Merge pull request terraform-google-modules#160 from ingwarr/master

Add configuration flag for  terraform-google-modules#141

CHANGELOG.md

@@ -10,6 +10,7 @@ Extending the adopted spec, each change should have a link to its corresponding
 
 ### Added
 
+* Add configuration flag for enable BinAuthZ Admission controller [#160]
 * Support for a guest accelerator in node pool configuration. [#157]
 * Support to scale the default node cluster. [#149]
 * Support for configuring the network policy provider. [#159]

autogen/cluster_regional.tf

@@ -42,6 +42,9 @@ resource "google_container_cluster" "primary" {
   logging_service    = "${var.logging_service}"
   monitoring_service = "${var.monitoring_service}"
 
+{% if private_cluster %}
+  enable_binary_authorization = "${var.enable_binary_authorization}"
+{% endif %}
   master_authorized_networks_config = ["${var.master_authorized_networks_config}"]
 
   master_auth {

autogen/cluster_zonal.tf

@@ -42,6 +42,9 @@ resource "google_container_cluster" "zonal_primary" {
   logging_service    = "${var.logging_service}"
   monitoring_service = "${var.monitoring_service}"
 
+{% if private_cluster %}
+  enable_binary_authorization = "${var.enable_binary_authorization}"
+{% endif %}
   master_authorized_networks_config = ["${var.master_authorized_networks_config}"]
 
   master_auth {

autogen/variables.tf

@@ -86,6 +86,13 @@ variable "master_authorized_networks_config" {
   default = []
 }
 
+{% if private_cluster %}
+variable "enable_binary_authorization" {
+  description = "Enable BinAuthZ Admission controller"
+  default     = false
+}
+
+{% endif %}
 variable "horizontal_pod_autoscaling" {
   description = "Enable horizontal pod autoscaling addon"
   default     = true

modules/private-cluster/README.md

@@ -124,6 +124,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | string | `"false"` | no |
 | description | The description of the cluster | string | `""` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | string | `"true"` | no |
+| enable\_binary\_authorization | Enable BinAuthZ Admission controller | string | `"false"` | no |
 | enable\_private\_endpoint | (Beta) Whether the master's internal IP address is used as the cluster endpoint | string | `"false"` | no |
 | enable\_private\_nodes | (Beta) Whether nodes have internal IP addresses only | string | `"false"` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | string | `"true"` | no |

modules/private-cluster/cluster_regional.tf

@@ -42,6 +42,7 @@ resource "google_container_cluster" "primary" {
   logging_service    = "${var.logging_service}"
   monitoring_service = "${var.monitoring_service}"
 
+  enable_binary_authorization = "${var.enable_binary_authorization}"
   master_authorized_networks_config = ["${var.master_authorized_networks_config}"]
 
   master_auth {

modules/private-cluster/cluster_zonal.tf

@@ -42,6 +42,7 @@ resource "google_container_cluster" "zonal_primary" {
   logging_service    = "${var.logging_service}"
   monitoring_service = "${var.monitoring_service}"
 
+  enable_binary_authorization = "${var.enable_binary_authorization}"
   master_authorized_networks_config = ["${var.master_authorized_networks_config}"]
 
   master_auth {

modules/private-cluster/variables.tf

@@ -86,6 +86,11 @@ variable "master_authorized_networks_config" {
   default = []
 }
 
+variable "enable_binary_authorization" {
+  description = "Enable BinAuthZ Admission controller"
+  default     = false
+}
+
 variable "horizontal_pod_autoscaling" {
   description = "Enable horizontal pod autoscaling addon"
   default     = true