From 8507e09b732568ef3e66a1492ea6c73835b40120 Mon Sep 17 00:00:00 2001 From: Marcus Ramberg Date: Wed, 23 Nov 2022 21:43:30 +0100 Subject: [PATCH] feat: Allow enabling cost management for safer_cluster module (#1475) --- autogen/safer-cluster/main.tf.tmpl | 3 +++ autogen/safer-cluster/variables.tf.tmpl | 6 ++++++ modules/safer-cluster-update-variant/README.md | 1 + modules/safer-cluster-update-variant/main.tf | 3 +++ modules/safer-cluster-update-variant/variables.tf | 6 ++++++ modules/safer-cluster/README.md | 1 + modules/safer-cluster/main.tf | 3 +++ modules/safer-cluster/variables.tf | 6 ++++++ 8 files changed, 29 insertions(+) diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl index ffcb63fe9..112c28739 100644 --- a/autogen/safer-cluster/main.tf.tmpl +++ b/autogen/safer-cluster/main.tf.tmpl @@ -161,6 +161,9 @@ module "gke" { // We suggest to define policies about which images can run on a cluster. enable_binary_authorization = true + // Enable cost allocation support + enable_cost_allocation = var.enable_cost_allocation + // Use of PodSecurityPolicy admission controller // https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies enable_pod_security_policy = var.enable_pod_security_policy diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl index 3a9b93148..9fd29370f 100644 --- a/autogen/safer-cluster/variables.tf.tmpl +++ b/autogen/safer-cluster/variables.tf.tmpl @@ -356,6 +356,12 @@ variable "enable_resource_consumption_export" { default = true } +variable "enable_cost_allocation" { + type = bool + description = "Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery" + default = false +} + variable "sandbox_enabled" { type = bool description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it)." diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md index b0ed55872..3a67aa66b 100644 --- a/modules/safer-cluster-update-variant/README.md +++ b/modules/safer-cluster-update-variant/README.md @@ -217,6 +217,7 @@ For simplicity, we suggest using `roles/container.admin` and | description | The description of the cluster | `string` | `""` | no | | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no | | dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | +| enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_pod\_security\_policy | enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created. | `bool` | `false` | no | diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf index 8917d8693..73a413d33 100644 --- a/modules/safer-cluster-update-variant/main.tf +++ b/modules/safer-cluster-update-variant/main.tf @@ -157,6 +157,9 @@ module "gke" { // We suggest to define policies about which images can run on a cluster. enable_binary_authorization = true + // Enable cost allocation support + enable_cost_allocation = var.enable_cost_allocation + // Use of PodSecurityPolicy admission controller // https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies enable_pod_security_policy = var.enable_pod_security_policy diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf index 1429ae685..cc53aaed6 100644 --- a/modules/safer-cluster-update-variant/variables.tf +++ b/modules/safer-cluster-update-variant/variables.tf @@ -356,6 +356,12 @@ variable "enable_resource_consumption_export" { default = true } +variable "enable_cost_allocation" { + type = bool + description = "Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery" + default = false +} + variable "sandbox_enabled" { type = bool description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it)." diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md index b0ed55872..3a67aa66b 100644 --- a/modules/safer-cluster/README.md +++ b/modules/safer-cluster/README.md @@ -217,6 +217,7 @@ For simplicity, we suggest using `roles/container.admin` and | description | The description of the cluster | `string` | `""` | no | | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no | | dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | +| enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_pod\_security\_policy | enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created. | `bool` | `false` | no | diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf index 1e5361160..e54e6e68f 100644 --- a/modules/safer-cluster/main.tf +++ b/modules/safer-cluster/main.tf @@ -157,6 +157,9 @@ module "gke" { // We suggest to define policies about which images can run on a cluster. enable_binary_authorization = true + // Enable cost allocation support + enable_cost_allocation = var.enable_cost_allocation + // Use of PodSecurityPolicy admission controller // https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies enable_pod_security_policy = var.enable_pod_security_policy diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf index 1429ae685..cc53aaed6 100644 --- a/modules/safer-cluster/variables.tf +++ b/modules/safer-cluster/variables.tf @@ -356,6 +356,12 @@ variable "enable_resource_consumption_export" { default = true } +variable "enable_cost_allocation" { + type = bool + description = "Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery" + default = false +} + variable "sandbox_enabled" { type = bool description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it)."