Merge pull request terraform-google-modules#124 from terraform-google…

…-modules/feature/beta-cluster

Submodules w/ beta Istio and CloudRun addons

autogen/README.md

@@ -1,6 +1,6 @@
 # Terraform Kubernetes Engine Module
 
-This module handles opinionated Google Cloud Platform Kubernetes Engine cluster creation and configuration with Node Pools, IP MASQ, Network Policy, etc.{% if private_cluster %} This particular submodule creates a [private cluster](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters){% endif %}
+This module handles opinionated Google Cloud Platform Kubernetes Engine cluster creation and configuration with Node Pools, IP MASQ, Network Policy, etc.{% if private_cluster %} This particular submodule creates a [private cluster](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters){% endif %}{% if beta_cluster %}Beta features are enabled on this submodule.{% endif %}
 
 The resources/services/activations/deletions that this module will create/trigger are:
 - Create a GKE cluster with the provided addons
@@ -36,6 +36,10 @@ module "gke" {
   enable_private_nodes       = true
   master_ipv4_cidr_block     = "10.0.0.0/28"
   {% endif %}
+  {% if beta_cluster %}
+  istio = true
+  cloudrun = true
+  {% endif %}
 
   node_pools = [
     {
@@ -137,7 +141,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 0.11.x
-{% if private_cluster %}
+{% if private_cluster or beta_cluster %}
 - [terraform-provider-google-beta](https://github.com/terraform-providers/terraform-provider-google-beta) v2.3, v2.6, v2.7
 {% else %}
 - [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) v2.3, v2.6, v2.7

autogen/auth.tf

@@ -20,7 +20,7 @@
   Retrieve authentication token
  *****************************************/
 data "google_client_config" "default" {
-  provider = "{% if private_cluster %}google-beta{%else %}google{% endif %}"
+  provider = "{% if private_cluster or beta_cluster %}google-beta{% else %}google{% endif %}"
 }
 
 /******************************************

autogen/cluster_regional.tf

@@ -20,7 +20,7 @@
   Create regional cluster
  *****************************************/
 resource "google_container_cluster" "primary" {
-  provider    = "{% if private_cluster %}google-beta{%else %}google{% endif %}"
+  provider    = "{% if private_cluster or beta_cluster %}google-beta{% else %}google{% endif %}"
   count       = "${var.regional ? 1 : 0}"
   name        = "${var.name}"
   description = "${var.description}"
@@ -73,6 +73,15 @@ resource "google_container_cluster" "primary" {
     network_policy_config {
       disabled = "${var.network_policy ? 0 : 1}"
     }
+    {% if beta_cluster %}
+    istio_config {
+      disabled = "${var.istio ? 0 : 1}"
+    }
+
+    cloudrun_config {
+      disabled = "${var.cloudrun ? 0 : 1}"
+    }
+    {% endif %}
   }
 
   ip_allocation_policy {
@@ -105,14 +114,12 @@ resource "google_container_cluster" "primary" {
     }
   }
 {% if private_cluster %}
-
   private_cluster_config {
     enable_private_endpoint = "${var.enable_private_endpoint}"
     enable_private_nodes    = "${var.enable_private_nodes}"
     master_ipv4_cidr_block  = "${var.master_ipv4_cidr_block}"
   }
 {% endif %}
-
   remove_default_node_pool = "${var.remove_default_node_pool}"
 }
 

autogen/cluster_zonal.tf

@@ -20,7 +20,7 @@
   Create zonal cluster
  *****************************************/
 resource "google_container_cluster" "zonal_primary" {
-  provider    = "{% if private_cluster %}google-beta{%else %}google{% endif %}"
+  provider    = "{% if private_cluster or beta_cluster %}google-beta{% else %}google{% endif %}"
   count       = "${var.regional ? 0 : 1}"
   name        = "${var.name}"
   description = "${var.description}"
@@ -73,6 +73,15 @@ resource "google_container_cluster" "zonal_primary" {
     network_policy_config {
       disabled = "${var.network_policy ? 0 : 1}"
     }
+    {% if beta_cluster %}
+    istio_config {
+      disabled = "${var.istio ? 0 : 1}"
+    }
+
+    cloudrun_config {
+      disabled = "${var.cloudrun ? 0 : 1}"
+    }
+    {% endif %}
   }
 
   ip_allocation_policy {
@@ -105,14 +114,12 @@ resource "google_container_cluster" "zonal_primary" {
     }
   }
 {% if private_cluster %}
-
   private_cluster_config {
     enable_private_endpoint = "${var.enable_private_endpoint}"
     enable_private_nodes    = "${var.enable_private_nodes}"
     master_ipv4_cidr_block  = "${var.master_ipv4_cidr_block}"
   }
 {% endif %}
-
   remove_default_node_pool = "${var.remove_default_node_pool}"
 }
 

autogen/main.tf

@@ -20,7 +20,7 @@
   Get available zones in region
  *****************************************/
 data "google_compute_zones" "available" {
-  provider = "{% if private_cluster %}google-beta{%else %}google{% endif %}"
+  provider = "{% if private_cluster or beta_cluster %}google-beta{% else %}google{% endif %}"
   project  = "${var.project_id}"
   region   = "${var.region}"
 }
@@ -129,6 +129,20 @@ locals {
     zonal    = "${element(concat(google_container_cluster.zonal_primary.*.addons_config.0.kubernetes_dashboard.0.disabled, list("")), 0)}"
   }
 
+  {% if beta_cluster %}
+  # BETA features
+  cluster_type_output_istio_enabled = {
+    regional = "${element(concat(google_container_cluster.primary.*.addons_config.0.istio_config.0.disabled, list("")), 0)}"
+    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.addons_config.0.istio_config.0.disabled, list("")), 0)}"
+  }
+
+  cluster_type_output_cloudrun_enabled = {
+    regional = "${element(concat(google_container_cluster.primary.*.addons_config.0.cloudrun_config.0.disabled, list("")), 0)}"
+    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.addons_config.0.cloudrun_config.0.disabled, list("")), 0)}"
+  }
+  # /BETA features
+  {% endif %}
+
   cluster_type_output_node_pools_names = {
     regional = "${concat(google_container_node_pool.pools.*.name, list(""))}"
     zonal    = "${concat(google_container_node_pool.zonal_pools.*.name, list(""))}"
@@ -168,6 +182,12 @@ locals {
   cluster_http_load_balancing_enabled        = "${local.cluster_type_output_http_load_balancing_enabled[local.cluster_type] ? false : true}"
   cluster_horizontal_pod_autoscaling_enabled = "${local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type] ? false : true}"
   cluster_kubernetes_dashboard_enabled       = "${local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type] ? false : true}"
+{% if beta_cluster %}
+  # BETA features
+  cluster_istio_enabled    = "${local.cluster_type_output_istio_enabled[local.cluster_type] ? false : true}"
+  cluster_cloudrun_enabled = "${local.cluster_type_output_cloudrun_enabled[local.cluster_type] ? false : true}"
+  # /BETA features
+{% endif %}
 {% if private_cluster %}
   cluster_pod_security_policy_enabled        = "${local.cluster_type_output_pod_security_policy_enabled[local.cluster_type] ? true : false}"
 {% endif %}

autogen/networks.tf

@@ -17,13 +17,13 @@
 {{ autogeneration_note }}
 
 data "google_compute_network" "gke_network" {
-  provider = "{% if private_cluster %}google-beta{%else %}google{% endif %}"
+  provider = "{% if private_cluster %}google-beta{% else %}google{% endif %}"
   name     = "${var.network}"
   project  = "${local.network_project_id}"
 }
 
 data "google_compute_subnetwork" "gke_subnetwork" {
-  provider = "{% if private_cluster %}google-beta{%else %}google{% endif %}"
+  provider = "{% if private_cluster %}google-beta{% else %}google{% endif %}"
   name     = "${var.subnetwork}"
   region   = "${var.region}"
   project  = "${local.network_project_id}"

autogen/outputs.tf

@@ -113,10 +113,21 @@ output "service_account" {
   value       = "${local.service_account}"
 }
 
+{% if beta_cluster %}
+output "istio_enabled" {
+  description = "Whether Istio is enabled"
+  value       = "${local.cluster_istio_enabled}"
+}
+
+output "cloudrun_enabled" {
+  description = "Whether CloudRun enabled"
+  value       = "${local.cluster_cloudrun_enabled}"
+}
+{% endif %}
+
 {% if private_cluster %}
 output "pod_security_policy_enabled" {
   description = "Whether pod security policy is enabled"
   value       = "${local.cluster_pod_security_policy_enabled}"
 }
-
 {% endif %}

autogen/variables.tf

@@ -251,8 +251,8 @@ variable "service_account" {
   description = "The service account to run nodes as if not overridden in `node_pools`. The default value will cause a cluster-specific service account to be created."
   default     = "create"
 }
-{% if private_cluster %}
 
+{% if private_cluster %}
 variable "deploy_using_private_endpoint" {
   description = "(Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment."
   default     = "false"
@@ -274,6 +274,18 @@ variable "master_ipv4_cidr_block" {
 }
 {% endif %}
 
+{% if beta_cluster %}
+variable "istio" {
+  description = "(Beta) Enable Istio addon"
+  default     = false
+}
+
+variable "cloudrun" {
+  description = "(Beta) Enable CloudRun addon"
+  default     = false
+}
+{% endif %}
+
 variable "basic_auth_username" {
   description = "The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration."
   default     = ""

examples/simple_regional_beta/README.md

@@ -0,0 +1,47 @@
+# Simple Regional Cluster
+
+This example illustrates how to create a simple cluster with beta features.
+
+[^]: (autogen_docs_start)
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| cluster\_name\_suffix | A suffix to append to the default cluster name | string | `""` | no |
+| compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | string | n/a | yes |
+| credentials\_path | The path to the GCP credentials JSON file | string | n/a | yes |
+| ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes |
+| ip\_range\_services | The secondary ip range to use for pods | string | n/a | yes |
+| network | The VPC network to host the cluster in | string | n/a | yes |
+| project\_id | The project ID to host the cluster in | string | n/a | yes |
+| region | The region to host the cluster in | string | n/a | yes |
+| subnetwork | The subnetwork to host the cluster in | string | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| ca\_certificate |  |
+| client\_token |  |
+| cluster\_name | Cluster name |
+| credentials\_path |  |
+| ip\_range\_pods | The secondary IP range used for pods |
+| ip\_range\_services | The secondary IP range used for services |
+| kubernetes\_endpoint |  |
+| location |  |
+| master\_kubernetes\_version | The master Kubernetes version |
+| network |  |
+| project\_id |  |
+| region |  |
+| service\_account | The service account to default running nodes as if not overridden in `node_pools`. |
+| subnetwork |  |
+| zones | List of zones in which the cluster resides |
+
+[^]: (autogen_docs_end)
+
+To provision this example, run the following from within this directory:
+- `terraform init` to get the plugins
+- `terraform plan` to see the infrastructure plan
+- `terraform apply` to apply the infrastructure build
+- `terraform destroy` to destroy the built infrastructure

examples/simple_regional_beta/main.tf

@@ -0,0 +1,48 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  cluster_type = "simple-regional-beta"
+}
+
+provider "google" {
+  version     = "2.3"
+  credentials = "${file(var.credentials_path)}"
+  region      = "${var.region}"
+}
+
+provider "google-beta" {
+  version     = "2.3"
+  credentials = "${file(var.credentials_path)}"
+  region      = "${var.region}"
+}
+
+module "gke" {
+  source            = "../../modules/beta-public-cluster/"
+  project_id        = "${var.project_id}"
+  name              = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
+  regional          = true
+  region            = "${var.region}"
+  network           = "${var.network}"
+  subnetwork        = "${var.subnetwork}"
+  ip_range_pods     = "${var.ip_range_pods}"
+  ip_range_services = "${var.ip_range_services}"
+  service_account   = "${var.compute_engine_service_account}"
+  istio             = "${var.istio}"
+  cloudrun          = "${var.cloudrun}"
+}
+
+data "google_client_config" "default" {}

examples/simple_regional_beta/outputs.tf

@@ -0,0 +1,34 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "kubernetes_endpoint" {
+  sensitive = true
+  value     = "${module.gke.endpoint}"
+}
+
+output "client_token" {
+  sensitive = true
+  value     = "${base64encode(data.google_client_config.default.access_token)}"
+}
+
+output "ca_certificate" {
+  value = "${module.gke.ca_certificate}"
+}
+
+output "service_account" {
+  description = "The service account to default running nodes as if not overridden in `node_pools`."
+  value       = "${module.gke.service_account}"
+}