From 92284f8d52eeb6bbfcc1b7d8cd37f47fe1315b72 Mon Sep 17 00:00:00 2001 From: JeremyKeustersML6 Date: Wed, 3 Feb 2021 18:59:11 +0100 Subject: [PATCH 1/5] fix: Change default value of network_policy variable to false --- README.md | 2 +- autogen/main/variables.tf.tmpl | 2 +- modules/beta-private-cluster-update-variant/README.md | 2 +- modules/beta-private-cluster-update-variant/variables.tf | 2 +- modules/beta-private-cluster/README.md | 2 +- modules/beta-private-cluster/variables.tf | 2 +- modules/beta-public-cluster-update-variant/README.md | 2 +- modules/beta-public-cluster-update-variant/variables.tf | 2 +- modules/beta-public-cluster/README.md | 2 +- modules/beta-public-cluster/variables.tf | 2 +- modules/private-cluster-update-variant/README.md | 2 +- modules/private-cluster-update-variant/variables.tf | 2 +- modules/private-cluster/README.md | 2 +- modules/private-cluster/variables.tf | 2 +- test/integration/beta_cluster/controls/gcloud.rb | 4 +++- .../private_zonal_with_networking/controls/gcloud.rb | 4 +++- test/integration/sandbox_enabled/controls/gcloud.rb | 4 +++- test/integration/simple_regional/controls/gcloud.rb | 4 +++- test/integration/simple_regional_private/controls/gcloud.rb | 4 +++- .../simple_regional_with_kubeconfig/controls/gcloud.rb | 4 +++- .../simple_regional_with_networking/controls/gcloud.rb | 4 +++- test/integration/simple_zonal/controls/gcloud.rb | 4 +++- test/integration/simple_zonal_private/controls/gcloud.rb | 4 +++- test/integration/stub_domains/controls/gcloud.rb | 4 +++- test/integration/stub_domains_private/controls/gcloud.rb | 4 +++- .../stub_domains_upstream_nameservers/controls/gcloud.rb | 4 +++- test/integration/upstream_nameservers/controls/gcloud.rb | 4 +++- variables.tf | 2 +- 28 files changed, 54 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index 023a464a2f..f648aa5478 100644 --- a/README.md +++ b/README.md @@ -162,7 +162,7 @@ Then perform the following commands on the root folder: | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | -| network\_policy | Enable network policy addon | `bool` | `true` | no | +| network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no | diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index de571cf0b1..85679b4895 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -99,7 +99,7 @@ variable "http_load_balancing" { variable "network_policy" { type = bool description = "Enable network policy addon" - default = true + default = false } variable "network_policy_provider" { diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index c603620d8f..8bf9b6c74f 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -214,7 +214,7 @@ Then perform the following commands on the root folder: | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | -| network\_policy | Enable network policy addon | `bool` | `true` | no | +| network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no | diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 6d8d5c3eb8..edbbf49a19 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -99,7 +99,7 @@ variable "http_load_balancing" { variable "network_policy" { type = bool description = "Enable network policy addon" - default = true + default = false } variable "network_policy_provider" { diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 2e28e9d6c6..ef086aab28 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -192,7 +192,7 @@ Then perform the following commands on the root folder: | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | -| network\_policy | Enable network policy addon | `bool` | `true` | no | +| network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no | diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 6d8d5c3eb8..edbbf49a19 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -99,7 +99,7 @@ variable "http_load_balancing" { variable "network_policy" { type = bool description = "Enable network policy addon" - default = true + default = false } variable "network_policy_provider" { diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 5153a5c06d..cd874c7f28 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -203,7 +203,7 @@ Then perform the following commands on the root folder: | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | -| network\_policy | Enable network policy addon | `bool` | `true` | no | +| network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no | diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 9552c2333e..d57d09db64 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -99,7 +99,7 @@ variable "http_load_balancing" { variable "network_policy" { type = bool description = "Enable network policy addon" - default = true + default = false } variable "network_policy_provider" { diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 58b3dd1fd5..778c1bb7f1 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -181,7 +181,7 @@ Then perform the following commands on the root folder: | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | -| network\_policy | Enable network policy addon | `bool` | `true` | no | +| network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no | diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 9552c2333e..d57d09db64 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -99,7 +99,7 @@ variable "http_load_balancing" { variable "network_policy" { type = bool description = "Enable network policy addon" - default = true + default = false } variable "network_policy_provider" { diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index f43ef038eb..bfbd68c13b 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -194,7 +194,7 @@ Then perform the following commands on the root folder: | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | -| network\_policy | Enable network policy addon | `bool` | `true` | no | +| network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no | diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 15e4d81d39..e3f663e5c5 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -99,7 +99,7 @@ variable "http_load_balancing" { variable "network_policy" { type = bool description = "Enable network policy addon" - default = true + default = false } variable "network_policy_provider" { diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 0277fa9d73..a8b0c6cc46 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -172,7 +172,7 @@ Then perform the following commands on the root folder: | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | -| network\_policy | Enable network policy addon | `bool` | `true` | no | +| network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA_SERVER"` | no | diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 15e4d81d39..e3f663e5c5 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -99,7 +99,7 @@ variable "http_load_balancing" { variable "network_policy" { type = bool description = "Enable network policy addon" - default = true + default = false } variable "network_policy_provider" { diff --git a/test/integration/beta_cluster/controls/gcloud.rb b/test/integration/beta_cluster/controls/gcloud.rb index c7d67591e2..8653bc8d8a 100644 --- a/test/integration/beta_cluster/controls/gcloud.rb +++ b/test/integration/beta_cluster/controls/gcloud.rb @@ -57,7 +57,9 @@ }, "kalmConfig" => {}, "configConnectorConfig" => {}, - "networkPolicyConfig" => {}, + "networkPolicyConfig" => { + "disabled" => true, + }, "istioConfig" => {"auth"=>"AUTH_MUTUAL_TLS"}, "cloudRunConfig" => including( "loadBalancerType" => "LOAD_BALANCER_TYPE_EXTERNAL", diff --git a/test/integration/private_zonal_with_networking/controls/gcloud.rb b/test/integration/private_zonal_with_networking/controls/gcloud.rb index ef275f21ae..0f0c55dd85 100644 --- a/test/integration/private_zonal_with_networking/controls/gcloud.rb +++ b/test/integration/private_zonal_with_networking/controls/gcloud.rb @@ -63,7 +63,9 @@ "kubernetesDashboard" => { "disabled" => true, }, - "networkPolicyConfig" => {}, + "networkPolicyConfig" => { + "disabled" => true, + }, ) end end diff --git a/test/integration/sandbox_enabled/controls/gcloud.rb b/test/integration/sandbox_enabled/controls/gcloud.rb index 104c284701..6f042616a1 100644 --- a/test/integration/sandbox_enabled/controls/gcloud.rb +++ b/test/integration/sandbox_enabled/controls/gcloud.rb @@ -50,7 +50,9 @@ "kubernetesDashboard" => { "disabled" => true, }, - "networkPolicyConfig" => {}, + "networkPolicyConfig" => { + "disabled" => true, + }, ) end end diff --git a/test/integration/simple_regional/controls/gcloud.rb b/test/integration/simple_regional/controls/gcloud.rb index ba30021332..eac8fd0ee7 100644 --- a/test/integration/simple_regional/controls/gcloud.rb +++ b/test/integration/simple_regional/controls/gcloud.rb @@ -50,7 +50,9 @@ "kubernetesDashboard" => { "disabled" => true, }, - "networkPolicyConfig" => {}, + "networkPolicyConfig" => { + "disabled" => true, + }, ) end diff --git a/test/integration/simple_regional_private/controls/gcloud.rb b/test/integration/simple_regional_private/controls/gcloud.rb index 4d2c88e0b8..0c0592d847 100644 --- a/test/integration/simple_regional_private/controls/gcloud.rb +++ b/test/integration/simple_regional_private/controls/gcloud.rb @@ -58,7 +58,9 @@ "kubernetesDashboard" => { "disabled" => true, }, - "networkPolicyConfig" => {}, + "networkPolicyConfig" => { + "disabled" => true, + }, ) end end diff --git a/test/integration/simple_regional_with_kubeconfig/controls/gcloud.rb b/test/integration/simple_regional_with_kubeconfig/controls/gcloud.rb index 235f0db26f..23ab5ab602 100644 --- a/test/integration/simple_regional_with_kubeconfig/controls/gcloud.rb +++ b/test/integration/simple_regional_with_kubeconfig/controls/gcloud.rb @@ -50,7 +50,9 @@ "kubernetesDashboard" => { "disabled" => true, }, - "networkPolicyConfig" => {}, + "networkPolicyConfig" => { + "disabled" => true, + }, ) end end diff --git a/test/integration/simple_regional_with_networking/controls/gcloud.rb b/test/integration/simple_regional_with_networking/controls/gcloud.rb index bc92583e82..baaf7502ae 100644 --- a/test/integration/simple_regional_with_networking/controls/gcloud.rb +++ b/test/integration/simple_regional_with_networking/controls/gcloud.rb @@ -50,7 +50,9 @@ "kubernetesDashboard" => { "disabled" => true, }, - "networkPolicyConfig" => {}, + "networkPolicyConfig" => { + "disabled" => true, + }, ) end end diff --git a/test/integration/simple_zonal/controls/gcloud.rb b/test/integration/simple_zonal/controls/gcloud.rb index 6a39d0eb9c..a9bbbc96b7 100644 --- a/test/integration/simple_zonal/controls/gcloud.rb +++ b/test/integration/simple_zonal/controls/gcloud.rb @@ -55,7 +55,9 @@ "kubernetesDashboard" => { "disabled" => true, }, - "networkPolicyConfig" => {}, + "networkPolicyConfig" => { + "disabled" => true, + }, ) end end diff --git a/test/integration/simple_zonal_private/controls/gcloud.rb b/test/integration/simple_zonal_private/controls/gcloud.rb index 2cba223155..c42ab33748 100644 --- a/test/integration/simple_zonal_private/controls/gcloud.rb +++ b/test/integration/simple_zonal_private/controls/gcloud.rb @@ -58,7 +58,9 @@ "kubernetesDashboard" => { "disabled" => true, }, - "networkPolicyConfig" => {}, + "networkPolicyConfig" => { + "disabled" => true, + }, ) end end diff --git a/test/integration/stub_domains/controls/gcloud.rb b/test/integration/stub_domains/controls/gcloud.rb index 0730274840..8131dc371f 100644 --- a/test/integration/stub_domains/controls/gcloud.rb +++ b/test/integration/stub_domains/controls/gcloud.rb @@ -42,7 +42,9 @@ "kubernetesDashboard" => { "disabled" => true, }, - "networkPolicyConfig" => {}, + "networkPolicyConfig" => { + "disabled" => true, + }, ) end end diff --git a/test/integration/stub_domains_private/controls/gcloud.rb b/test/integration/stub_domains_private/controls/gcloud.rb index 90251e9d5c..2efafdb393 100644 --- a/test/integration/stub_domains_private/controls/gcloud.rb +++ b/test/integration/stub_domains_private/controls/gcloud.rb @@ -49,7 +49,9 @@ "kubernetesDashboard" => { "disabled" => true, }, - "networkPolicyConfig" => {}, + "networkPolicyConfig" => { + "disabled" => true, + }, ) end end diff --git a/test/integration/stub_domains_upstream_nameservers/controls/gcloud.rb b/test/integration/stub_domains_upstream_nameservers/controls/gcloud.rb index 0730274840..8131dc371f 100644 --- a/test/integration/stub_domains_upstream_nameservers/controls/gcloud.rb +++ b/test/integration/stub_domains_upstream_nameservers/controls/gcloud.rb @@ -42,7 +42,9 @@ "kubernetesDashboard" => { "disabled" => true, }, - "networkPolicyConfig" => {}, + "networkPolicyConfig" => { + "disabled" => true, + }, ) end end diff --git a/test/integration/upstream_nameservers/controls/gcloud.rb b/test/integration/upstream_nameservers/controls/gcloud.rb index 0730274840..8131dc371f 100644 --- a/test/integration/upstream_nameservers/controls/gcloud.rb +++ b/test/integration/upstream_nameservers/controls/gcloud.rb @@ -42,7 +42,9 @@ "kubernetesDashboard" => { "disabled" => true, }, - "networkPolicyConfig" => {}, + "networkPolicyConfig" => { + "disabled" => true, + }, ) end end diff --git a/variables.tf b/variables.tf index 05b1549aba..7fde5b5f98 100644 --- a/variables.tf +++ b/variables.tf @@ -99,7 +99,7 @@ variable "http_load_balancing" { variable "network_policy" { type = bool description = "Enable network policy addon" - default = true + default = false } variable "network_policy_provider" { From a7cbd48b05b205b2c6526f53680b4c46f513615c Mon Sep 17 00:00:00 2001 From: JeremyKeustersML6 Date: Wed, 3 Feb 2021 19:43:32 +0100 Subject: [PATCH 2/5] fix: Set network_policy variable to false in the README usage example --- README.md | 2 +- autogen/main/README.md | 2 +- modules/beta-private-cluster-update-variant/README.md | 2 +- modules/beta-private-cluster/README.md | 2 +- modules/beta-public-cluster-update-variant/README.md | 2 +- modules/beta-public-cluster/README.md | 2 +- modules/private-cluster-update-variant/README.md | 2 +- modules/private-cluster/README.md | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index f648aa5478..c1f392a1b8 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ module "gke" { ip_range_services = "us-central1-01-gke-01-services" http_load_balancing = false horizontal_pod_autoscaling = true - network_policy = true + network_policy = false node_pools = [ { diff --git a/autogen/main/README.md b/autogen/main/README.md index a91f352e4d..cae5c20281 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -73,7 +73,7 @@ module "gke" { ip_range_services = "us-central1-01-gke-01-services" http_load_balancing = false horizontal_pod_autoscaling = true - network_policy = true + network_policy = false {% if private_cluster %} enable_private_endpoint = true enable_private_nodes = true diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 8bf9b6c74f..d25fbc7f3d 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -68,7 +68,7 @@ module "gke" { ip_range_services = "us-central1-01-gke-01-services" http_load_balancing = false horizontal_pod_autoscaling = true - network_policy = true + network_policy = false enable_private_endpoint = true enable_private_nodes = true master_ipv4_cidr_block = "10.0.0.0/28" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index ef086aab28..f1129f00de 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -46,7 +46,7 @@ module "gke" { ip_range_services = "us-central1-01-gke-01-services" http_load_balancing = false horizontal_pod_autoscaling = true - network_policy = true + network_policy = false enable_private_endpoint = true enable_private_nodes = true master_ipv4_cidr_block = "10.0.0.0/28" diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index cd874c7f28..a57efdba1b 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -65,7 +65,7 @@ module "gke" { ip_range_services = "us-central1-01-gke-01-services" http_load_balancing = false horizontal_pod_autoscaling = true - network_policy = true + network_policy = false istio = true cloudrun = true dns_cache = false diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 778c1bb7f1..884461a29e 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -43,7 +43,7 @@ module "gke" { ip_range_services = "us-central1-01-gke-01-services" http_load_balancing = false horizontal_pod_autoscaling = true - network_policy = true + network_policy = false istio = true cloudrun = true dns_cache = false diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index bfbd68c13b..8e5f6383fb 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -68,7 +68,7 @@ module "gke" { ip_range_services = "us-central1-01-gke-01-services" http_load_balancing = false horizontal_pod_autoscaling = true - network_policy = true + network_policy = false enable_private_endpoint = true enable_private_nodes = true master_ipv4_cidr_block = "10.0.0.0/28" diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index a8b0c6cc46..f2d6c6e17e 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -46,7 +46,7 @@ module "gke" { ip_range_services = "us-central1-01-gke-01-services" http_load_balancing = false horizontal_pod_autoscaling = true - network_policy = true + network_policy = false enable_private_endpoint = true enable_private_nodes = true master_ipv4_cidr_block = "10.0.0.0/28" From 904aa5396b1d148bbd26e437502b34c2e26b7b66 Mon Sep 17 00:00:00 2001 From: JeremyKeustersML6 Date: Thu, 25 Feb 2021 23:36:01 +0100 Subject: [PATCH 3/5] Add documentation on network_policy disabled by default --- docs/upgrading_to_v14.0.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/upgrading_to_v14.0.md b/docs/upgrading_to_v14.0.md index ea0007a98f..cde572739f 100644 --- a/docs/upgrading_to_v14.0.md +++ b/docs/upgrading_to_v14.0.md @@ -17,6 +17,16 @@ The `registry_project_id` variable has been replaced with a `registry_project_id } ``` +### network_policy disabled by default +The `network_policy` variable is now `false` by default (instead of `true`). +If you want to keep using the network policy addon for your cluster, make +sure that the `network_policy` variable is set to `true`: +``` +module "gke" { + network_policy = true +} +``` + ### ASM default version changed to 1.8 [ASM submodule](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/tree/master/modules/asm) has been changed to use ASM v1.8 as default. From dd38d1d2e17ed12e2da90784b3e499ed0459bef6 Mon Sep 17 00:00:00 2001 From: JeremyKeustersML6 Date: Thu, 25 Feb 2021 23:41:06 +0100 Subject: [PATCH 4/5] Improve documentation on network_policy disabled by default --- docs/upgrading_to_v14.0.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/upgrading_to_v14.0.md b/docs/upgrading_to_v14.0.md index cde572739f..38b049c81e 100644 --- a/docs/upgrading_to_v14.0.md +++ b/docs/upgrading_to_v14.0.md @@ -21,9 +21,13 @@ The `registry_project_id` variable has been replaced with a `registry_project_id The `network_policy` variable is now `false` by default (instead of `true`). If you want to keep using the network policy addon for your cluster, make sure that the `network_policy` variable is set to `true`: -``` +```diff module "gke" { - network_policy = true + source = "terraform-google-modules/kubernetes-engine/google" +- version = "~> 13.0" ++ version = "~> 14.0" + ++ network_policy = true } ``` From ced1696dc1277a8036aa1e77a57d96a7d8fbe957 Mon Sep 17 00:00:00 2001 From: JeremyKeustersML6 Date: Fri, 26 Feb 2021 08:50:07 +0100 Subject: [PATCH 5/5] Remove trailing whitespaces --- docs/upgrading_to_v14.0.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/upgrading_to_v14.0.md b/docs/upgrading_to_v14.0.md index 38b049c81e..55b6d1ce0d 100644 --- a/docs/upgrading_to_v14.0.md +++ b/docs/upgrading_to_v14.0.md @@ -18,8 +18,8 @@ The `registry_project_id` variable has been replaced with a `registry_project_id ``` ### network_policy disabled by default -The `network_policy` variable is now `false` by default (instead of `true`). -If you want to keep using the network policy addon for your cluster, make +The `network_policy` variable is now `false` by default (instead of `true`). +If you want to keep using the network policy addon for your cluster, make sure that the `network_policy` variable is set to `true`: ```diff module "gke" {