From 6bf1178e3b367a6cc5b9d22adadeb18d1569aff7 Mon Sep 17 00:00:00 2001 From: coffee coder <64681762+c0ffeec0der@users.noreply.github.com> Date: Wed, 27 May 2020 01:44:25 +0700 Subject: [PATCH] feat: Add support for KALM config (#528) --- autogen/main/cluster.tf.tmpl | 4 ++++ autogen/main/variables.tf.tmpl | 6 ++++++ autogen/main/versions.tf.tmpl | 2 +- examples/node_pool/main.tf | 2 +- examples/node_pool_update_variant_beta/main.tf | 2 +- examples/safer_cluster/main.tf | 2 +- examples/simple_regional_beta/main.tf | 2 +- examples/simple_regional_private_beta/main.tf | 2 +- examples/workload_metadata_config/main.tf | 2 +- modules/beta-private-cluster-update-variant/README.md | 1 + modules/beta-private-cluster-update-variant/cluster.tf | 4 ++++ modules/beta-private-cluster-update-variant/variables.tf | 6 ++++++ modules/beta-private-cluster-update-variant/versions.tf | 2 +- modules/beta-private-cluster/README.md | 1 + modules/beta-private-cluster/cluster.tf | 4 ++++ modules/beta-private-cluster/variables.tf | 6 ++++++ modules/beta-private-cluster/versions.tf | 2 +- modules/beta-public-cluster/README.md | 1 + modules/beta-public-cluster/cluster.tf | 4 ++++ modules/beta-public-cluster/variables.tf | 6 ++++++ modules/beta-public-cluster/versions.tf | 2 +- test/setup/versions.tf | 2 +- 22 files changed, 54 insertions(+), 11 deletions(-) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index bb0730c36..2b93e48ff 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -160,6 +160,10 @@ resource "google_container_cluster" "primary" { enabled = gce_persistent_disk_csi_driver_config.value.enabled } } + + kalm_config { + enabled = var.kalm_config + } {% endif %} } diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 784487db5..b8e65c7f4 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -423,6 +423,12 @@ variable "gce_pd_csi_driver" { default = false } +variable "kalm_config" { + type = bool + description = "(Beta) Whether KALM is enabled for this cluster." + default = false +} + variable "database_encryption" { description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key." type = list(object({ state = string, key_name = string })) diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index bd8845758..17c94fb82 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -19,7 +19,7 @@ terraform { required_providers { {% if beta_cluster %} - google-beta = ">= 3.19, <4.0.0" + google-beta = ">= 3.21.0, <4.0.0" {% else %} google = ">= 3.16, <4.0.0" {% endif %} diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index 75f41ed62..b08ac2968 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.19.0" + version = "~> 3.21.0" region = var.region } diff --git a/examples/node_pool_update_variant_beta/main.tf b/examples/node_pool_update_variant_beta/main.tf index c9e682c5b..903e1a544 100644 --- a/examples/node_pool_update_variant_beta/main.tf +++ b/examples/node_pool_update_variant_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.19.0" + version = "~> 3.21.0" credentials = file(var.credentials_path) region = var.region } diff --git a/examples/safer_cluster/main.tf b/examples/safer_cluster/main.tf index f87d38cdc..4b73a6e7b 100644 --- a/examples/safer_cluster/main.tf +++ b/examples/safer_cluster/main.tf @@ -34,7 +34,7 @@ provider "google" { } provider "google-beta" { - version = "~> 3.19.0" + version = "~> 3.21.0" } module "gke" { diff --git a/examples/simple_regional_beta/main.tf b/examples/simple_regional_beta/main.tf index 5a1e9cf77..9a4eba5af 100644 --- a/examples/simple_regional_beta/main.tf +++ b/examples/simple_regional_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.19.0" + version = "~> 3.21.0" region = var.region } diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf index 350c5db49..1676993f7 100644 --- a/examples/simple_regional_private_beta/main.tf +++ b/examples/simple_regional_private_beta/main.tf @@ -24,7 +24,7 @@ provider "google" { } provider "google-beta" { - version = "~> 3.19.0" + version = "~> 3.21.0" region = var.region } diff --git a/examples/workload_metadata_config/main.tf b/examples/workload_metadata_config/main.tf index 184b747bb..1d5346139 100644 --- a/examples/workload_metadata_config/main.tf +++ b/examples/workload_metadata_config/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.19.0" + version = "~> 3.21.0" region = var.region } diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index b1ea50285..5705cf364 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -196,6 +196,7 @@ Then perform the following commands on the root folder: | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | bool | `"false"` | no | | istio | (Beta) Enable Istio addon | string | `"false"` | no | | istio\_auth | (Beta) The authentication type between services in Istio. | string | `"AUTH_MUTUAL_TLS"` | no | +| kalm\_config | (Beta) Whether KALM is enabled for this cluster. | bool | `"false"` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | string | `"latest"` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | string | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | string | `""` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index c7c99ca60..0fd74f586 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -145,6 +145,10 @@ resource "google_container_cluster" "primary" { enabled = gce_persistent_disk_csi_driver_config.value.enabled } } + + kalm_config { + enabled = var.kalm_config + } } ip_allocation_policy { diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 250aae76c..0e42e1fac 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -416,6 +416,12 @@ variable "gce_pd_csi_driver" { default = false } +variable "kalm_config" { + type = bool + description = "(Beta) Whether KALM is enabled for this cluster." + default = false +} + variable "database_encryption" { description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key." type = list(object({ state = string, key_name = string })) diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index 66b8da61a..ea62af891 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -18,6 +18,6 @@ terraform { required_version = "~> 0.12.6" required_providers { - google-beta = ">= 3.19, <4.0.0" + google-beta = ">= 3.21.0, <4.0.0" } } diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 0ee0c42ff..acb579d64 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -174,6 +174,7 @@ Then perform the following commands on the root folder: | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | bool | `"false"` | no | | istio | (Beta) Enable Istio addon | string | `"false"` | no | | istio\_auth | (Beta) The authentication type between services in Istio. | string | `"AUTH_MUTUAL_TLS"` | no | +| kalm\_config | (Beta) Whether KALM is enabled for this cluster. | bool | `"false"` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | string | `"latest"` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | string | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | string | `""` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 953cbd920..201be0743 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -145,6 +145,10 @@ resource "google_container_cluster" "primary" { enabled = gce_persistent_disk_csi_driver_config.value.enabled } } + + kalm_config { + enabled = var.kalm_config + } } ip_allocation_policy { diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 250aae76c..0e42e1fac 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -416,6 +416,12 @@ variable "gce_pd_csi_driver" { default = false } +variable "kalm_config" { + type = bool + description = "(Beta) Whether KALM is enabled for this cluster." + default = false +} + variable "database_encryption" { description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key." type = list(object({ state = string, key_name = string })) diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 66b8da61a..ea62af891 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -18,6 +18,6 @@ terraform { required_version = "~> 0.12.6" required_providers { - google-beta = ">= 3.19, <4.0.0" + google-beta = ">= 3.21.0, <4.0.0" } } diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index b8644806c..0e576bee2 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -153,6 +153,7 @@ Then perform the following commands on the root folder: | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | bool | `"false"` | no | | istio | (Beta) Enable Istio addon | string | `"false"` | no | | istio\_auth | (Beta) The authentication type between services in Istio. | string | `"AUTH_MUTUAL_TLS"` | no | +| kalm\_config | (Beta) Whether KALM is enabled for this cluster. | bool | `"false"` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | string | `"latest"` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | string | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | string | `""` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 89c1d8054..3d09c835d 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -145,6 +145,10 @@ resource "google_container_cluster" "primary" { enabled = gce_persistent_disk_csi_driver_config.value.enabled } } + + kalm_config { + enabled = var.kalm_config + } } ip_allocation_policy { diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 65f66f403..2389adc5d 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -392,6 +392,12 @@ variable "gce_pd_csi_driver" { default = false } +variable "kalm_config" { + type = bool + description = "(Beta) Whether KALM is enabled for this cluster." + default = false +} + variable "database_encryption" { description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key." type = list(object({ state = string, key_name = string })) diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index 66b8da61a..ea62af891 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -18,6 +18,6 @@ terraform { required_version = "~> 0.12.6" required_providers { - google-beta = ">= 3.19, <4.0.0" + google-beta = ">= 3.21.0, <4.0.0" } } diff --git a/test/setup/versions.tf b/test/setup/versions.tf index 88dd402b8..365ea5d43 100644 --- a/test/setup/versions.tf +++ b/test/setup/versions.tf @@ -23,5 +23,5 @@ provider "google" { } provider "google-beta" { - version = "2.20.1" + version = "3.21.0" }