From d9a44c60198e2bea72aa1f36c5dbe34e59416dbf Mon Sep 17 00:00:00 2001 From: r1c0x Date: Wed, 2 Nov 2022 23:55:58 +0800 Subject: [PATCH] feat!: add boot_disk_kms_key variable for node pools to GA modules (#1371) * Add boot_disk_kms_key variable for node pools * Update README.md for boot_disk_kms_key variable * Bump min supported version of the provider since boot_disk_kms_key attribute is moving out of beta * re run build * loose match test Co-authored-by: Andrew Peabody Co-authored-by: Bharath KKB --- README.md | 1 + autogen/main/README.md | 1 + autogen/main/cluster.tf.tmpl | 4 ++-- autogen/main/versions.tf.tmpl | 4 ++-- cluster.tf | 4 ++++ modules/beta-autopilot-private-cluster/versions.tf | 2 +- modules/beta-autopilot-public-cluster/versions.tf | 2 +- modules/beta-private-cluster-update-variant/README.md | 1 + modules/beta-private-cluster-update-variant/cluster.tf | 8 ++++---- modules/beta-private-cluster-update-variant/versions.tf | 2 +- modules/beta-private-cluster/README.md | 1 + modules/beta-private-cluster/cluster.tf | 8 ++++---- modules/beta-private-cluster/versions.tf | 2 +- modules/beta-public-cluster-update-variant/README.md | 1 + modules/beta-public-cluster-update-variant/cluster.tf | 8 ++++---- modules/beta-public-cluster-update-variant/versions.tf | 2 +- modules/beta-public-cluster/README.md | 1 + modules/beta-public-cluster/cluster.tf | 8 ++++---- modules/beta-public-cluster/versions.tf | 2 +- modules/private-cluster-update-variant/README.md | 1 + modules/private-cluster-update-variant/cluster.tf | 4 ++++ modules/private-cluster-update-variant/versions.tf | 2 +- modules/private-cluster/README.md | 1 + modules/private-cluster/cluster.tf | 4 ++++ modules/private-cluster/versions.tf | 2 +- test/integration/node_pool/controls/gcloud.rb | 6 +++--- versions.tf | 2 +- 27 files changed, 52 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 6d32d470d..c3439bd59 100644 --- a/README.md +++ b/README.md @@ -246,6 +246,7 @@ The node_pools variable takes the following parameters: | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| boot_disk_kms_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. | " " | Optional | | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | diff --git a/autogen/main/README.md b/autogen/main/README.md index b66f50334..8a68f4d3b 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -186,6 +186,7 @@ The node_pools variable takes the following parameters: | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| boot_disk_kms_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. | " " | Optional | {% if beta_cluster %} | cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "static" | Optional | | cpu_cfs_quota | Enforces the Pod's CPU limit. Setting this value to false means that the CPU limits for Pods are ignored | null | Optional | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 18f16eab5..a02ae1fd0 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -747,8 +747,6 @@ resource "google_container_node_pool" "windows_pools" { } } - boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") - dynamic "kubelet_config" { for_each = length(setintersection( keys(each.value), @@ -779,6 +777,8 @@ resource "google_container_node_pool" "windows_pools" { {% endif %} {% endif %} + boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index bc988e5a7..19affd8b7 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -24,7 +24,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.29.0, < 5.0" + version = ">= 4.31.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" @@ -38,7 +38,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.29.0, < 5.0" + version = ">= 4.31.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/cluster.tf b/cluster.tf index 1cf2ed453..0fdd80ffe 100644 --- a/cluster.tf +++ b/cluster.tf @@ -425,6 +425,8 @@ resource "google_container_node_pool" "pools" { } + boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) @@ -575,6 +577,8 @@ resource "google_container_node_pool" "windows_pools" { } + boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index 8884bfa55..e44ebaa44 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.29.0, < 5.0" + version = ">= 4.31.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index 45b368cf4..575a20e9b 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.29.0, < 5.0" + version = ">= 4.31.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index bc9aa97ad..a26c2c459 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -313,6 +313,7 @@ The node_pools variable takes the following parameters: | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| boot_disk_kms_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. | " " | Optional | | cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "static" | Optional | | cpu_cfs_quota | Enforces the Pod's CPU limit. Setting this value to false means that the CPU limits for Pods are ignored | null | Optional | | cpu_cfs_quota_period | The CPU CFS quota period value, which specifies the period of how often a cgroup's access to CPU resources should be reallocated | null | Optional | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index c70604352..554b65137 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -662,8 +662,6 @@ resource "google_container_node_pool" "pools" { } } - boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") - dynamic "kubelet_config" { for_each = length(setintersection( keys(each.value), @@ -691,6 +689,8 @@ resource "google_container_node_pool" "pools" { } } + boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) @@ -867,8 +867,6 @@ resource "google_container_node_pool" "windows_pools" { } } - boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") - dynamic "kubelet_config" { for_each = length(setintersection( keys(each.value), @@ -883,6 +881,8 @@ resource "google_container_node_pool" "windows_pools" { } + boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index 26160cf07..0b97a4f84 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.29.0, < 5.0" + version = ">= 4.31.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index d82399c1f..8ddb3aaeb 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -291,6 +291,7 @@ The node_pools variable takes the following parameters: | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| boot_disk_kms_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. | " " | Optional | | cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "static" | Optional | | cpu_cfs_quota | Enforces the Pod's CPU limit. Setting this value to false means that the CPU limits for Pods are ignored | null | Optional | | cpu_cfs_quota_period | The CPU CFS quota period value, which specifies the period of how often a cgroup's access to CPU resources should be reallocated | null | Optional | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 5edc1e8d5..3831fe329 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -571,8 +571,6 @@ resource "google_container_node_pool" "pools" { } } - boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") - dynamic "kubelet_config" { for_each = length(setintersection( keys(each.value), @@ -600,6 +598,8 @@ resource "google_container_node_pool" "pools" { } } + boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) @@ -775,8 +775,6 @@ resource "google_container_node_pool" "windows_pools" { } } - boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") - dynamic "kubelet_config" { for_each = length(setintersection( keys(each.value), @@ -791,6 +789,8 @@ resource "google_container_node_pool" "windows_pools" { } + boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 8fcea78da..762a82baa 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.29.0, < 5.0" + version = ">= 4.31.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index ffb76da68..a22b51574 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -300,6 +300,7 @@ The node_pools variable takes the following parameters: | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| boot_disk_kms_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. | " " | Optional | | cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "static" | Optional | | cpu_cfs_quota | Enforces the Pod's CPU limit. Setting this value to false means that the CPU limits for Pods are ignored | null | Optional | | cpu_cfs_quota_period | The CPU CFS quota period value, which specifies the period of how often a cgroup's access to CPU resources should be reallocated | null | Optional | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index e22487af4..123f7a22f 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -643,8 +643,6 @@ resource "google_container_node_pool" "pools" { } } - boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") - dynamic "kubelet_config" { for_each = length(setintersection( keys(each.value), @@ -672,6 +670,8 @@ resource "google_container_node_pool" "pools" { } } + boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) @@ -848,8 +848,6 @@ resource "google_container_node_pool" "windows_pools" { } } - boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") - dynamic "kubelet_config" { for_each = length(setintersection( keys(each.value), @@ -864,6 +862,8 @@ resource "google_container_node_pool" "windows_pools" { } + boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index 0e947765c..31055ab44 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.29.0, < 5.0" + version = ">= 4.31.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index e72c96909..4ab1144e1 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -278,6 +278,7 @@ The node_pools variable takes the following parameters: | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| boot_disk_kms_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. | " " | Optional | | cpu_manager_policy | The CPU manager policy on the node. One of "none" or "static". | "static" | Optional | | cpu_cfs_quota | Enforces the Pod's CPU limit. Setting this value to false means that the CPU limits for Pods are ignored | null | Optional | | cpu_cfs_quota_period | The CPU CFS quota period value, which specifies the period of how often a cgroup's access to CPU resources should be reallocated | null | Optional | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 2ee282851..f1272c53c 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -552,8 +552,6 @@ resource "google_container_node_pool" "pools" { } } - boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") - dynamic "kubelet_config" { for_each = length(setintersection( keys(each.value), @@ -581,6 +579,8 @@ resource "google_container_node_pool" "pools" { } } + boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) @@ -756,8 +756,6 @@ resource "google_container_node_pool" "windows_pools" { } } - boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") - dynamic "kubelet_config" { for_each = length(setintersection( keys(each.value), @@ -772,6 +770,8 @@ resource "google_container_node_pool" "windows_pools" { } + boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index 0988470cd..001602b8d 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.29.0, < 5.0" + version = ">= 4.31.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index c4f2954f0..87cb4c188 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -280,6 +280,7 @@ The node_pools variable takes the following parameters: | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| boot_disk_kms_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. | " " | Optional | | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index f734b46ef..3292efc00 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -529,6 +529,8 @@ resource "google_container_node_pool" "pools" { } + boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) @@ -680,6 +682,8 @@ resource "google_container_node_pool" "windows_pools" { } + boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index 0c013d0b7..1dca32b38 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.29.0, < 5.0" + version = ">= 4.31.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 22858333b..eb3d174a4 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -258,6 +258,7 @@ The node_pools variable takes the following parameters: | auto_repair | Whether the nodes will be automatically repaired | true | Optional | | autoscaling | Configuration required by cluster autoscaler to adjust the size of the node pool to the current cluster usage | true | Optional | | auto_upgrade | Whether the nodes will be automatically upgraded | true (if cluster is regional) | Optional | +| boot_disk_kms_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool. This should be of the form projects/[KEY_PROJECT_ID]/locations/[LOCATION]/keyRings/[RING_NAME]/cryptoKeys/[KEY_NAME]. | " " | Optional | | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 24aacef56..abe4e9c1f 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -438,6 +438,8 @@ resource "google_container_node_pool" "pools" { } + boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) @@ -588,6 +590,8 @@ resource "google_container_node_pool" "windows_pools" { } + boot_disk_kms_key = lookup(each.value, "boot_disk_kms_key", "") + shielded_instance_config { enable_secure_boot = lookup(each.value, "enable_secure_boot", false) enable_integrity_monitoring = lookup(each.value, "enable_integrity_monitoring", true) diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index 958c20c76..7a86bcb2a 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.29.0, < 5.0" + version = ">= 4.31.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/test/integration/node_pool/controls/gcloud.rb b/test/integration/node_pool/controls/gcloud.rb index ea4e33493..66975ca14 100644 --- a/test/integration/node_pool/controls/gcloud.rb +++ b/test/integration/node_pool/controls/gcloud.rb @@ -35,12 +35,12 @@ describe "cluster-autoscaling" do it "has the expected cluster autoscaling settings" do - expect(data['autoscaling']).to eq({ - "autoprovisioningNodePoolDefaults" => { + expect(data['autoscaling']).to include({ + "autoprovisioningNodePoolDefaults" => including({ "imageType"=>"COS_CONTAINERD", "oauthScopes" => %w(https://www.googleapis.com/auth/cloud-platform), "serviceAccount" => "default" - }, + }), "autoscalingProfile" => "OPTIMIZE_UTILIZATION", "enableNodeAutoprovisioning" => true, "resourceLimits" => [ diff --git a/versions.tf b/versions.tf index a8139382d..2c93d4564 100644 --- a/versions.tf +++ b/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.29.0, < 5.0" + version = ">= 4.31.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes"