diff --git a/README.md b/README.md index 7f2eb5e5f2..21305a653f 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,16 @@ intended for Terraform 0.11.x is [3.0.0]. There are multiple examples included in the [examples](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/examples) folder but simple usage is as follows: ```hcl +# google_client_config and kubernetes provider must be explicitly specified like the following. +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "terraform-google-modules/kubernetes-engine/google" project_id = "" diff --git a/auth.tf b/auth.tf index be384e3dd1..c91464b365 100644 --- a/auth.tf +++ b/auth.tf @@ -22,13 +22,3 @@ data "google_client_config" "default" { provider = google } - -/****************************************** - Configure provider - *****************************************/ -provider "kubernetes" { - load_config_file = false - host = "https://${local.cluster_endpoint}" - token = data.google_client_config.default.access_token - cluster_ca_certificate = base64decode(local.cluster_ca_certificate) -} diff --git a/autogen/main/README.md b/autogen/main/README.md index a63121ae28..a91f352e4d 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -51,6 +51,16 @@ intended for Terraform 0.11.x is [3.0.0]. There are multiple examples included in the [examples](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/examples) folder but simple usage is as follows: ```hcl +# google_client_config and kubernetes provider must be explicitly specified like the following. +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "terraform-google-modules/kubernetes-engine/google{{ module_path }}" project_id = "" diff --git a/autogen/main/auth.tf.tmpl b/autogen/main/auth.tf.tmpl index a23689bb7b..41a3e0b862 100644 --- a/autogen/main/auth.tf.tmpl +++ b/autogen/main/auth.tf.tmpl @@ -26,13 +26,3 @@ data "google_client_config" "default" { provider = google {% endif %} } - -/****************************************** - Configure provider - *****************************************/ -provider "kubernetes" { - load_config_file = false - host = "https://${local.cluster_endpoint}" - token = data.google_client_config.default.access_token - cluster_ca_certificate = base64decode(local.cluster_ca_certificate) -} diff --git a/autogen/safer-cluster/outputs.tf.tmpl b/autogen/safer-cluster/outputs.tf.tmpl index 8a1a29b77d..1b5dd628ce 100644 --- a/autogen/safer-cluster/outputs.tf.tmpl +++ b/autogen/safer-cluster/outputs.tf.tmpl @@ -45,15 +45,6 @@ output "endpoint" { sensitive = true description = "Cluster endpoint" value = module.gke.endpoint - depends_on = [ - /* Nominally, the endpoint is populated as soon as it is known to Terraform. - * However, the cluster may not be in a usable state yet. Therefore any - * resources dependent on the cluster being up will fail to deploy. With - * this explicit dependency, dependent resources can wait for the cluster - * to be up. - */ - module.gke - ] } output "min_master_version" { diff --git a/docs/upgrading_to_v13.0.md b/docs/upgrading_to_v13.0.md new file mode 100644 index 0000000000..dd8dd9d439 --- /dev/null +++ b/docs/upgrading_to_v13.0.md @@ -0,0 +1,30 @@ +# Upgrading to v13.0 + +The v13.0 release of *kubernetes-engine* is a backwards incompatible +release. + +### `kubernetes` provider removed from the module + +- `kubernetes` provider has been removed across all modules/submodules and need to be specified in the calling module. + +To leverage Terraform v0.13 features such as custom variable validation and using `count`, `for_each` or `depends_on` in modules, +it is [required](https://www.terraform.io/docs/modules/providers.html#legacy-shared-modules-with-provider-configurations) that +a module does not contain any nested provider configuration and receives all of its provider configurations from the calling +module. This release adapts to this requirement. + +```diff ++ data "google_client_config" "default" {} + ++ provider "kubernetes" { ++ load_config_file = false ++ host = "https://${module.gke.endpoint}" ++ token = data.google_client_config.default.access_token ++ cluster_ca_certificate = base64decode(module.gke.ca_certificate) ++ } + + module "gke" { + source = "terraform-google-modules/kubernetes-engine/google" +- version = "~> 12.0" ++ version = "~> 13.0" +} +``` diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf index 3bf6ed2739..2d3df6336a 100644 --- a/examples/deploy_service/main.tf +++ b/examples/deploy_service/main.tf @@ -23,16 +23,15 @@ provider "google" { region = var.region } +data "google_client_config" "default" {} + provider "kubernetes" { load_config_file = false - host = module.gke.endpoint + host = "https://${module.gke.endpoint}" token = data.google_client_config.default.access_token cluster_ca_certificate = base64decode(module.gke.ca_certificate) } -data "google_client_config" "default" { -} - module "gke" { source = "../../" project_id = var.project_id diff --git a/examples/disable_client_cert/main.tf b/examples/disable_client_cert/main.tf index 3615bf3f6b..75866afe5f 100644 --- a/examples/disable_client_cert/main.tf +++ b/examples/disable_client_cert/main.tf @@ -23,6 +23,15 @@ provider "google" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "../../" @@ -38,6 +47,3 @@ module "gke" { service_account = var.compute_engine_service_account issue_client_certificate = false } - -data "google_client_config" "default" { -} diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index 0dce9d78db..4609f2e472 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -23,6 +23,15 @@ provider "google-beta" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "../../modules/beta-public-cluster/" project_id = var.project_id @@ -113,6 +122,3 @@ module "gke" { ] } } - -data "google_client_config" "default" { -} diff --git a/examples/node_pool_update_variant/main.tf b/examples/node_pool_update_variant/main.tf index e36dc1a681..a41f3f5d8b 100644 --- a/examples/node_pool_update_variant/main.tf +++ b/examples/node_pool_update_variant/main.tf @@ -29,6 +29,15 @@ data "google_compute_subnetwork" "subnetwork" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "../../modules/private-cluster-update-variant" project_id = var.project_id @@ -110,6 +119,3 @@ module "gke" { pool-02 = [] } } - -data "google_client_config" "default" { -} diff --git a/examples/node_pool_update_variant_beta/main.tf b/examples/node_pool_update_variant_beta/main.tf index 39256b738e..258ddd53e0 100644 --- a/examples/node_pool_update_variant_beta/main.tf +++ b/examples/node_pool_update_variant_beta/main.tf @@ -30,6 +30,15 @@ data "google_compute_subnetwork" "subnetwork" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "../../modules/beta-private-cluster-update-variant" project_id = var.project_id @@ -129,6 +138,3 @@ module "gke" { pool-02 = [] } } - -data "google_client_config" "default" { -} diff --git a/examples/node_pool_update_variant_public_beta/main.tf b/examples/node_pool_update_variant_public_beta/main.tf index 8d20481e0e..7d26a6fb2b 100644 --- a/examples/node_pool_update_variant_public_beta/main.tf +++ b/examples/node_pool_update_variant_public_beta/main.tf @@ -30,6 +30,15 @@ data "google_compute_subnetwork" "subnetwork" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "../../modules/beta-public-cluster-update-variant" project_id = var.project_id @@ -125,6 +134,3 @@ module "gke" { pool-02 = [] } } - -data "google_client_config" "default" { -} diff --git a/examples/private_zonal_with_networking/main.tf b/examples/private_zonal_with_networking/main.tf index ec003f9ae0..1d87c43ee9 100644 --- a/examples/private_zonal_with_networking/main.tf +++ b/examples/private_zonal_with_networking/main.tf @@ -14,6 +14,15 @@ * limitations under the License. */ +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gcp-network" { source = "terraform-google-modules/network/google" version = "~> 2.5" @@ -74,6 +83,3 @@ module "gke" { }, ] } - -data "google_client_config" "default" { -} diff --git a/examples/regional_private_node_pool_oauth_scopes/provider.tf b/examples/regional_private_node_pool_oauth_scopes/provider.tf index 4afb1e7ef3..03701036df 100644 --- a/examples/regional_private_node_pool_oauth_scopes/provider.tf +++ b/examples/regional_private_node_pool_oauth_scopes/provider.tf @@ -21,3 +21,12 @@ provider "google" { provider "google-beta" { version = "~> 3.42.0" } + +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} diff --git a/examples/safer_cluster/main.tf b/examples/safer_cluster/main.tf index 07668dfd14..2361b8d12a 100644 --- a/examples/safer_cluster/main.tf +++ b/examples/safer_cluster/main.tf @@ -37,6 +37,15 @@ provider "google-beta" { version = "~> 3.42.0" } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "../../modules/safer-cluster/" project_id = var.project_id @@ -65,9 +74,6 @@ module "gke" { notification_config_topic = google_pubsub_topic.updates.id } -data "google_client_config" "default" { -} - resource "google_pubsub_topic" "updates" { name = "cluster-updates-${random_string.suffix.result}" project = var.project_id diff --git a/examples/safer_cluster_iap_bastion/provider.tf b/examples/safer_cluster_iap_bastion/provider.tf index 4c2b042d09..7f653efbc3 100644 --- a/examples/safer_cluster_iap_bastion/provider.tf +++ b/examples/safer_cluster_iap_bastion/provider.tf @@ -21,3 +21,12 @@ provider "google" { provider "google-beta" { version = "~> 3.42.0" } + +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf index a4ecdc28e6..0b308def71 100644 --- a/examples/shared_vpc/main.tf +++ b/examples/shared_vpc/main.tf @@ -23,6 +23,15 @@ provider "google" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "../../" project_id = var.project_id @@ -38,6 +47,3 @@ module "gke" { add_cluster_firewall_rules = true firewall_inbound_ports = ["9443", "15017"] } - -data "google_client_config" "default" { -} diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf index 7c05ceba94..55f05cdb86 100644 --- a/examples/simple_regional/main.tf +++ b/examples/simple_regional/main.tf @@ -23,6 +23,15 @@ provider "google" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "../../" project_id = var.project_id @@ -38,6 +47,3 @@ module "gke" { enable_binary_authorization = var.enable_binary_authorization skip_provisioners = var.skip_provisioners } - -data "google_client_config" "default" { -} diff --git a/examples/simple_regional_beta/main.tf b/examples/simple_regional_beta/main.tf index 94d394b39a..284ec25bff 100644 --- a/examples/simple_regional_beta/main.tf +++ b/examples/simple_regional_beta/main.tf @@ -23,6 +23,15 @@ provider "google-beta" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "../../modules/beta-public-cluster/" project_id = var.project_id @@ -52,6 +61,3 @@ module "gke" { identity_namespace = null node_metadata = "UNSPECIFIED" } - -data "google_client_config" "default" { -} diff --git a/examples/simple_regional_private/main.tf b/examples/simple_regional_private/main.tf index af484b1812..3da9ee2108 100644 --- a/examples/simple_regional_private/main.tf +++ b/examples/simple_regional_private/main.tf @@ -23,6 +23,15 @@ provider "google" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + data "google_compute_subnetwork" "subnetwork" { name = var.subnetwork project = var.project_id @@ -71,6 +80,3 @@ module "gke" { }, ] } - -data "google_client_config" "default" { -} diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf index 42a8eb40e6..84dd4e9048 100644 --- a/examples/simple_regional_private_beta/main.tf +++ b/examples/simple_regional_private_beta/main.tf @@ -28,6 +28,15 @@ provider "google-beta" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + data "google_compute_subnetwork" "subnetwork" { name = var.subnetwork project = var.project_id @@ -61,6 +70,3 @@ module "gke" { dns_cache = var.dns_cache gce_pd_csi_driver = var.gce_pd_csi_driver } - -data "google_client_config" "default" { -} diff --git a/examples/simple_regional_with_kubeconfig/main.tf b/examples/simple_regional_with_kubeconfig/main.tf index 5db7eb266d..edff6d9fc6 100644 --- a/examples/simple_regional_with_kubeconfig/main.tf +++ b/examples/simple_regional_with_kubeconfig/main.tf @@ -23,6 +23,15 @@ provider "google" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "../../" project_id = var.project_id diff --git a/examples/simple_regional_with_networking/main.tf b/examples/simple_regional_with_networking/main.tf index 57ccefa32a..a776747b9a 100644 --- a/examples/simple_regional_with_networking/main.tf +++ b/examples/simple_regional_with_networking/main.tf @@ -18,6 +18,15 @@ provider "google" { version = "~> 3.42.0" } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gcp-network" { source = "terraform-google-modules/network/google" version = "~> 2.5" @@ -58,6 +67,3 @@ module "gke" { ip_range_services = var.ip_range_services_name create_service_account = true } - -data "google_client_config" "default" { -} diff --git a/examples/simple_zonal_private/main.tf b/examples/simple_zonal_private/main.tf index f6e468083f..c94cbef0e7 100644 --- a/examples/simple_zonal_private/main.tf +++ b/examples/simple_zonal_private/main.tf @@ -23,6 +23,15 @@ provider "google" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + data "google_compute_subnetwork" "subnetwork" { name = var.subnetwork project = var.project_id @@ -53,6 +62,3 @@ module "gke" { }, ] } - -data "google_client_config" "default" { -} diff --git a/examples/simple_zonal_with_acm/main.tf b/examples/simple_zonal_with_acm/main.tf index 42b12ee939..9833941cab 100644 --- a/examples/simple_zonal_with_acm/main.tf +++ b/examples/simple_zonal_with_acm/main.tf @@ -23,6 +23,15 @@ provider "google" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "../../" project_id = var.project_id @@ -46,6 +55,3 @@ module "gke" { }, ] } - -data "google_client_config" "default" { -} diff --git a/examples/simple_zonal_with_asm/main.tf b/examples/simple_zonal_with_asm/main.tf index a07b312f55..3d4cc4e2a5 100644 --- a/examples/simple_zonal_with_asm/main.tf +++ b/examples/simple_zonal_with_asm/main.tf @@ -28,6 +28,15 @@ provider "google" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + data "google_project" "project" { project_id = var.project_id } @@ -65,6 +74,3 @@ module "asm" { project_id = var.project_id location = module.gke.location } - -data "google_client_config" "default" { -} diff --git a/examples/simple_zonal_with_hub/main.tf b/examples/simple_zonal_with_hub/main.tf index 9da21f9f1e..f6fc589c8c 100644 --- a/examples/simple_zonal_with_hub/main.tf +++ b/examples/simple_zonal_with_hub/main.tf @@ -23,6 +23,15 @@ provider "google" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "../../" project_id = var.project_id @@ -36,6 +45,3 @@ module "gke" { ip_range_services = var.ip_range_services service_account = "create" } - -data "google_client_config" "default" { -} diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf index 9dce470f3b..1c1f38e296 100644 --- a/examples/stub_domains/main.tf +++ b/examples/stub_domains/main.tf @@ -23,6 +23,15 @@ provider "google" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "../../" project_id = var.project_id @@ -48,6 +57,3 @@ module "gke" { ] } } - -data "google_client_config" "default" { -} diff --git a/examples/stub_domains_private/main.tf b/examples/stub_domains_private/main.tf index cde258cddf..0bf9192482 100644 --- a/examples/stub_domains_private/main.tf +++ b/examples/stub_domains_private/main.tf @@ -19,6 +19,15 @@ provider "google" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + data "google_compute_subnetwork" "subnetwork" { name = var.subnetwork project = var.project_id @@ -63,6 +72,3 @@ module "gke" { ] } } - -data "google_client_config" "default" { -} diff --git a/examples/stub_domains_upstream_nameservers/main.tf b/examples/stub_domains_upstream_nameservers/main.tf index 6e14173471..d0fe627a22 100644 --- a/examples/stub_domains_upstream_nameservers/main.tf +++ b/examples/stub_domains_upstream_nameservers/main.tf @@ -23,6 +23,15 @@ provider "google" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "../../" project_id = var.project_id @@ -50,6 +59,3 @@ module "gke" { upstream_nameservers = ["8.8.8.8", "8.8.4.4"] } - -data "google_client_config" "default" { -} diff --git a/examples/upstream_nameservers/main.tf b/examples/upstream_nameservers/main.tf index b77dc4c23b..6dfd02afee 100644 --- a/examples/upstream_nameservers/main.tf +++ b/examples/upstream_nameservers/main.tf @@ -23,6 +23,15 @@ provider "google" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "../../" project_id = var.project_id @@ -38,6 +47,3 @@ module "gke" { configure_ip_masq = true upstream_nameservers = ["8.8.8.8", "8.8.4.4"] } - -data "google_client_config" "default" { -} diff --git a/examples/workload_identity/main.tf b/examples/workload_identity/main.tf index a2168fb68b..274a630338 100644 --- a/examples/workload_identity/main.tf +++ b/examples/workload_identity/main.tf @@ -23,11 +23,13 @@ provider "google" { region = var.region } +data "google_client_config" "default" {} + provider "kubernetes" { - host = module.gke.endpoint + load_config_file = false + host = "https://${module.gke.endpoint}" token = data.google_client_config.default.access_token cluster_ca_certificate = base64decode(module.gke.ca_certificate) - load_config_file = false } module "gke" { @@ -82,6 +84,3 @@ module "workload_identity_existing_ksa" { use_existing_k8s_sa = true k8s_sa_name = kubernetes_service_account.test.metadata.0.name } - -data "google_client_config" "default" { -} diff --git a/examples/workload_metadata_config/main.tf b/examples/workload_metadata_config/main.tf index df979482a6..d1b35d8e71 100644 --- a/examples/workload_metadata_config/main.tf +++ b/examples/workload_metadata_config/main.tf @@ -23,6 +23,15 @@ provider "google-beta" { region = var.region } +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + data "google_compute_subnetwork" "subnetwork" { name = var.subnetwork project = var.project_id @@ -55,6 +64,3 @@ module "gke" { }, ] } - -data "google_client_config" "default" { -} diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index b18367f9c0..13803c0622 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -46,6 +46,16 @@ intended for Terraform 0.11.x is [3.0.0]. There are multiple examples included in the [examples](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/examples) folder but simple usage is as follows: ```hcl +# google_client_config and kubernetes provider must be explicitly specified like the following. +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster-update-variant" project_id = "" diff --git a/modules/beta-private-cluster-update-variant/auth.tf b/modules/beta-private-cluster-update-variant/auth.tf index 0fe8d5a8db..8e582145f7 100644 --- a/modules/beta-private-cluster-update-variant/auth.tf +++ b/modules/beta-private-cluster-update-variant/auth.tf @@ -22,13 +22,3 @@ data "google_client_config" "default" { provider = google-beta } - -/****************************************** - Configure provider - *****************************************/ -provider "kubernetes" { - load_config_file = false - host = "https://${local.cluster_endpoint}" - token = data.google_client_config.default.access_token - cluster_ca_certificate = base64decode(local.cluster_ca_certificate) -} diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 9f3ee076e9..658020166d 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -24,6 +24,16 @@ intended for Terraform 0.11.x is [3.0.0]. There are multiple examples included in the [examples](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/examples) folder but simple usage is as follows: ```hcl +# google_client_config and kubernetes provider must be explicitly specified like the following. +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster" project_id = "" diff --git a/modules/beta-private-cluster/auth.tf b/modules/beta-private-cluster/auth.tf index 0fe8d5a8db..8e582145f7 100644 --- a/modules/beta-private-cluster/auth.tf +++ b/modules/beta-private-cluster/auth.tf @@ -22,13 +22,3 @@ data "google_client_config" "default" { provider = google-beta } - -/****************************************** - Configure provider - *****************************************/ -provider "kubernetes" { - load_config_file = false - host = "https://${local.cluster_endpoint}" - token = data.google_client_config.default.access_token - cluster_ca_certificate = base64decode(local.cluster_ca_certificate) -} diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 2e9d119b42..12e5098287 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -43,6 +43,16 @@ intended for Terraform 0.11.x is [3.0.0]. There are multiple examples included in the [examples](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/examples) folder but simple usage is as follows: ```hcl +# google_client_config and kubernetes provider must be explicitly specified like the following. +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster-update-variant" project_id = "" diff --git a/modules/beta-public-cluster-update-variant/auth.tf b/modules/beta-public-cluster-update-variant/auth.tf index 0fe8d5a8db..8e582145f7 100644 --- a/modules/beta-public-cluster-update-variant/auth.tf +++ b/modules/beta-public-cluster-update-variant/auth.tf @@ -22,13 +22,3 @@ data "google_client_config" "default" { provider = google-beta } - -/****************************************** - Configure provider - *****************************************/ -provider "kubernetes" { - load_config_file = false - host = "https://${local.cluster_endpoint}" - token = data.google_client_config.default.access_token - cluster_ca_certificate = base64decode(local.cluster_ca_certificate) -} diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 929d320da9..5d820ffbb0 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -21,6 +21,16 @@ intended for Terraform 0.11.x is [3.0.0]. There are multiple examples included in the [examples](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/examples) folder but simple usage is as follows: ```hcl +# google_client_config and kubernetes provider must be explicitly specified like the following. +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster" project_id = "" diff --git a/modules/beta-public-cluster/auth.tf b/modules/beta-public-cluster/auth.tf index 0fe8d5a8db..8e582145f7 100644 --- a/modules/beta-public-cluster/auth.tf +++ b/modules/beta-public-cluster/auth.tf @@ -22,13 +22,3 @@ data "google_client_config" "default" { provider = google-beta } - -/****************************************** - Configure provider - *****************************************/ -provider "kubernetes" { - load_config_file = false - host = "https://${local.cluster_endpoint}" - token = data.google_client_config.default.access_token - cluster_ca_certificate = base64decode(local.cluster_ca_certificate) -} diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 11b1a54165..354ee00d93 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -46,6 +46,16 @@ intended for Terraform 0.11.x is [3.0.0]. There are multiple examples included in the [examples](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/examples) folder but simple usage is as follows: ```hcl +# google_client_config and kubernetes provider must be explicitly specified like the following. +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster-update-variant" project_id = "" diff --git a/modules/private-cluster-update-variant/auth.tf b/modules/private-cluster-update-variant/auth.tf index be384e3dd1..c91464b365 100644 --- a/modules/private-cluster-update-variant/auth.tf +++ b/modules/private-cluster-update-variant/auth.tf @@ -22,13 +22,3 @@ data "google_client_config" "default" { provider = google } - -/****************************************** - Configure provider - *****************************************/ -provider "kubernetes" { - load_config_file = false - host = "https://${local.cluster_endpoint}" - token = data.google_client_config.default.access_token - cluster_ca_certificate = base64decode(local.cluster_ca_certificate) -} diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 3df2b16648..05ccadfeab 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -24,6 +24,16 @@ intended for Terraform 0.11.x is [3.0.0]. There are multiple examples included in the [examples](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/examples) folder but simple usage is as follows: ```hcl +# google_client_config and kubernetes provider must be explicitly specified like the following. +data "google_client_config" "default" {} + +provider "kubernetes" { + load_config_file = false + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" project_id = "" diff --git a/modules/private-cluster/auth.tf b/modules/private-cluster/auth.tf index be384e3dd1..c91464b365 100644 --- a/modules/private-cluster/auth.tf +++ b/modules/private-cluster/auth.tf @@ -22,13 +22,3 @@ data "google_client_config" "default" { provider = google } - -/****************************************** - Configure provider - *****************************************/ -provider "kubernetes" { - load_config_file = false - host = "https://${local.cluster_endpoint}" - token = data.google_client_config.default.access_token - cluster_ca_certificate = base64decode(local.cluster_ca_certificate) -} diff --git a/modules/safer-cluster-update-variant/outputs.tf b/modules/safer-cluster-update-variant/outputs.tf index c24ed94c42..c915cf1e91 100644 --- a/modules/safer-cluster-update-variant/outputs.tf +++ b/modules/safer-cluster-update-variant/outputs.tf @@ -45,15 +45,6 @@ output "endpoint" { sensitive = true description = "Cluster endpoint" value = module.gke.endpoint - depends_on = [ - /* Nominally, the endpoint is populated as soon as it is known to Terraform. - * However, the cluster may not be in a usable state yet. Therefore any - * resources dependent on the cluster being up will fail to deploy. With - * this explicit dependency, dependent resources can wait for the cluster - * to be up. - */ - module.gke - ] } output "min_master_version" { diff --git a/modules/safer-cluster/outputs.tf b/modules/safer-cluster/outputs.tf index c24ed94c42..c915cf1e91 100644 --- a/modules/safer-cluster/outputs.tf +++ b/modules/safer-cluster/outputs.tf @@ -45,15 +45,6 @@ output "endpoint" { sensitive = true description = "Cluster endpoint" value = module.gke.endpoint - depends_on = [ - /* Nominally, the endpoint is populated as soon as it is known to Terraform. - * However, the cluster may not be in a usable state yet. Therefore any - * resources dependent on the cluster being up will fail to deploy. With - * this explicit dependency, dependent resources can wait for the cluster - * to be up. - */ - module.gke - ] } output "min_master_version" {