From 4e817be3f09fe45f095c6b3debf755005efb9ac3 Mon Sep 17 00:00:00 2001 From: Felipe Marques Date: Tue, 6 Sep 2022 12:50:35 -0300 Subject: [PATCH] feat: cloud dns support for safer clusters (#1384) --- autogen/safer-cluster/main.tf.tmpl | 6 ++++++ autogen/safer-cluster/variables.tf.tmpl | 18 ++++++++++++++++++ modules/safer-cluster-update-variant/README.md | 3 +++ modules/safer-cluster-update-variant/main.tf | 6 ++++++ .../safer-cluster-update-variant/variables.tf | 18 ++++++++++++++++++ modules/safer-cluster/README.md | 3 +++ modules/safer-cluster/main.tf | 6 ++++++ modules/safer-cluster/variables.tf | 18 ++++++++++++++++++ 8 files changed, 78 insertions(+) diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl index 0893b0c0e..9fe70cca1 100644 --- a/autogen/safer-cluster/main.tf.tmpl +++ b/autogen/safer-cluster/main.tf.tmpl @@ -141,6 +141,12 @@ module "gke" { dns_cache = var.dns_cache + cluster_dns_provider = var.cluster_dns_provider + + cluster_dns_scope = var.cluster_dns_scope + + cluster_dns_domain = var.cluster_dns_domain + config_connector = var.config_connector default_max_pods_per_node = var.default_max_pods_per_node diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl index 60e20e24b..ee681faf8 100644 --- a/autogen/safer-cluster/variables.tf.tmpl +++ b/autogen/safer-cluster/variables.tf.tmpl @@ -273,6 +273,24 @@ variable "dns_cache" { default = false } +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "default_max_pods_per_node" { description = "The maximum number of pods to schedule per node" default = 110 diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md index fb247e7dd..759de5064 100644 --- a/modules/safer-cluster-update-variant/README.md +++ b/modules/safer-cluster-update-variant/README.md @@ -204,6 +204,9 @@ For simplicity, we suggest using `roles/container.admin` and | add\_cluster\_firewall\_rules | Create additional firewall rules | `bool` | `false` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | +| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | compute\_engine\_service\_account | Use the given service account for nodes rather than creating a new dedicated service account. | `string` | `""` | no | | config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf index 856a116f2..1b8331b59 100644 --- a/modules/safer-cluster-update-variant/main.tf +++ b/modules/safer-cluster-update-variant/main.tf @@ -137,6 +137,12 @@ module "gke" { dns_cache = var.dns_cache + cluster_dns_provider = var.cluster_dns_provider + + cluster_dns_scope = var.cluster_dns_scope + + cluster_dns_domain = var.cluster_dns_domain + config_connector = var.config_connector default_max_pods_per_node = var.default_max_pods_per_node diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf index 49fe3afbd..002850230 100644 --- a/modules/safer-cluster-update-variant/variables.tf +++ b/modules/safer-cluster-update-variant/variables.tf @@ -273,6 +273,24 @@ variable "dns_cache" { default = false } +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "default_max_pods_per_node" { description = "The maximum number of pods to schedule per node" default = 110 diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md index fb247e7dd..759de5064 100644 --- a/modules/safer-cluster/README.md +++ b/modules/safer-cluster/README.md @@ -204,6 +204,9 @@ For simplicity, we suggest using `roles/container.admin` and | add\_cluster\_firewall\_rules | Create additional firewall rules | `bool` | `false` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | +| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | compute\_engine\_service\_account | Use the given service account for nodes rather than creating a new dedicated service account. | `string` | `""` | no | | config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf index 960a376ba..5529beae1 100644 --- a/modules/safer-cluster/main.tf +++ b/modules/safer-cluster/main.tf @@ -137,6 +137,12 @@ module "gke" { dns_cache = var.dns_cache + cluster_dns_provider = var.cluster_dns_provider + + cluster_dns_scope = var.cluster_dns_scope + + cluster_dns_domain = var.cluster_dns_domain + config_connector = var.config_connector default_max_pods_per_node = var.default_max_pods_per_node diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf index 49fe3afbd..002850230 100644 --- a/modules/safer-cluster/variables.tf +++ b/modules/safer-cluster/variables.tf @@ -273,6 +273,24 @@ variable "dns_cache" { default = false } +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "default_max_pods_per_node" { description = "The maximum number of pods to schedule per node" default = 110