Update to upstream

.kitchen.yml

@@ -29,31 +29,15 @@ platforms:
   - name: local
 
 suites:
-# Disabled due to issue #274
-# (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/274)
-#  - name: "deploy_service"
-#    driver:
-#      root_module_directory: test/fixtures/deploy_service
-#    verifier:
-#      systems:
-#        - name: deploy_service
-#          backend: local
   - name: "disable_client_cert"
     driver:
       root_module_directory: test/fixtures/disable_client_cert
     verifier:
       systems:
         - name: disable_client_cert
           backend: local
-# Disabled due to issue #274
-# (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/274)
-#  - name: "node_pool"
-#    driver:
-#      root_module_directory: test/fixtures/node_pool
-#    verifier:
-#      systems:
-#        - name: node_pool
-#          backend: local
+          controls:
+            - gcloud
   - name: "shared_vpc"
     driver:
       root_module_directory: test/fixtures/shared_vpc
@@ -68,6 +52,40 @@ suites:
       systems:
         - name: simple_regional
           backend: local
+  - name: "private_zonal_with_networking"
+    driver:
+      root_module_directory: test/fixtures/private_zonal_with_networking
+    verifier:
+      systems:
+        - name: private_zonal_with_networking
+          backend: local
+          controls:
+            - gcloud
+        - name: private_zonal_with_networking
+          backend: local
+          controls:
+            - subnet
+        - name: network
+          backend: gcp
+          controls:
+            - network
+  - name: "simple_regional_with_networking"
+    driver:
+      root_module_directory: test/fixtures/simple_regional_with_networking
+    verifier:
+      systems:
+        - name: simple_regional_with_networking
+          backend: local
+          controls:
+            - gcloud
+        - name: subnet
+          backend: local
+          controls:
+            - subnet
+        - name: network
+          backend: gcp
+          controls:
+            - network
   - name: "simple_regional_private"
     driver:
       root_module_directory: test/fixtures/simple_regional_private
@@ -84,6 +102,7 @@ suites:
           backend: local
           controls:
             - gcloud
+            - acm
         - name: gcp
           backend: gcp
           controls:
@@ -95,13 +114,18 @@ suites:
       systems:
         - name: simple_zonal_private
           backend: local
+          controls:
+            - gcloud
   - name: "stub_domains"
     driver:
       root_module_directory: test/fixtures/stub_domains
     verifier:
       systems:
         - name: stub_domains
           backend: local
+          controls:
+            - gcloud
+            - kubectl
 # Disabled due to issue #264
 # (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/264)
 #  - name: stub_domains_private
@@ -131,3 +155,30 @@ suites:
       systems:
         - name: workload_metadata_config
           backend: local
+  - name: "deploy_service"
+    driver:
+      root_module_directory: test/fixtures/deploy_service
+    verifier:
+      systems:
+        - name: deploy_service
+          backend: local
+          controls:
+            - gcloud
+            - kubectl
+  - name: "node_pool"
+    driver:
+      root_module_directory: test/fixtures/node_pool
+    verifier:
+      systems:
+        - name: node_pool
+          backend: local
+          controls:
+            - gcloud
+            - kubectl
+  - name: "sandbox_enabled"
+    driver:
+      root_module_directory: test/fixtures/sandbox_enabled
+    verifier:
+      systems:
+        - name: sandbox_enabled
+          backend: local

CHANGELOG.md

@@ -8,13 +8,37 @@ Extending the adopted spec, each change should have a link to its corresponding
 
 ## [Unreleased]
 
-### Changed
+### Added
+
+* Support for Shielded Nodes beta feature via `enabled_shielded_nodes` variable. [#300]
+* Support for setting node_locations on node pools. [#303]
+* Fix for specifying  `node_count` on node pools when autoscaling is disabled. [#311]
+* Added submodule for installing Anthos Config Management. [#268]
+* Support for `local_ssd_count` in node pool configuration. [#244]
+* Wait for cluster to be ready before returning endpoint. [#340]
+
+## [v5.1.1] - 2019-10-25
 
-* Made `region` variable optional for zonal clusters [#247]
+### Fixed
+
+* Fixed bug with setting up sandboxing on nodes. [#286]
+
+## [v5.1.0] - 2019-10-24
 
 ### Added
 
+* Added ability to skip local-exec provisioners. [#258]
 * Added [private](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/modules/private-cluster-update-variant) and [beta private](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/modules/beta-private-cluster-update-variant) variants which allow node pools to be created before being destroyed. [#256]
+* Add a parameter `registry_project_id` to allow connecting to registries in other projects. [#273]
+
+### Changed
+
+* Made `region` variable optional for zonal clusters. [#247]
+* Made default metadata, labels, and tags optional. [#282]
+
+### Fixed
+
+* Authenticate gcloud in wait-for-cluster.sh using value of `GOOGLE_APPLICATION_CREDENTIALS`. [#284] [#285]
 
 ## [v5.0.0] - 2019-09-25
 v5.0.0 is a backwards-incompatible release. Please see the [upgrading guide](./docs/upgrading_to_v5.0.md).
@@ -189,7 +213,9 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 
 * Initial release of module.
 
-[Unreleased]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.0.0...HEAD
+[Unreleased]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.1.1...HEAD
+[v5.1.1]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.1.0...v5.1.1
+[v5.1.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.0.0...v5.1.0
 [v5.0.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v4.1.0...v5.0.0
 [v4.1.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v4.0.0...v4.1.0
 [v4.0.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v3.0.0...v4.0.0
@@ -204,13 +230,25 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [v0.3.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.2.0...v0.3.0
 [v0.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.1.0...v0.2.0
 
-[#247]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/247
+[#340]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/340
+[#268]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/268
+[#311]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/311
+[#303]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/303
+[#300]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/300
+[#286]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/286
+[#285]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/285
+[#284]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/284
+[#282]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/282
+[#273]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/273
+[#258]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/258
 [#256]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/256
 [#248]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/248
+[#247]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/247
 [#228]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/228
 [#238]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/238
 [#241]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/241
 [#250]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/250
+[#244]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/244
 [#236]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/236
 [#217]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/217
 [#234]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/234

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.1.0
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.4.6
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 
@@ -27,7 +27,7 @@ REGISTRY_URL := gcr.io/cloud-foundation-cicd
 docker_run:
 	docker run --rm -it \
 		-e SERVICE_ACCOUNT_JSON \
-		-v $(CURDIR):/workspace \
+		-v "$(CURDIR)":/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/bin/bash
 
@@ -39,7 +39,7 @@ docker_test_prepare:
 		-e TF_VAR_org_id \
 		-e TF_VAR_folder_id \
 		-e TF_VAR_billing_account \
-		-v $(CURDIR):/workspace \
+		-v "$(CURDIR)":/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/usr/local/bin/execute_with_credentials.sh prepare_environment
 
@@ -51,7 +51,7 @@ docker_test_cleanup:
 		-e TF_VAR_org_id \
 		-e TF_VAR_folder_id \
 		-e TF_VAR_billing_account \
-		-v $(CURDIR):/workspace \
+		-v "$(CURDIR)":/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/usr/local/bin/execute_with_credentials.sh cleanup_environment
 
@@ -60,31 +60,31 @@ docker_test_cleanup:
 docker_test_integration:
 	docker run --rm -it \
 		-e SERVICE_ACCOUNT_JSON \
-		-v $(CURDIR):/workspace \
+		-v "$(CURDIR)":/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/usr/local/bin/test_integration.sh
 
 # Execute lint tests within the docker container
 .PHONY: docker_test_lint
 docker_test_lint:
 	docker run --rm -it \
-		-v $(CURDIR):/workspace \
+		-v "$(CURDIR)":/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/usr/local/bin/test_lint.sh
 
 # Generate documentation
 .PHONY: docker_generate_docs
 docker_generate_docs:
 	docker run --rm -it \
-		-v $(CURDIR):/workspace \
+		-v "$(CURDIR)":/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs'
 
 # Generate files from autogen
 .PHONY: docker_generate
 docker_generate:
 	docker run --rm -it \
-                -v $(CURDIR):/workspace \
+                -v "$(CURDIR)":/workspace \
                 $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
                 /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate'
 

README.md

@@ -43,6 +43,7 @@ module "gke" {
       machine_type       = "n1-standard-2"
       min_count          = 1
       max_count          = 100
+      local_ssd_count    = 0
       disk_size_gb       = 100
       disk_type          = "pd-standard"
       image_type         = "COS"
@@ -167,8 +168,10 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | project\_id | The project ID to host the cluster in (required) | string | n/a | yes |
 | region | The region to host the cluster in (optional if zonal cluster / required if regional) | string | `"null"` | no |
 | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool | `"true"` | no |
+| registry\_project\_id | Project holding the Google Container Registry. If empty, we use the cluster project. If grant_registry_access is true, storage.objectViewer role is assigned on this project. | string | `""` | no |
 | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no |
 | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no |
+| skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | bool | `"false"` | no |
 | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `<map>` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes |
 | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | list | `<list>` | no |
@@ -228,6 +231,9 @@ following project roles:
 - roles/iam.serviceAccountUser
 - roles/resourcemanager.projectIamAdmin (only required if `service_account` is set to `create`)
 
+Additionally, if `service_account` is set to `create` and `grant_registry_access` is requested, the service account requires the following role on the `registry_project_id` project:
+- roles/resourcemanager.projectIamAdmin
+
 ### Enable APIs
 In order to operate with the Service Account you must activate the following APIs on the project where the Service Account was created: