Merge pull request #69 from terraform-google-modules/feature/private-…

…cluster-module

Add submodule and tests for private clusters

.kitchen.yml

@@ -76,6 +76,19 @@ suites:
           backend: local
     provisioner:
       name: terraform
+  - name: "simple_regional_private"
+    driver:
+      name: "terraform"
+      command_timeout: 1800
+      root_module_directory: test/fixtures/simple_regional_private
+    verifier:
+      name: terraform
+      color: false
+      systems:
+        - name: simple_regional_private
+          backend: local
+    provisioner:
+      name: terraform
   - name: "simple_zonal"
     driver:
       name: "terraform"
@@ -89,6 +102,19 @@ suites:
           backend: local
     provisioner:
       name: terraform
+  - name: "simple_zonal_private"
+    driver:
+      name: "terraform"
+      command_timeout: 1800
+      root_module_directory: test/fixtures/simple_zonal_private
+    verifier:
+      name: terraform
+      color: false
+      systems:
+        - name: simple_zonal_private
+          backend: local
+    provisioner:
+      name: terraform
   - name: "stub_domains"
     driver:
       name: "terraform"

CHANGELOG.md

@@ -7,10 +7,11 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 ### Changed
+* Add support for private clusters via submodule. #69
 * Set `horizontal_pod_autoscaling` to `true` by default. #42
 * Add `remove_default_node_pool` set to `false` by default #15
 * Allow arbitrary key-value pairs to be set on node pool metadata. #52
-* Add `initial_node_count` parameter to node_pool block. #60 
+* Add `initial_node_count` parameter to node_pool block. #60
 
 ## [v0.4.0] - 2018-12-19
 ### Added

README.md

@@ -1,7 +1,6 @@
 # Terraform Kubernetes Engine Module
 
 This module handles opinionated Google Cloud Platform Kubernetes Engine cluster creation and configuration with Node Pools, IP MASQ, Network Policy, etc.
-
 The resources/services/activations/deletions that this module will create/trigger are:
 - Create a GKE cluster with the provided addons
 - Create GKE Node Pool(s) with provided configuration and attach to cluster
@@ -115,7 +114,6 @@ Then perform the following commands on the root folder:
 | network | The VPC network to host the cluster in (required) | string | - | yes |
 | network_policy | Enable network policy addon | string | `false` | no |
 | network_project_id | The project ID of the shared VPC's host (for shared vpc support) | string | `` | no |
-| remove_default_node_pool | Boolean value determining removal of default node pool | bool | false | no |
 | node_pools | List of maps containing node pools | list | `<list>` | no |
 | node_pools_labels | Map of maps containing node labels by node-pool name | map | `<map>` | no |
 | node_pools_metadata | Map of maps containing node metadata by node-pool name | map | `<map>` | no |
@@ -126,6 +124,7 @@ Then perform the following commands on the root folder:
 | project_id | The project ID to host the cluster in (required) | string | - | yes |
 | region | The region to host the cluster in (required) | string | - | yes |
 | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | string | `true` | no |
+| remove_default_node_pool | Remove default node pool while setting up the cluster | string | `false` | no |
 | service_account | The service account to default running nodes as if not overridden in `node_pools`. Defaults to the compute engine default service account | string | `` | no |
 | stub_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map | `<map>` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | string | - | yes |
@@ -168,11 +167,11 @@ Before this module can be used on a project, you must ensure that the following
 The [project factory](https://github.com/terraform-google-modules/terraform-google-project-factory) can be used to provision projects with the correct APIs active and the necessary Shared VPC connections.
 
 ### Software Dependencies
-### Kubectl
+#### Kubectl
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
-### Terraform plugins
-- [Terraform](https://www.terraform.io/downloads.html) 0.10.x
-- [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) plugin v1.8.0
+#### Terraform and Plugins
+- [Terraform](https://www.terraform.io/downloads.html) 0.11.x
+- [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) v1.8.0
 
 ### Configure a Service Account
 In order to execute this module you must have a Service Account with the
@@ -188,12 +187,6 @@ In order to operate with the Service Account you must activate the following API
 - Compute Engine API - compute.googleapis.com
 - Kubernetes Engine API - container.googleapis.com
 
-## Install
-
-### Terraform
-Be sure you have the correct Terraform version (0.10.x), you can choose the binary here:
-- https://releases.hashicorp.com/terraform/
-
 ## File structure
 The project has the following folders and files:
 
@@ -209,9 +202,9 @@ The project has the following folders and files:
 
 ## Templating
 
-To more cleanly handle cases where desired functionality would require complex duplication of Terraform resources (i.e. [PR 51](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/51)), this repository is largely generated from the [`autogen`](./autogen) directory.
+To more cleanly handle cases where desired functionality would require complex duplication of Terraform resources (i.e. [PR 51](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/51)), this repository is largely generated from the [`autogen`](/autogen) directory.
 
-The root module is generated by running `make generate`. Changes to this repository should be made in the [`autogen`](./autogen) directory where appropriate.
+The root module is generated by running `make generate`. Changes to this repository should be made in the [`autogen`](/autogen) directory where appropriate.
 
 ## Testing
 
@@ -270,7 +263,7 @@ Alternatively, you can simply run `make test_integration_docker` to run all the
 #### Test configuration
 
 Each test-kitchen instance is configured with a `variables.tfvars` file in the test fixture directory, e.g. `test/fixtures/node_pool/terraform.tfvars`.
-For convenience, since all of the variables are project-specific, these files have been symlinked to `test/fixtures/shared/terraform.tfvars`. 
+For convenience, since all of the variables are project-specific, these files have been symlinked to `test/fixtures/shared/terraform.tfvars`.
 Similarly, each test fixture has a `variables.tf` to define these variables, and an `outputs.tf` to facilitate providing necessary information for `inspec` to locate and query against created resources.
 
 Each test-kitchen instance creates a GCP Network and Subnetwork fixture to house resources, and may create any other necessary fixture data as needed.

auth.tf

@@ -19,7 +19,9 @@
 /******************************************
   Retrieve authentication token
  *****************************************/
-data "google_client_config" "default" {}
+data "google_client_config" "default" {
+  provider = "google"
+}
 
 /******************************************
   Configure provider
@@ -29,4 +31,4 @@ provider "kubernetes" {
   host                   = "https://${local.cluster_endpoint}"
   token                  = "${data.google_client_config.default.access_token}"
   cluster_ca_certificate = "${base64decode(local.cluster_ca_certificate)}"
-}
+}