From 19f59c4d55e0761fac0e37103502c70b90536800 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Gonz=C3=A1lez?= Date: Tue, 21 Jun 2022 19:56:35 +0200 Subject: [PATCH] feat: Add maintenance variables for safer cluster (#1282) Co-authored-by: Bharath KKB --- autogen/safer-cluster/main.tf.tmpl | 3 +++ autogen/safer-cluster/variables.tf.tmpl | 18 ++++++++++++++++++ modules/safer-cluster-update-variant/README.md | 3 +++ modules/safer-cluster-update-variant/main.tf | 3 +++ .../safer-cluster-update-variant/variables.tf | 18 ++++++++++++++++++ modules/safer-cluster/README.md | 3 +++ modules/safer-cluster/main.tf | 3 +++ modules/safer-cluster/variables.tf | 18 ++++++++++++++++++ 8 files changed, 69 insertions(+) diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl index adc37d5fe..ac8486a81 100644 --- a/autogen/safer-cluster/main.tf.tmpl +++ b/autogen/safer-cluster/main.tf.tmpl @@ -76,6 +76,9 @@ module "gke" { datapath_provider = var.datapath_provider maintenance_start_time = var.maintenance_start_time + maintenance_end_time = var.maintenance_end_time + maintenance_recurrence = var.maintenance_recurrence + maintenance_exclusions = var.maintenance_exclusions // We suggest removing the default node pool, as it cannot be modified without // destroying the cluster. diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl index dcc677fe2..4a337c278 100644 --- a/autogen/safer-cluster/variables.tf.tmpl +++ b/autogen/safer-cluster/variables.tf.tmpl @@ -107,6 +107,24 @@ variable "maintenance_start_time" { default = "05:00" } +variable "maintenance_exclusions" { + type = list(object({ name = string, start_time = string, end_time = string })) + description = "List of maintenance exclusions. A cluster can have up to three" + default = [] +} + +variable "maintenance_end_time" { + type = string + description = "Time window specified for recurring maintenance operations in RFC3339 format" + default = "" +} + +variable "maintenance_recurrence" { + type = string + description = "Frequency of the recurring maintenance window in RFC5545 format." + default = "" +} + variable "ip_range_pods" { type = string description = "The _name_ of the secondary subnet ip range to use for pods" diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md index a972278a4..c294af489 100644 --- a/modules/safer-cluster-update-variant/README.md +++ b/modules/safer-cluster-update-variant/README.md @@ -234,6 +234,9 @@ For simplicity, we suggest using `roles/container.admin` and | istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. The module enforces certain minimum versions to ensure that specific features are available. | `string` | `null` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | +| maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no | diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf index 7284601e4..c13c9ce14 100644 --- a/modules/safer-cluster-update-variant/main.tf +++ b/modules/safer-cluster-update-variant/main.tf @@ -72,6 +72,9 @@ module "gke" { datapath_provider = var.datapath_provider maintenance_start_time = var.maintenance_start_time + maintenance_end_time = var.maintenance_end_time + maintenance_recurrence = var.maintenance_recurrence + maintenance_exclusions = var.maintenance_exclusions // We suggest removing the default node pool, as it cannot be modified without // destroying the cluster. diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf index f05575aad..1c1acf9a1 100644 --- a/modules/safer-cluster-update-variant/variables.tf +++ b/modules/safer-cluster-update-variant/variables.tf @@ -107,6 +107,24 @@ variable "maintenance_start_time" { default = "05:00" } +variable "maintenance_exclusions" { + type = list(object({ name = string, start_time = string, end_time = string })) + description = "List of maintenance exclusions. A cluster can have up to three" + default = [] +} + +variable "maintenance_end_time" { + type = string + description = "Time window specified for recurring maintenance operations in RFC3339 format" + default = "" +} + +variable "maintenance_recurrence" { + type = string + description = "Frequency of the recurring maintenance window in RFC5545 format." + default = "" +} + variable "ip_range_pods" { type = string description = "The _name_ of the secondary subnet ip range to use for pods" diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md index a972278a4..c294af489 100644 --- a/modules/safer-cluster/README.md +++ b/modules/safer-cluster/README.md @@ -234,6 +234,9 @@ For simplicity, we suggest using `roles/container.admin` and | istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. The module enforces certain minimum versions to ensure that specific features are available. | `string` | `null` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | +| maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no | diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf index 8bc07bce0..2545daa2e 100644 --- a/modules/safer-cluster/main.tf +++ b/modules/safer-cluster/main.tf @@ -72,6 +72,9 @@ module "gke" { datapath_provider = var.datapath_provider maintenance_start_time = var.maintenance_start_time + maintenance_end_time = var.maintenance_end_time + maintenance_recurrence = var.maintenance_recurrence + maintenance_exclusions = var.maintenance_exclusions // We suggest removing the default node pool, as it cannot be modified without // destroying the cluster. diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf index f05575aad..1c1acf9a1 100644 --- a/modules/safer-cluster/variables.tf +++ b/modules/safer-cluster/variables.tf @@ -107,6 +107,24 @@ variable "maintenance_start_time" { default = "05:00" } +variable "maintenance_exclusions" { + type = list(object({ name = string, start_time = string, end_time = string })) + description = "List of maintenance exclusions. A cluster can have up to three" + default = [] +} + +variable "maintenance_end_time" { + type = string + description = "Time window specified for recurring maintenance operations in RFC3339 format" + default = "" +} + +variable "maintenance_recurrence" { + type = string + description = "Frequency of the recurring maintenance window in RFC5545 format." + default = "" +} + variable "ip_range_pods" { type = string description = "The _name_ of the secondary subnet ip range to use for pods"