enable_intranode_visibility = var.enable_intranode_visibility + + vertical_pod_autoscaling { + enabled = var.enable_vertical_pod_autoscaling + } dynamic "pod_security_policy_config" { for_each = var.pod_security_policy_config diff --git a/autogen/cluster_zonal.tf b/autogen/cluster_zonal.tf index 21fa20c5e5..bf394955cf 100644 --- a/autogen/cluster_zonal.tf +++ b/autogen/cluster_zonal.tf @@ -54,6 +54,11 @@ resource "google_container_cluster" "zonal_primary" { {% if beta_cluster %} enable_binary_authorization = var.enable_binary_authorization + enable_intranode_visibility = var.enable_intranode_visibility + + vertical_pod_autoscaling { + enabled = var.enable_vertical_pod_autoscaling + } dynamic "pod_security_policy_config" { for_each = var.pod_security_policy_config diff --git a/autogen/main.tf b/autogen/main.tf index 19d5e27a6a..5603e3b54a 100644 --- a/autogen/main.tf +++ b/autogen/main.tf @@ -251,6 +251,16 @@ locals { regional = element(concat(google_container_cluster.primary.*.pod_security_policy_config.0.enabled, [""]), 0) zonal = element(concat(google_container_cluster.zonal_primary.*.pod_security_policy_config.0.enabled, [""]), 0) } + + cluster_type_output_intranode_visbility_enabled = { + regional = element(concat(google_container_cluster.primary.*.enable_intranode_visibility, [""]), 0) + zonal = element(concat(google_container_cluster.zonal_primary.*.enable_intranode_visibility, [""]), 0) + } + + cluster_type_output_vertical_pod_autoscaling_enabled = { + regional = element(concat(google_container_cluster.primary.*.vertical_pod_autoscaling.0.enabled, [""]), 0) + zonal = element(concat(google_container_cluster.zonal_primary.*.vertical_pod_autoscaling.0.enabled, [""]), 0) + } # /BETA features {% endif %} @@ -286,9 +296,11 @@ locals { cluster_kubernetes_dashboard_enabled = !local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type] {% if beta_cluster %} # BETA features - cluster_istio_enabled = !local.cluster_type_output_istio_enabled[local.cluster_type] - cluster_cloudrun_enabled = var.cloudrun - cluster_pod_security_policy_enabled = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type] + cluster_istio_enabled = !local.cluster_type_output_istio_enabled[local.cluster_type] + cluster_cloudrun_enabled = var.cloudrun + cluster_pod_security_policy_enabled = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type] + cluster_intranode_visibility_enabled = local.cluster_type_output_intranode_visbility_enabled[local.cluster_type] + cluster_vertical_pod_autoscaling_enabled = local.cluster_type_output_vertical_pod_autoscaling_enabled[local.cluster_type] # /BETA features {% endif %} } diff --git a/autogen/outputs.tf b/autogen/outputs.tf index bb0530f03b..0e3fabc1d3 100644 --- a/autogen/outputs.tf +++ b/autogen/outputs.tf @@ -51,7 +51,7 @@ output "endpoint" { * resources dependent on the cluster being up will fail to deploy. With * this explicit dependency, dependent resources can wait for the cluster * to be up. - */ + */ google_container_cluster.primary, google_container_node_pool.pools, google_container_cluster.zonal_primary, @@ -142,4 +142,14 @@ output "pod_security_policy_enabled" { value = local.cluster_pod_security_policy_enabled } +output "intranode_visibility_enabled" { + description = "Whether intra-node visibility is enabled" + value = local.cluster_intranode_visibility_enabled +} + +output "vertical_pod_autoscaling_enabled" { + description = "Whether veritical pod autoscaling is enabled" + value = local.cluster_vertical_pod_autoscaling_enabled +} + {% endif %} diff --git a/autogen/variables.tf b/autogen/variables.tf index bb4d482f25..4772e683c1 100644 --- a/autogen/variables.tf +++ b/autogen/variables.tf @@ -353,4 +353,16 @@ variable "node_metadata" { description = "Specifies how node metadata is exposed to the workload running on the node" default = "UNSPECIFIED" } + +variable "enable_intranode_visibility" { + type = bool + description = "Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network" + default = false +} + + variable "enable_vertical_pod_autoscaling" { + type = bool + description = "Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it" + default = false +} {% endif %} diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 2ff3fe8bf5..b89a53e640 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -144,8 +144,10 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | description | The description of the cluster | string | `""` | no | | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | bool | `"true"` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | string | `"false"` | no | +| enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | bool | `"false"` | no | | enable\_private\_endpoint | (Beta) Whether the master's internal IP address is used as the cluster endpoint | bool | `"false"` | no | | enable\_private\_nodes | (Beta) Whether nodes have internal IP addresses only | bool | `"false"` | no | +| enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | bool | `"false"` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | bool | `"true"` | no | | http\_load\_balancing | Enable httpload balancer addon | bool | `"true"` | no | | initial\_node\_count | The number of nodes to create in this cluster's default node pool. | number | `"0"` | no | @@ -196,6 +198,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | endpoint | Cluster endpoint | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | +| intranode\_visibility\_enabled | Whether intra-node visibility is enabled | | istio\_enabled | Whether Istio is enabled | | kubernetes\_dashboard\_enabled | Whether kubernetes dashboard enabled | | location | Cluster location (region if regional cluster, zone if zonal cluster) | @@ -212,6 +215,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | region | Cluster region | | service\_account | The service account to default running nodes as if not overridden in `node_pools`. | | type | Cluster type (regional / zonal) | +| vertical\_pod\_autoscaling\_enabled | Whether veritical pod autoscaling is enabled | | zones | List of zones in which the cluster resides | diff --git a/modules/beta-private-cluster/cluster_regional.tf b/modules/beta-private-cluster/cluster_regional.tf index 1eec369b3a..7ddb7aa857 100644 --- a/modules/beta-private-cluster/cluster_regional.tf +++ b/modules/beta-private-cluster/cluster_regional.tf @@ -53,6 +53,11 @@ resource "google_container_cluster" "primary" { monitoring_service = var.monitoring_service enable_binary_authorization = var.enable_binary_authorization + enable_intranode_visibility = var.enable_intranode_visibility + + vertical_pod_autoscaling { + enabled = var.enable_vertical_pod_autoscaling + } dynamic "pod_security_policy_config" { for_each = var.pod_security_policy_config diff --git a/modules/beta-private-cluster/cluster_zonal.tf b/modules/beta-private-cluster/cluster_zonal.tf index 6f05dbecd6..114b98f697 100644 --- a/modules/beta-private-cluster/cluster_zonal.tf +++ b/modules/beta-private-cluster/cluster_zonal.tf @@ -49,6 +49,11 @@ resource "google_container_cluster" "zonal_primary" { monitoring_service = var.monitoring_service enable_binary_authorization = var.enable_binary_authorization + enable_intranode_visibility = var.enable_intranode_visibility + + vertical_pod_autoscaling { + enabled = var.enable_vertical_pod_autoscaling + } dynamic "pod_security_policy_config" { for_each = var.pod_security_policy_config diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 91d4722e55..d4c5d3f68d 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -234,6 +234,16 @@ locals { regional = element(concat(google_container_cluster.primary.*.pod_security_policy_config.0.enabled, [""]), 0) zonal = element(concat(google_container_cluster.zonal_primary.*.pod_security_policy_config.0.enabled, [""]), 0) } + + cluster_type_output_intranode_visbility_enabled = { + regional = element(concat(google_container_cluster.primary.*.enable_intranode_visibility, [""]), 0) + zonal = element(concat(google_container_cluster.zonal_primary.*.enable_intranode_visibility, [""]), 0) + } + + cluster_type_output_vertical_pod_autoscaling_enabled = { + regional = element(concat(google_container_cluster.primary.*.vertical_pod_autoscaling.0.enabled, [""]), 0) + zonal = element(concat(google_container_cluster.zonal_primary.*.vertical_pod_autoscaling.0.enabled, [""]), 0) + } # /BETA features cluster_type_output_node_pools_names = { @@ -267,9 +277,11 @@ locals { cluster_horizontal_pod_autoscaling_enabled = ! local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type] cluster_kubernetes_dashboard_enabled = ! local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type] # BETA features - cluster_istio_enabled = ! local.cluster_type_output_istio_enabled[local.cluster_type] - cluster_cloudrun_enabled = var.cloudrun - cluster_pod_security_policy_enabled = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type] + cluster_istio_enabled = ! local.cluster_type_output_istio_enabled[local.cluster_type] + cluster_cloudrun_enabled = var.cloudrun + cluster_pod_security_policy_enabled = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type] + cluster_intranode_visibility_enabled = local.cluster_type_output_intranode_visbility_enabled[local.cluster_type] + cluster_vertical_pod_autoscaling_enabled = local.cluster_type_output_vertical_pod_autoscaling_enabled[local.cluster_type] # /BETA features } diff --git a/modules/beta-private-cluster/outputs.tf b/modules/beta-private-cluster/outputs.tf index 7bd8147f92..220a8aa4d2 100644 --- a/modules/beta-private-cluster/outputs.tf +++ b/modules/beta-private-cluster/outputs.tf @@ -51,7 +51,7 @@ output "endpoint" { * resources dependent on the cluster being up will fail to deploy. With * this explicit dependency, dependent resources can wait for the cluster * to be up. - */ + */ google_container_cluster.primary, google_container_node_pool.pools, google_container_cluster.zonal_primary, @@ -141,3 +141,13 @@ output "pod_security_policy_enabled" { value = local.cluster_pod_security_policy_enabled } +output "intranode_visibility_enabled" { + description = "Whether intra-node visibility is enabled" + value = local.cluster_intranode_visibility_enabled +} + +output "vertical_pod_autoscaling_enabled" { + description = "Whether veritical pod autoscaling is enabled" + value = local.cluster_vertical_pod_autoscaling_enabled +} + diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index c3ef14d53a..db094c19cf 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -350,3 +350,15 @@ variable "node_metadata" { description = "Specifies how node metadata is exposed to the workload running on the node" default = "UNSPECIFIED" } + +variable "enable_intranode_visibility" { + type = bool + description = "Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network" + default = false +} + +variable "enable_vertical_pod_autoscaling" { + type = bool + description = "Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it" + default = false +} diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index f32c2f5e13..dc08533fbd 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -138,6 +138,8 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | description | The description of the cluster | string | `""` | no | | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | bool | `"true"` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | string | `"false"` | no | +| enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | bool | `"false"` | no | +| enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | bool | `"false"` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | bool | `"true"` | no | | http\_load\_balancing | Enable httpload balancer addon | bool | `"true"` | no | | initial\_node\_count | The number of nodes to create in this cluster's default node pool. | number | `"0"` | no | @@ -187,6 +189,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | endpoint | Cluster endpoint | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | +| intranode\_visibility\_enabled | Whether intra-node visibility is enabled | | istio\_enabled | Whether Istio is enabled | | kubernetes\_dashboard\_enabled | Whether kubernetes dashboard enabled | | location | Cluster location (region if regional cluster, zone if zonal cluster) | @@ -203,6 +206,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | region | Cluster region | | service\_account | The service account to default running nodes as if not overridden in `node_pools`. | | type | Cluster type (regional / zonal) | +| vertical\_pod\_autoscaling\_enabled | Whether veritical pod autoscaling is enabled | | zones | List of zones in which the cluster resides | diff --git a/modules/beta-public-cluster/cluster_regional.tf b/modules/beta-public-cluster/cluster_regional.tf index 2e5ee7e6e6..201103d8d6 100644 --- a/modules/beta-public-cluster/cluster_regional.tf +++ b/modules/beta-public-cluster/cluster_regional.tf @@ -53,6 +53,11 @@ resource "google_container_cluster" "primary" { monitoring_service = var.monitoring_service enable_binary_authorization = var.enable_binary_authorization + enable_intranode_visibility = var.enable_intranode_visibility + + vertical_pod_autoscaling { + enabled = var.enable_vertical_pod_autoscaling + } dynamic "pod_security_policy_config" { for_each = var.pod_security_policy_config diff --git a/modules/beta-public-cluster/cluster_zonal.tf b/modules/beta-public-cluster/cluster_zonal.tf index 8be7150783..d72fabdeaa 100644 --- a/modules/beta-public-cluster/cluster_zonal.tf +++ b/modules/beta-public-cluster/cluster_zonal.tf @@ -49,6 +49,11 @@ resource "google_container_cluster" "zonal_primary" { monitoring_service = var.monitoring_service enable_binary_authorization = var.enable_binary_authorization + enable_intranode_visibility = var.enable_intranode_visibility + + vertical_pod_autoscaling { + enabled = var.enable_vertical_pod_autoscaling + } dynamic "pod_security_policy_config" { for_each = var.pod_security_policy_config diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index 0bc2bbcd1c..1b706fc63e 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -236,6 +236,16 @@ locals { regional = element(concat(google_container_cluster.primary.*.pod_security_policy_config.0.enabled, [""]), 0) zonal = element(concat(google_container_cluster.zonal_primary.*.pod_security_policy_config.0.enabled, [""]), 0) } + + cluster_type_output_intranode_visbility_enabled = { + regional = element(concat(google_container_cluster.primary.*.enable_intranode_visibility, [""]), 0) + zonal = element(concat(google_container_cluster.zonal_primary.*.enable_intranode_visibility, [""]), 0) + } + + cluster_type_output_vertical_pod_autoscaling_enabled = { + regional = element(concat(google_container_cluster.primary.*.vertical_pod_autoscaling.0.enabled, [""]), 0) + zonal = element(concat(google_container_cluster.zonal_primary.*.vertical_pod_autoscaling.0.enabled, [""]), 0) + } # /BETA features cluster_type_output_node_pools_names = { @@ -269,9 +279,11 @@ locals { cluster_horizontal_pod_autoscaling_enabled = ! local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type] cluster_kubernetes_dashboard_enabled = ! local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type] # BETA features - cluster_istio_enabled = ! local.cluster_type_output_istio_enabled[local.cluster_type] - cluster_cloudrun_enabled = var.cloudrun - cluster_pod_security_policy_enabled = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type] + cluster_istio_enabled = ! local.cluster_type_output_istio_enabled[local.cluster_type] + cluster_cloudrun_enabled = var.cloudrun + cluster_pod_security_policy_enabled = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type] + cluster_intranode_visibility_enabled = local.cluster_type_output_intranode_visbility_enabled[local.cluster_type] + cluster_vertical_pod_autoscaling_enabled = local.cluster_type_output_vertical_pod_autoscaling_enabled[local.cluster_type] # /BETA features } diff --git a/modules/beta-public-cluster/outputs.tf b/modules/beta-public-cluster/outputs.tf index 7bd8147f92..220a8aa4d2 100644 --- a/modules/beta-public-cluster/outputs.tf +++ b/modules/beta-public-cluster/outputs.tf @@ -51,7 +51,7 @@ output "endpoint" { * resources dependent on the cluster being up will fail to deploy. With * this explicit dependency, dependent resources can wait for the cluster * to be up. - */ + */ google_container_cluster.primary, google_container_node_pool.pools, google_container_cluster.zonal_primary, @@ -141,3 +141,13 @@ output "pod_security_policy_enabled" { value = local.cluster_pod_security_policy_enabled } +output "intranode_visibility_enabled" { + description = "Whether intra-node visibility is enabled" + value = local.cluster_intranode_visibility_enabled +} + +output "vertical_pod_autoscaling_enabled" { + description = "Whether veritical pod autoscaling is enabled" + value = local.cluster_vertical_pod_autoscaling_enabled +} + diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 9a5ee6a91a..dadd0f6526 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -326,3 +326,15 @@ variable "node_metadata" { description = "Specifies how node metadata is exposed to the workload running on the node" default = "UNSPECIFIED" } + +variable "enable_intranode_visibility" { + type = bool + description = "Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network" + default = false +} + +variable "enable_vertical_pod_autoscaling" { + type = bool + description = "Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it" + default = false +} diff --git a/modules/private-cluster/outputs.tf b/modules/private-cluster/outputs.tf index 00784e958e..cd64c13796 100644 --- a/modules/private-cluster/outputs.tf +++ b/modules/private-cluster/outputs.tf @@ -51,7 +51,7 @@ output "endpoint" { * resources dependent on the cluster being up will fail to deploy. With * this explicit dependency, dependent resources can wait for the cluster * to be up. - */ + */ google_container_cluster.primary, google_container_node_pool.pools, google_container_cluster.zonal_primary, diff --git a/outputs.tf b/outputs.tf index 00784e958e..cd64c13796 100644 --- a/outputs.tf +++ b/outputs.tf @@ -51,7 +51,7 @@ output "endpoint" { * resources dependent on the cluster being up will fail to deploy. With * this explicit dependency, dependent resources can wait for the cluster * to be up. - */ + */ google_container_cluster.primary, google_container_node_pool.pools, google_container_cluster.zonal_primary,