From e522073f24067359f8af1bd2ddc9092b594fb945 Mon Sep 17 00:00:00 2001 From: slimatic Date: Fri, 2 Jun 2023 12:59:15 -0400 Subject: [PATCH] feat(cluster.tf): add support to set initial release channel version (#1625) Co-authored-by: Andrew Peabody --- autogen/main/cluster.tf.tmpl | 2 +- cluster.tf | 2 +- .../README.md | 49 ++++++++++++ .../main.tf | 76 +++++++++++++++++++ .../outputs.tf | 35 +++++++++ .../test_outputs.tf | 1 + .../variables.tf | 54 +++++++++++++ .../versions.tf | 28 +++++++ .../beta-autopilot-private-cluster/cluster.tf | 2 +- .../beta-autopilot-public-cluster/cluster.tf | 2 +- .../cluster.tf | 2 +- modules/beta-private-cluster/cluster.tf | 2 +- .../cluster.tf | 2 +- modules/beta-public-cluster/cluster.tf | 2 +- .../private-cluster-update-variant/cluster.tf | 2 +- modules/private-cluster/cluster.tf | 2 +- test/fixtures/shared/variables.tf | 6 ++ .../example.tf | 30 ++++++++ .../network.tf | 46 +++++++++++ .../outputs.tf | 1 + .../variables.tf | 1 + 21 files changed, 337 insertions(+), 10 deletions(-) create mode 100644 examples/simple_regional_private_with_cluster_version/README.md create mode 100644 examples/simple_regional_private_with_cluster_version/main.tf create mode 100644 examples/simple_regional_private_with_cluster_version/outputs.tf create mode 120000 examples/simple_regional_private_with_cluster_version/test_outputs.tf create mode 100644 examples/simple_regional_private_with_cluster_version/variables.tf create mode 100644 examples/simple_regional_private_with_cluster_version/versions.tf create mode 100644 test/fixtures/simple_regional_private_with_cluster_version/example.tf create mode 100644 test/fixtures/simple_regional_private_with_cluster_version/network.tf create mode 120000 test/fixtures/simple_regional_private_with_cluster_version/outputs.tf create mode 120000 test/fixtures/simple_regional_private_with_cluster_version/variables.tf diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 1f645109b..d263170b1 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -83,7 +83,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version {% if beta_cluster and autopilot_cluster != true %} dynamic "cluster_telemetry" { diff --git a/cluster.tf b/cluster.tf index 694bc2eb0..a6f45f0a3 100644 --- a/cluster.tf +++ b/cluster.tf @@ -69,7 +69,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version # only one of logging/monitoring_service or logging/monitoring_config can be specified logging_service = local.logmon_config_is_set ? null : var.logging_service diff --git a/examples/simple_regional_private_with_cluster_version/README.md b/examples/simple_regional_private_with_cluster_version/README.md new file mode 100644 index 000000000..160fc74a4 --- /dev/null +++ b/examples/simple_regional_private_with_cluster_version/README.md @@ -0,0 +1,49 @@ +# Simple Regional Cluster + +This example illustrates how to create a simple private cluster with beta features. + +[^]: (autogen_docs_start) + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| cloudrun | Boolean to enable / disable CloudRun | string | `"true"` | no | +| cluster\_name\_suffix | A suffix to append to the default cluster name | string | `""` | no | +| compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | string | n/a | yes | +| credentials\_path | The path to the GCP credentials JSON file | string | n/a | yes | +| ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes | +| ip\_range\_services | The secondary ip range to use for pods | string | n/a | yes | +| istio | Boolean to enable / disable Istio | string | `"true"` | no | +| network | The VPC network to host the cluster in | string | n/a | yes | +| project\_id | The project ID to host the cluster in | string | n/a | yes | +| region | The region to host the cluster in | string | n/a | yes | +| subnetwork | The subnetwork to host the cluster in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| ca\_certificate | | +| client\_token | | +| cluster\_name | Cluster name | +| credentials\_path | | +| ip\_range\_pods | The secondary IP range used for pods | +| ip\_range\_services | The secondary IP range used for services | +| kubernetes\_endpoint | | +| location | | +| master\_kubernetes\_version | The master Kubernetes version | +| network | | +| project\_id | | +| region | | +| service\_account | The service account to default running nodes as if not overridden in `node_pools`. | +| subnetwork | | +| zones | List of zones in which the cluster resides | + +[^]: (autogen_docs_end) + +To provision this example, run the following from within this directory: +- `terraform init` to get the plugins +- `terraform plan` to see the infrastructure plan +- `terraform apply` to apply the infrastructure build +- `terraform destroy` to destroy the built infrastructure diff --git a/examples/simple_regional_private_with_cluster_version/main.tf b/examples/simple_regional_private_with_cluster_version/main.tf new file mode 100644 index 000000000..87b415afb --- /dev/null +++ b/examples/simple_regional_private_with_cluster_version/main.tf @@ -0,0 +1,76 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + cluster_type = "simple-regional-private" +} + +data "google_client_config" "default" {} + +provider "kubernetes" { + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + +data "google_compute_subnetwork" "subnetwork" { + name = var.subnetwork + project = var.project_id + region = var.region +} + +module "gke" { + source = "../../modules/private-cluster/" + project_id = var.project_id + name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" + regional = true + region = var.region + network = var.network + kubernetes_version = var.kubernetes_version + subnetwork = var.subnetwork + ip_range_pods = var.ip_range_pods + ip_range_services = var.ip_range_services + create_service_account = false + service_account = var.compute_engine_service_account + enable_private_endpoint = true + enable_private_nodes = true + master_ipv4_cidr_block = "172.16.0.0/28" + default_max_pods_per_node = 20 + remove_default_node_pool = true + + node_pools = [ + { + name = "pool-01" + min_count = 1 + max_count = 100 + local_ssd_count = 0 + disk_size_gb = 100 + disk_type = "pd-standard" + auto_repair = true + auto_upgrade = true + service_account = var.compute_engine_service_account + preemptible = false + max_pods_per_node = 12 + }, + ] + + master_authorized_networks = [ + { + cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range + display_name = "VPC" + }, + ] +} diff --git a/examples/simple_regional_private_with_cluster_version/outputs.tf b/examples/simple_regional_private_with_cluster_version/outputs.tf new file mode 100644 index 000000000..01a13147c --- /dev/null +++ b/examples/simple_regional_private_with_cluster_version/outputs.tf @@ -0,0 +1,35 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "kubernetes_endpoint" { + sensitive = true + value = module.gke.endpoint +} + +output "client_token" { + sensitive = true + value = base64encode(data.google_client_config.default.access_token) +} + +output "ca_certificate" { + value = module.gke.ca_certificate +} + +output "service_account" { + description = "The default service account used for running nodes." + value = module.gke.service_account +} + diff --git a/examples/simple_regional_private_with_cluster_version/test_outputs.tf b/examples/simple_regional_private_with_cluster_version/test_outputs.tf new file mode 120000 index 000000000..17b34213b --- /dev/null +++ b/examples/simple_regional_private_with_cluster_version/test_outputs.tf @@ -0,0 +1 @@ +../../test/fixtures/all_examples/test_outputs.tf \ No newline at end of file diff --git a/examples/simple_regional_private_with_cluster_version/variables.tf b/examples/simple_regional_private_with_cluster_version/variables.tf new file mode 100644 index 000000000..5bc992dd4 --- /dev/null +++ b/examples/simple_regional_private_with_cluster_version/variables.tf @@ -0,0 +1,54 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the cluster in" +} + +variable "cluster_name_suffix" { + description = "A suffix to append to the default cluster name" + default = "" +} + +variable "region" { + description = "The region to host the cluster in" +} + +variable "network" { + description = "The VPC network to host the cluster in" +} + +variable "subnetwork" { + description = "The subnetwork to host the cluster in" +} + +variable "ip_range_pods" { + description = "The secondary ip range to use for pods" +} + +variable "ip_range_services" { + description = "The secondary ip range to use for services" +} + +variable "compute_engine_service_account" { + description = "Service account to associate to the nodes in the cluster" +} + +variable "kubernetes_version" { + type = string + description = "The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region." + default = "latest" +} diff --git a/examples/simple_regional_private_with_cluster_version/versions.tf b/examples/simple_regional_private_with_cluster_version/versions.tf new file mode 100644 index 000000000..e8fbb1aad --- /dev/null +++ b/examples/simple_regional_private_with_cluster_version/versions.tf @@ -0,0 +1,28 @@ +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_providers { + google = { + source = "hashicorp/google" + version = "~> 4.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + } + } + required_version = ">= 0.13" +} diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 9d40a5aa5..a4432a658 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -67,7 +67,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version cluster_autoscaling { dynamic "auto_provisioning_defaults" { diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index e6d4920b4..84c48a673 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -67,7 +67,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version cluster_autoscaling { dynamic "auto_provisioning_defaults" { diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 926b3a523..7f75a953d 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -75,7 +75,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version dynamic "cluster_telemetry" { for_each = local.cluster_telemetry_type_is_set ? [1] : [] diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index fc2d22d5e..63cbe46e9 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -75,7 +75,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version dynamic "cluster_telemetry" { for_each = local.cluster_telemetry_type_is_set ? [1] : [] diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 2a7b1be0b..98738a3cf 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -75,7 +75,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version dynamic "cluster_telemetry" { for_each = local.cluster_telemetry_type_is_set ? [1] : [] diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index e5d70fef2..754747b79 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -75,7 +75,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version dynamic "cluster_telemetry" { for_each = local.cluster_telemetry_type_is_set ? [1] : [] diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index adfea3660..d54761c18 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -69,7 +69,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version # only one of logging/monitoring_service or logging/monitoring_config can be specified logging_service = local.logmon_config_is_set ? null : var.logging_service diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index ae67d7d40..22cceeb2f 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -69,7 +69,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version # only one of logging/monitoring_service or logging/monitoring_config can be specified logging_service = local.logmon_config_is_set ? null : var.logging_service diff --git a/test/fixtures/shared/variables.tf b/test/fixtures/shared/variables.tf index 446535154..8cf5823b2 100644 --- a/test/fixtures/shared/variables.tf +++ b/test/fixtures/shared/variables.tf @@ -39,3 +39,9 @@ variable "registry_project_ids" { description = "Projects to use for granting access to GCR registries, if requested" type = list(string) } + +variable "kubernetes_version" { + type = string + description = "The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region." + default = "latest" +} diff --git a/test/fixtures/simple_regional_private_with_cluster_version/example.tf b/test/fixtures/simple_regional_private_with_cluster_version/example.tf new file mode 100644 index 000000000..85c8b88b9 --- /dev/null +++ b/test/fixtures/simple_regional_private_with_cluster_version/example.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "example" { + source = "../../../examples/simple_regional_private_with_cluster_version" + + project_id = var.project_ids[1] + cluster_name_suffix = "-${random_string.suffix.result}" + kubernetes_version = var.kubernetes_version + region = var.region + network = google_compute_network.main.name + subnetwork = google_compute_subnetwork.main.name + ip_range_pods = google_compute_subnetwork.main.secondary_ip_range[0].range_name + ip_range_services = google_compute_subnetwork.main.secondary_ip_range[1].range_name + compute_engine_service_account = var.compute_engine_service_accounts[1] +} + diff --git a/test/fixtures/simple_regional_private_with_cluster_version/network.tf b/test/fixtures/simple_regional_private_with_cluster_version/network.tf new file mode 100644 index 000000000..8d643281e --- /dev/null +++ b/test/fixtures/simple_regional_private_with_cluster_version/network.tf @@ -0,0 +1,46 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +resource "random_string" "suffix" { + length = 4 + special = false + upper = false +} + +resource "google_compute_network" "main" { + project = var.project_ids[1] + name = "cft-gke-test-${random_string.suffix.result}" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "main" { + project = var.project_ids[1] + name = "cft-gke-test-${random_string.suffix.result}" + ip_cidr_range = "10.0.0.0/17" + region = var.region + network = google_compute_network.main.self_link + + secondary_ip_range { + range_name = "cft-gke-test-pods-${random_string.suffix.result}" + ip_cidr_range = "192.168.0.0/18" + } + + secondary_ip_range { + range_name = "cft-gke-test-services-${random_string.suffix.result}" + ip_cidr_range = "192.168.64.0/18" + } +} + diff --git a/test/fixtures/simple_regional_private_with_cluster_version/outputs.tf b/test/fixtures/simple_regional_private_with_cluster_version/outputs.tf new file mode 120000 index 000000000..726bdc722 --- /dev/null +++ b/test/fixtures/simple_regional_private_with_cluster_version/outputs.tf @@ -0,0 +1 @@ +../shared/outputs.tf \ No newline at end of file diff --git a/test/fixtures/simple_regional_private_with_cluster_version/variables.tf b/test/fixtures/simple_regional_private_with_cluster_version/variables.tf new file mode 120000 index 000000000..c113c00a3 --- /dev/null +++ b/test/fixtures/simple_regional_private_with_cluster_version/variables.tf @@ -0,0 +1 @@ +../shared/variables.tf \ No newline at end of file