diff --git a/README.md b/README.md index 5ca61be5b..0a2535ebd 100644 --- a/README.md +++ b/README.md @@ -140,6 +140,7 @@ Then perform the following commands on the root folder: | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `` | no | | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | +| node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `` | no | | project\_id | The project ID to host the cluster in (required) | string | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | string | `"null"` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index c46f6725f..72b0f2bc2 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -458,7 +458,6 @@ resource "google_container_node_pool" "pools" { "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints }, ) - {% if beta_cluster %} dynamic "taint" { for_each = concat( local.node_pools_taints["all"], @@ -470,7 +469,6 @@ resource "google_container_node_pool" "pools" { value = taint.value.value } } - {% endif %} tags = concat( lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-${each.value["name"]}"] : [], diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 051df31f9..2205321bb 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -227,6 +227,7 @@ variable "cluster_autoscaling" { } description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)" } +{% endif %} variable "node_pools_taints" { type = map(list(object({ key = string, value = string, effect = string }))) @@ -239,7 +240,6 @@ variable "node_pools_taints" { } } -{% endif %} variable "node_pools_tags" { type = map(list(string)) description = "Map of lists containing node network tags by node-pool name" diff --git a/autogen/main/variables_defaults.tf b/autogen/main/variables_defaults.tf index ccc9b0eed..5ba467eb8 100644 --- a/autogen/main/variables_defaults.tf +++ b/autogen/main/variables_defaults.tf @@ -40,7 +40,6 @@ locals { var.node_pools_metadata ) -{% if beta_cluster %} node_pools_taints = merge( { all = [] }, { default-node-pool = [] }, @@ -51,7 +50,6 @@ locals { var.node_pools_taints ) -{% endif %} node_pools_tags = merge( { all = [] }, { default-node-pool = [] }, diff --git a/cluster.tf b/cluster.tf index df45c9cba..abcdbc0c8 100644 --- a/cluster.tf +++ b/cluster.tf @@ -198,6 +198,17 @@ resource "google_container_node_pool" "pools" { "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints }, ) + dynamic "taint" { + for_each = concat( + local.node_pools_taints["all"], + local.node_pools_taints[each.value["name"]], + ) + content { + effect = taint.value.effect + key = taint.value.key + value = taint.value.value + } + } tags = concat( lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-${each.value["name"]}"] : [], diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf index efb3bd838..3bf6ed273 100644 --- a/examples/deploy_service/main.tf +++ b/examples/deploy_service/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/disable_client_cert/main.tf b/examples/disable_client_cert/main.tf index 8aa079144..3615bf3f6 100644 --- a/examples/disable_client_cert/main.tf +++ b/examples/disable_client_cert/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index d0358e5ff..0dce9d78d 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/node_pool_update_variant/main.tf b/examples/node_pool_update_variant/main.tf index 1694f9248..e36dc1a68 100644 --- a/examples/node_pool_update_variant/main.tf +++ b/examples/node_pool_update_variant/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/node_pool_update_variant_beta/main.tf b/examples/node_pool_update_variant_beta/main.tf index cbfa818bd..39256b738 100644 --- a/examples/node_pool_update_variant_beta/main.tf +++ b/examples/node_pool_update_variant_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" credentials = file(var.credentials_path) region = var.region } diff --git a/examples/private_zonal_with_networking/main.tf b/examples/private_zonal_with_networking/main.tf index 006dee61a..75d13dd21 100644 --- a/examples/private_zonal_with_networking/main.tf +++ b/examples/private_zonal_with_networking/main.tf @@ -16,7 +16,7 @@ module "gcp-network" { source = "terraform-google-modules/network/google" - version = "~> 2.0" + version = "~> 2.5" project_id = var.project_id network_name = var.network diff --git a/examples/regional_private_node_pool_oauth_scopes/network.tf b/examples/regional_private_node_pool_oauth_scopes/network.tf index 7f60f15fa..140c20d94 100644 --- a/examples/regional_private_node_pool_oauth_scopes/network.tf +++ b/examples/regional_private_node_pool_oauth_scopes/network.tf @@ -16,7 +16,7 @@ module "gke-network" { source = "terraform-google-modules/network/google" - version = "~> 2.0" + version = "~> 2.5" project_id = var.project_id network_name = "random-gke-network" diff --git a/examples/regional_private_node_pool_oauth_scopes/provider.tf b/examples/regional_private_node_pool_oauth_scopes/provider.tf index 543821ce8..4afb1e7ef 100644 --- a/examples/regional_private_node_pool_oauth_scopes/provider.tf +++ b/examples/regional_private_node_pool_oauth_scopes/provider.tf @@ -15,9 +15,9 @@ */ provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" } diff --git a/examples/safer_cluster/main.tf b/examples/safer_cluster/main.tf index 3d0f5aa39..efe5449e4 100644 --- a/examples/safer_cluster/main.tf +++ b/examples/safer_cluster/main.tf @@ -30,11 +30,11 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" } module "gke" { diff --git a/examples/safer_cluster/network.tf b/examples/safer_cluster/network.tf index c647547f9..bf36d6f47 100644 --- a/examples/safer_cluster/network.tf +++ b/examples/safer_cluster/network.tf @@ -16,7 +16,7 @@ module "gcp-network" { source = "terraform-google-modules/network/google" - version = "~> 2.0" + version = "~> 2.5" project_id = var.project_id network_name = local.network_name diff --git a/examples/safer_cluster_iap_bastion/network.tf b/examples/safer_cluster_iap_bastion/network.tf index 57c6f8aea..00e23bdfe 100644 --- a/examples/safer_cluster_iap_bastion/network.tf +++ b/examples/safer_cluster_iap_bastion/network.tf @@ -17,7 +17,7 @@ module "vpc" { source = "terraform-google-modules/network/google" - version = "~> 2.3" + version = "~> 2.5" project_id = module.enabled_google_apis.project_id network_name = var.network_name diff --git a/examples/safer_cluster_iap_bastion/provider.tf b/examples/safer_cluster_iap_bastion/provider.tf index b19b4bfb0..4c2b042d0 100644 --- a/examples/safer_cluster_iap_bastion/provider.tf +++ b/examples/safer_cluster_iap_bastion/provider.tf @@ -15,9 +15,9 @@ */ provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" } diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf index 876339c8e..a4ecdc28e 100644 --- a/examples/shared_vpc/main.tf +++ b/examples/shared_vpc/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf index 766ead403..c4ddf21aa 100644 --- a/examples/simple_regional/main.tf +++ b/examples/simple_regional/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_regional_beta/main.tf b/examples/simple_regional_beta/main.tf index 81c72f0f2..94d394b39 100644 --- a/examples/simple_regional_beta/main.tf +++ b/examples/simple_regional_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_regional_private/main.tf b/examples/simple_regional_private/main.tf index b6224af20..af484b181 100644 --- a/examples/simple_regional_private/main.tf +++ b/examples/simple_regional_private/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf index a311609a7..42a8eb40e 100644 --- a/examples/simple_regional_private_beta/main.tf +++ b/examples/simple_regional_private_beta/main.tf @@ -19,12 +19,12 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_regional_with_kubeconfig/main.tf b/examples/simple_regional_with_kubeconfig/main.tf index da2911e66..5db7eb266 100644 --- a/examples/simple_regional_with_kubeconfig/main.tf +++ b/examples/simple_regional_with_kubeconfig/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_regional_with_networking/main.tf b/examples/simple_regional_with_networking/main.tf index 7a529c2e4..57ccefa32 100644 --- a/examples/simple_regional_with_networking/main.tf +++ b/examples/simple_regional_with_networking/main.tf @@ -15,12 +15,12 @@ */ provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" } module "gcp-network" { source = "terraform-google-modules/network/google" - version = "~> 2.0" + version = "~> 2.5" project_id = var.project_id network_name = var.network diff --git a/examples/simple_zonal_private/main.tf b/examples/simple_zonal_private/main.tf index e6279ca88..f6e468083 100644 --- a/examples/simple_zonal_private/main.tf +++ b/examples/simple_zonal_private/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_zonal_with_acm/main.tf b/examples/simple_zonal_with_acm/main.tf index b234a0690..42b12ee93 100644 --- a/examples/simple_zonal_with_acm/main.tf +++ b/examples/simple_zonal_with_acm/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_zonal_with_asm/main.tf b/examples/simple_zonal_with_asm/main.tf index 5148323bc..1ad1f5b68 100644 --- a/examples/simple_zonal_with_asm/main.tf +++ b/examples/simple_zonal_with_asm/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_zonal_with_hub/main.tf b/examples/simple_zonal_with_hub/main.tf index 94d48cc5e..9da21f9f1 100644 --- a/examples/simple_zonal_with_hub/main.tf +++ b/examples/simple_zonal_with_hub/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.16.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf index 8e65ad659..9dce470f3 100644 --- a/examples/stub_domains/main.tf +++ b/examples/stub_domains/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/stub_domains_private/main.tf b/examples/stub_domains_private/main.tf index 77f202caf..cde258cdd 100644 --- a/examples/stub_domains_private/main.tf +++ b/examples/stub_domains_private/main.tf @@ -15,7 +15,7 @@ */ provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/stub_domains_upstream_nameservers/main.tf b/examples/stub_domains_upstream_nameservers/main.tf index 7d720375d..6e1417347 100644 --- a/examples/stub_domains_upstream_nameservers/main.tf +++ b/examples/stub_domains_upstream_nameservers/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/upstream_nameservers/main.tf b/examples/upstream_nameservers/main.tf index 16b81816e..b77dc4c23 100644 --- a/examples/upstream_nameservers/main.tf +++ b/examples/upstream_nameservers/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/workload_identity/main.tf b/examples/workload_identity/main.tf index d41a442a3..9579d090a 100644 --- a/examples/workload_identity/main.tf +++ b/examples/workload_identity/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/workload_metadata_config/main.tf b/examples/workload_metadata_config/main.tf index 2909afa17..a861c2414 100644 --- a/examples/workload_metadata_config/main.tf +++ b/examples/workload_metadata_config/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 79ac09be3..c0b64b261 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -172,6 +172,7 @@ Then perform the following commands on the root folder: | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `` | no | | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | +| node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `` | no | | project\_id | The project ID to host the cluster in (required) | string | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | string | `"null"` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 718044a4b..f624fe1e7 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -283,6 +283,17 @@ resource "google_container_node_pool" "pools" { "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints }, ) + dynamic "taint" { + for_each = concat( + local.node_pools_taints["all"], + local.node_pools_taints[each.value["name"]], + ) + content { + effect = taint.value.effect + key = taint.value.key + value = taint.value.value + } + } tags = concat( lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-${each.value["name"]}"] : [], diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 8188c2afd..5df2c4afc 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -187,6 +187,18 @@ variable "enable_resource_consumption_export" { description = "Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export." default = true } + +variable "node_pools_taints" { + type = map(list(object({ key = string, value = string, effect = string }))) + description = "Map of lists containing node taints by node-pool name" + + # Default is being set in variables_defaults.tf + default = { + all = [] + default-node-pool = [] + } +} + variable "node_pools_tags" { type = map(list(string)) description = "Map of lists containing node network tags by node-pool name" diff --git a/modules/private-cluster-update-variant/variables_defaults.tf b/modules/private-cluster-update-variant/variables_defaults.tf index 93bf1c134..70ac8ba1c 100644 --- a/modules/private-cluster-update-variant/variables_defaults.tf +++ b/modules/private-cluster-update-variant/variables_defaults.tf @@ -40,6 +40,16 @@ locals { var.node_pools_metadata ) + node_pools_taints = merge( + { all = [] }, + { default-node-pool = [] }, + zipmap( + [for node_pool in var.node_pools : node_pool["name"]], + [for node_pool in var.node_pools : []] + ), + var.node_pools_taints + ) + node_pools_tags = merge( { all = [] }, { default-node-pool = [] }, diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index a86cfe22a..fe4eca140 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -150,6 +150,7 @@ Then perform the following commands on the root folder: | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `` | no | | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | +| node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `` | no | | project\_id | The project ID to host the cluster in (required) | string | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | string | `"null"` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index a8401d0aa..a0ed848c9 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -211,6 +211,17 @@ resource "google_container_node_pool" "pools" { "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints }, ) + dynamic "taint" { + for_each = concat( + local.node_pools_taints["all"], + local.node_pools_taints[each.value["name"]], + ) + content { + effect = taint.value.effect + key = taint.value.key + value = taint.value.value + } + } tags = concat( lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-${each.value["name"]}"] : [], diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 8188c2afd..5df2c4afc 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -187,6 +187,18 @@ variable "enable_resource_consumption_export" { description = "Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export." default = true } + +variable "node_pools_taints" { + type = map(list(object({ key = string, value = string, effect = string }))) + description = "Map of lists containing node taints by node-pool name" + + # Default is being set in variables_defaults.tf + default = { + all = [] + default-node-pool = [] + } +} + variable "node_pools_tags" { type = map(list(string)) description = "Map of lists containing node network tags by node-pool name" diff --git a/modules/private-cluster/variables_defaults.tf b/modules/private-cluster/variables_defaults.tf index 93bf1c134..70ac8ba1c 100644 --- a/modules/private-cluster/variables_defaults.tf +++ b/modules/private-cluster/variables_defaults.tf @@ -40,6 +40,16 @@ locals { var.node_pools_metadata ) + node_pools_taints = merge( + { all = [] }, + { default-node-pool = [] }, + zipmap( + [for node_pool in var.node_pools : node_pool["name"]], + [for node_pool in var.node_pools : []] + ), + var.node_pools_taints + ) + node_pools_tags = merge( { all = [] }, { default-node-pool = [] }, diff --git a/test/fixtures/deploy_service/network.tf b/test/fixtures/deploy_service/network.tf index 8a4964808..0de80bd3b 100644 --- a/test/fixtures/deploy_service/network.tf +++ b/test/fixtures/deploy_service/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[0] } diff --git a/test/fixtures/disable_client_cert/network.tf b/test/fixtures/disable_client_cert/network.tf index 8a4964808..0de80bd3b 100644 --- a/test/fixtures/disable_client_cert/network.tf +++ b/test/fixtures/disable_client_cert/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[0] } diff --git a/test/fixtures/shared_vpc/network.tf b/test/fixtures/shared_vpc/network.tf index 8a4964808..0de80bd3b 100644 --- a/test/fixtures/shared_vpc/network.tf +++ b/test/fixtures/shared_vpc/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[0] } diff --git a/test/fixtures/simple_regional/network.tf b/test/fixtures/simple_regional/network.tf index 8a4964808..0de80bd3b 100644 --- a/test/fixtures/simple_regional/network.tf +++ b/test/fixtures/simple_regional/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[0] } diff --git a/test/fixtures/simple_regional_with_kubeconfig/network.tf b/test/fixtures/simple_regional_with_kubeconfig/network.tf index eb30a9b57..e434edc0e 100644 --- a/test/fixtures/simple_regional_with_kubeconfig/network.tf +++ b/test/fixtures/simple_regional_with_kubeconfig/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[0] } diff --git a/test/fixtures/simple_zonal/network.tf b/test/fixtures/simple_zonal/network.tf index 542b3904c..4fc294e76 100644 --- a/test/fixtures/simple_zonal/network.tf +++ b/test/fixtures/simple_zonal/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[1] } diff --git a/test/fixtures/simple_zonal_with_asm/network.tf b/test/fixtures/simple_zonal_with_asm/network.tf index 3ddc86721..b221dae8a 100644 --- a/test/fixtures/simple_zonal_with_asm/network.tf +++ b/test/fixtures/simple_zonal_with_asm/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[2] } diff --git a/test/fixtures/stub_domains/network.tf b/test/fixtures/stub_domains/network.tf index fd9799650..f36e983b5 100644 --- a/test/fixtures/stub_domains/network.tf +++ b/test/fixtures/stub_domains/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[1] } diff --git a/test/fixtures/stub_domains_upstream_nameservers/network.tf b/test/fixtures/stub_domains_upstream_nameservers/network.tf index 153058fa2..ee3ee4518 100644 --- a/test/fixtures/stub_domains_upstream_nameservers/network.tf +++ b/test/fixtures/stub_domains_upstream_nameservers/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[1] } diff --git a/test/fixtures/upstream_nameservers/network.tf b/test/fixtures/upstream_nameservers/network.tf index 153058fa2..ee3ee4518 100644 --- a/test/fixtures/upstream_nameservers/network.tf +++ b/test/fixtures/upstream_nameservers/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[1] } diff --git a/test/setup/iam.tf b/test/setup/iam.tf index 0a7fa49c1..dad03fab3 100644 --- a/test/setup/iam.tf +++ b/test/setup/iam.tf @@ -25,7 +25,7 @@ locals { "roles/container.developer", "roles/iam.serviceAccountAdmin", "roles/iam.serviceAccountUser", - "roles/compute.viewer", + "roles/compute.admin", "roles/resourcemanager.projectIamAdmin", "roles/composer.worker", "roles/serviceusage.serviceUsageAdmin", diff --git a/test/setup/main.tf b/test/setup/main.tf index 3cf7fae4e..475a9ddf0 100644 --- a/test/setup/main.tf +++ b/test/setup/main.tf @@ -20,7 +20,7 @@ resource "random_id" "random_project_id_suffix" { module "gke-project-1" { source = "terraform-google-modules/project-factory/google" - version = "~> 8.0" + version = "~> 9.1.0" name = "ci-gke-${random_id.random_project_id_suffix.hex}" random_project_id = true @@ -39,11 +39,17 @@ module "gke-project-1" { "serviceusage.googleapis.com", "storage-api.googleapis.com", ] + activate_api_identities = [ + { + api = "container.googleapis.com" + roles = ["roles/cloudkms.cryptoKeyEncrypterDecrypter", "roles/container.serviceAgent"] + }, + ] } module "gke-project-2" { source = "terraform-google-modules/project-factory/google" - version = "~> 8.0" + version = "~> 9.1.0" name = "ci-gke-${random_id.random_project_id_suffix.hex}" random_project_id = true @@ -60,12 +66,18 @@ module "gke-project-2" { "serviceusage.googleapis.com", "storage-api.googleapis.com", ] + activate_api_identities = [ + { + api = "container.googleapis.com" + roles = ["roles/cloudkms.cryptoKeyEncrypterDecrypter", "roles/container.serviceAgent"] + }, + ] } # apis as documented https://cloud.google.com/service-mesh/docs/gke-install-new-cluster#setting_up_your_project module "gke-project-asm" { source = "terraform-google-modules/project-factory/google" - version = "~> 8.0" + version = "~> 9.1.0" name = "ci-gke-asm-${random_id.random_project_id_suffix.hex}" random_project_id = true diff --git a/test/setup/versions.tf b/test/setup/versions.tf index cec9f1d44..02f0b2182 100644 --- a/test/setup/versions.tf +++ b/test/setup/versions.tf @@ -19,9 +19,9 @@ terraform { } provider "google" { - version = "3.25.0" + version = "3.42.0" } provider "google-beta" { - version = "3.32.0" + version = "3.42.0" } diff --git a/variables.tf b/variables.tf index 08beb9f7b..e197d422e 100644 --- a/variables.tf +++ b/variables.tf @@ -187,6 +187,18 @@ variable "enable_resource_consumption_export" { description = "Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export." default = true } + +variable "node_pools_taints" { + type = map(list(object({ key = string, value = string, effect = string }))) + description = "Map of lists containing node taints by node-pool name" + + # Default is being set in variables_defaults.tf + default = { + all = [] + default-node-pool = [] + } +} + variable "node_pools_tags" { type = map(list(string)) description = "Map of lists containing node network tags by node-pool name" diff --git a/variables_defaults.tf b/variables_defaults.tf index 93bf1c134..70ac8ba1c 100644 --- a/variables_defaults.tf +++ b/variables_defaults.tf @@ -40,6 +40,16 @@ locals { var.node_pools_metadata ) + node_pools_taints = merge( + { all = [] }, + { default-node-pool = [] }, + zipmap( + [for node_pool in var.node_pools : node_pool["name"]], + [for node_pool in var.node_pools : []] + ), + var.node_pools_taints + ) + node_pools_tags = merge( { all = [] }, { default-node-pool = [] },