Merge branch 'master' into issues/93/cluster_autoscaling

Author: Aaron Lane

.kitchen.yml

@@ -45,6 +45,13 @@ suites:
       systems:
         - name: shared_vpc
           backend: local
+  - name: "safer_cluster"
+    driver:
+      root_module_directory: test/fixtures/safer_cluster
+    verifier:
+      systems:
+        - name: safer_cluster
+          backend: local
   - name: "simple_regional"
     driver:
       root_module_directory: test/fixtures/simple_regional

CHANGELOG.md

@@ -14,8 +14,30 @@ Extending the adopted spec, each change should have a link to its corresponding
 * Support for setting node_locations on node pools. [#303]
 * Fix for specifying  `node_count` on node pools when autoscaling is disabled. [#311]
 * Added submodule for installing Anthos Config Management. [#268]
-* Support for `local_ssd_count` in node pool configuration. [#244]
+* Support for `local_ssd_count` in node pool configuration. [#339]
 * Wait for cluster to be ready before returning endpoint. [#340]
+* `safer-cluster` submodule. [#315]
+* `simple_regional_with_networking` example. [#195]
+* `release_channel` variable for beta submodules. [#271]
+* The `node_locations` attribute to the `node_pools` object for beta submodules. [#290]
+* `private_zonal_with_nteworking` example. [#308]
+* `regional_private_node_pool_oauth_scopes` example. [#321]
+
+### Changed
+
+* The `node_pool_labels`, `node_pool_tags`, and `node_pool_taints` variables have defaults and can be overridden within the 
+  `node_pools` object. [#3]
+* `upstream_nameservers` variable is typed as a list of strings. [#350]
+
+### Removed
+
+* **Breaking**: Removed support for enabling the Kubernetes dashboard, as this is deprecated on GKE. [#337]
+* **Beaking**: Removed support for versions of the Google provider and the Google Beta provider older than 2.18. [#261]
+
+### Fixed
+
+* `identity_namespace` output depends on the `google_container_cluster.primary` resource. [#301]
+* Idempotency of the beta submodules. [#326]
 
 ## [v5.1.1] - 2019-10-25
 
@@ -213,7 +235,8 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 
 * Initial release of module.
 
-[Unreleased]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.1.1...HEAD
+[Unreleased]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.2.0...HEAD
+[v5.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.1.1...v5.2.0
 [v5.1.1]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.1.0...v5.1.1
 [v5.1.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.0.0...v5.1.0
 [v5.0.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v4.1.0...v5.0.0
@@ -230,16 +253,27 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [v0.3.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.2.0...v0.3.0
 [v0.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.1.0...v0.2.0
 
+[#350]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/350
 [#340]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/340
-[#268]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/268
+[#339]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/339
+[#337]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/337
+[#326]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/326
+[#321]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/321
+[#315]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/315
 [#311]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/311
+[#308]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/308
 [#303]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/303
+[#301]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/301
 [#300]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/300
+[#290]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/290
 [#286]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/286
 [#285]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/285
 [#284]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/284
 [#282]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/282
 [#273]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/273
+[#271]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/271
+[#268]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/268
+[#261]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/261
 [#258]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/258
 [#256]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/256
 [#248]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/248
@@ -248,7 +282,6 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [#238]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/238
 [#241]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/241
 [#250]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/250
-[#244]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/244
 [#236]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/236
 [#217]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/217
 [#234]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/234
@@ -260,6 +293,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [#203]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/203
 [#198]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/198
 [#197]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/197
+[#195]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/195
 [#193]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/193
 [#188]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/188
 [#187]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/187
@@ -307,6 +341,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [#15]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/15
 [#10]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/10
 [#9]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/9
+[#3]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/3
 
 [upgrading-to-v2.0]: docs/upgrading_to_v2.0.md
 [upgrading-to-v3.0]: docs/upgrading_to_v3.0.md

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.4.6
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

README.md

@@ -34,7 +34,6 @@ module "gke" {
   ip_range_services          = "us-central1-01-gke-01-services"
   http_load_balancing        = false
   horizontal_pod_autoscaling = true
-  kubernetes_dashboard       = true
   network_policy             = true
 
   node_pools = [
@@ -147,7 +146,6 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | ip\_range\_pods | The _name_ of the secondary subnet ip range to use for pods | string | n/a | yes |
 | ip\_range\_services | The _name_ of the secondary subnet range to use for services | string | n/a | yes |
 | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | bool | `"false"` | no |
-| kubernetes\_dashboard | Enable kubernetes dashboard addon | bool | `"false"` | no |
 | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | string | `"latest"` | no |
 | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | string | `"logging.googleapis.com"` | no |
 | maintenance\_start\_time | Time window specified for daily maintenance operations in RFC3339 format | string | `"05:00"` | no |
@@ -174,7 +172,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | bool | `"false"` | no |
 | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `<map>` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes |
-| upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | list | `<list>` | no |
+| upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | list(string) | `<list>` | no |
 | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | list(string) | `<list>` | no |
 
 ## Outputs
@@ -185,7 +183,6 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | endpoint | Cluster endpoint |
 | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled |
 | http\_load\_balancing\_enabled | Whether http load balancing enabled |
-| kubernetes\_dashboard\_enabled | Whether kubernetes dashboard enabled |
 | location | Cluster location (region if regional cluster, zone if zonal cluster) |
 | logging\_service | Logging service used |
 | master\_authorized\_networks\_config | Networks from which access to master is permitted |

autogen/README.md

@@ -39,7 +39,6 @@ module "gke" {
   ip_range_services          = "us-central1-01-gke-01-services"
   http_load_balancing        = false
   horizontal_pod_autoscaling = true
-  kubernetes_dashboard       = true
   network_policy             = true
   {% if private_cluster %}
   enable_private_endpoint    = true

autogen/cluster.tf.tmpl

@@ -131,10 +131,6 @@ resource "google_container_cluster" "primary" {
       disabled = ! var.horizontal_pod_autoscaling
     }
 
-    kubernetes_dashboard {
-      disabled = ! var.kubernetes_dashboard
-    }
-
     network_policy_config {
       disabled = ! var.network_policy
     }
@@ -264,10 +260,10 @@ resource "random_id" "name" {
       labels = join(",",
         sort(
           concat(
-            keys(var.node_pools_labels["all"]),
-            values(var.node_pools_labels["all"]),
-            keys(var.node_pools_labels[var.node_pools[count.index]["name"]]),
-            values(var.node_pools_labels[var.node_pools[count.index]["name"]])
+            keys(local.node_pools_labels["all"]),
+            values(local.node_pools_labels["all"]),
+            keys(local.node_pools_labels[var.node_pools[count.index]["name"]]),
+            values(local.node_pools_labels[var.node_pools[count.index]["name"]])
           )
         )
       )
@@ -276,10 +272,10 @@ resource "random_id" "name" {
       metadata = join(",",
         sort(
           concat(
-            keys(var.node_pools_metadata["all"]),
-            values(var.node_pools_metadata["all"]),
-            keys(var.node_pools_metadata[var.node_pools[count.index]["name"]]),
-            values(var.node_pools_metadata[var.node_pools[count.index]["name"]])
+            keys(local.node_pools_metadata["all"]),
+            values(local.node_pools_metadata["all"]),
+            keys(local.node_pools_metadata[var.node_pools[count.index]["name"]]),
+            values(local.node_pools_metadata[var.node_pools[count.index]["name"]])
           )
         )
       )
@@ -288,8 +284,8 @@ resource "random_id" "name" {
       oauth_scopes = join(",",
         sort(
           concat(
-            var.node_pools_oauth_scopes["all"],
-            var.node_pools_oauth_scopes[var.node_pools[count.index]["name"]]
+            local.node_pools_oauth_scopes["all"],
+            local.node_pools_oauth_scopes[var.node_pools[count.index]["name"]]
           )
         )
       )
@@ -298,8 +294,8 @@ resource "random_id" "name" {
       tags = join(",",
         sort(
           concat(
-            var.node_pools_tags["all"],
-            var.node_pools_tags[var.node_pools[count.index]["name"]]
+            local.node_pools_tags["all"],
+            local.node_pools_tags[var.node_pools[count.index]["name"]]
           )
         )
       )
@@ -326,7 +322,9 @@ resource "google_container_node_pool" "pools" {
   // use node_locations if provided, defaults to cluster level node_locations if not specified
   node_locations = lookup(var.node_pools[count.index], "node_locations", "") != "" ? split(",", var.node_pools[count.index]["node_locations"]) : null
   {% endif %}
-  cluster  = google_container_cluster.primary.name
+
+  cluster = google_container_cluster.primary.name
+
   version = lookup(var.node_pools[count.index], "auto_upgrade", false) ? "" : lookup(
     var.node_pools[count.index],
     "version",
@@ -362,25 +360,25 @@ resource "google_container_node_pool" "pools" {
     image_type   = lookup(var.node_pools[count.index], "image_type", "COS")
     machine_type = lookup(var.node_pools[count.index], "machine_type", "n1-standard-2")
     labels = merge(
-      lookup(lookup(var.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {},
-      lookup(lookup(var.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = var.node_pools[count.index]["name"] } : {},
-      var.node_pools_labels["all"],
-      var.node_pools_labels[var.node_pools[count.index]["name"]],
+      lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {},
+      lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = var.node_pools[count.index]["name"] } : {},
+      local.node_pools_labels["all"],
+      local.node_pools_labels[var.node_pools[count.index]["name"]],
     )
     metadata = merge(
-      lookup(lookup(var.node_pools_metadata, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {},
-      lookup(lookup(var.node_pools_metadata, "default_values", {}), "node_pool", true) ? { "node_pool" = var.node_pools[count.index]["name"] } : {},
-      var.node_pools_metadata["all"],
-      var.node_pools_metadata[var.node_pools[count.index]["name"]],
+      lookup(lookup(local.node_pools_metadata, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {},
+      lookup(lookup(local.node_pools_metadata, "default_values", {}), "node_pool", true) ? { "node_pool" = var.node_pools[count.index]["name"] } : {},
+      local.node_pools_metadata["all"],
+      local.node_pools_metadata[var.node_pools[count.index]["name"]],
       {
         "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints
       },
     )
     {% if beta_cluster %}
     dynamic "taint" {
       for_each = concat(
-        var.node_pools_taints["all"],
-        var.node_pools_taints[var.node_pools[count.index]["name"]],
+        local.node_pools_taints["all"],
+        local.node_pools_taints[var.node_pools[count.index]["name"]],
       )
       content {
         effect = taint.value.effect
@@ -390,10 +388,10 @@ resource "google_container_node_pool" "pools" {
     }
     {% endif %}
     tags = concat(
-      lookup(var.node_pools_tags, "default_values", [true, true])[0] ? ["gke-${var.name}"] : [],
-      lookup(var.node_pools_tags, "default_values", [true, true])[1] ? ["gke-${var.name}-${var.node_pools[count.index]["name"]}"] : [],
-      var.node_pools_tags["all"],
-      var.node_pools_tags[var.node_pools[count.index]["name"]],
+      lookup(local.node_pools_tags, "default_values", [true, true])[0] ? ["gke-${var.name}"] : [],
+      lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["gke-${var.name}-${var.node_pools[count.index]["name"]}"] : [],
+      local.node_pools_tags["all"],
+      local.node_pools_tags[var.node_pools[count.index]["name"]],
     )
 
     local_ssd_count = lookup(var.node_pools[count.index], "local_ssd_count", 0)
@@ -408,8 +406,8 @@ resource "google_container_node_pool" "pools" {
     preemptible = lookup(var.node_pools[count.index], "preemptible", false)
 
     oauth_scopes = concat(
-      var.node_pools_oauth_scopes["all"],
-      var.node_pools_oauth_scopes[var.node_pools[count.index]["name"]],
+      local.node_pools_oauth_scopes["all"],
+      local.node_pools_oauth_scopes[var.node_pools[count.index]["name"]],
     )
 
     guest_accelerator = [
@@ -443,6 +441,7 @@ resource "google_container_node_pool" "pools" {
 
   lifecycle {
     ignore_changes = [initial_node_count]
+
     {% if update_variant %}
     create_before_destroy = true
     {% endif %}

autogen/main.tf.tmpl

@@ -116,7 +116,6 @@ locals {
   cluster_output_network_policy_enabled             = google_container_cluster.primary.addons_config.0.network_policy_config.0.disabled
   cluster_output_http_load_balancing_enabled        = google_container_cluster.primary.addons_config.0.http_load_balancing.0.disabled
   cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config.0.horizontal_pod_autoscaling.0.disabled
-  cluster_output_kubernetes_dashboard_enabled       = google_container_cluster.primary.addons_config.0.kubernetes_dashboard.0.disabled
 
 {% if beta_cluster %}
   # BETA features
@@ -150,15 +149,15 @@ locals {
   cluster_network_policy_enabled             = ! local.cluster_output_network_policy_enabled
   cluster_http_load_balancing_enabled        = ! local.cluster_output_http_load_balancing_enabled
   cluster_horizontal_pod_autoscaling_enabled = ! local.cluster_output_horizontal_pod_autoscaling_enabled
-  cluster_kubernetes_dashboard_enabled       = ! local.cluster_output_kubernetes_dashboard_enabled
 {% if beta_cluster %}
   # BETA features
   cluster_istio_enabled                    = ! local.cluster_output_istio_disabled
   cluster_cloudrun_enabled                 = var.cloudrun
   cluster_pod_security_policy_enabled      = local.cluster_output_pod_security_policy_enabled
   cluster_intranode_visibility_enabled     = local.cluster_output_intranode_visbility_enabled
   cluster_vertical_pod_autoscaling_enabled = local.cluster_output_vertical_pod_autoscaling_enabled
-  cluster_workload_identity_config         = var.identity_namespace == "" ? [] : [{
+
+  cluster_workload_identity_config = var.identity_namespace == "" ? [] : [{
     identity_namespace = var.identity_namespace
   }]
   # /BETA features

autogen/outputs.tf.tmpl

@@ -104,11 +104,6 @@ output "horizontal_pod_autoscaling_enabled" {
   value       = local.cluster_horizontal_pod_autoscaling_enabled
 }
 
-output "kubernetes_dashboard_enabled" {
-  description = "Whether kubernetes dashboard enabled"
-  value       = local.cluster_kubernetes_dashboard_enabled
-}
-
 output "node_pools_names" {
   description = "List of node pools names"
   value       = local.cluster_node_pools_names