Merge pull request #356 from bharathkkb/feature/default-enable-network-policy

Enable network_policy by default

Author: Aaron Lane

README.md

@@ -153,7 +153,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | string | `"monitoring.googleapis.com"` | no |
 | name | The name of the cluster (required) | string | n/a | yes |
 | network | The VPC network to host the cluster in (required) | string | n/a | yes |
-| network\_policy | Enable network policy addon | bool | `"false"` | no |
+| network\_policy | Enable network policy addon | bool | `"true"` | no |
 | network\_policy\_provider | The network policy provider. | string | `"CALICO"` | no |
 | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | string | `""` | no |
 | node\_pools | List of maps containing node pools | list(map(string)) | `<list>` | no |

autogen/variables.tf.tmpl

@@ -99,7 +99,7 @@ variable "http_load_balancing" {
 variable "network_policy" {
   type        = bool
   description = "Enable network policy addon"
-  default     = false
+  default     = true
 }
 
 variable "network_policy_provider" {

examples/stub_domains/main.tf

@@ -32,7 +32,6 @@ module "gke" {
   subnetwork             = var.subnetwork
   ip_range_pods          = var.ip_range_pods
   ip_range_services      = var.ip_range_services
-  network_policy         = true
   service_account        = var.compute_engine_service_account
   create_service_account = false
 

examples/stub_domains_private/main.tf

@@ -49,7 +49,6 @@ module "gke" {
 
   master_ipv4_cidr_block = "172.16.0.0/28"
 
-  network_policy         = true
   create_service_account = false
   service_account        = var.compute_engine_service_account
 

examples/stub_domains_upstream_nameservers/main.tf

@@ -32,7 +32,6 @@ module "gke" {
   subnetwork             = var.subnetwork
   ip_range_pods          = var.ip_range_pods
   ip_range_services      = var.ip_range_services
-  network_policy         = true
   create_service_account = false
   service_account        = var.compute_engine_service_account
 

examples/upstream_nameservers/main.tf

@@ -32,7 +32,6 @@ module "gke" {
   subnetwork             = var.subnetwork
   ip_range_pods          = var.ip_range_pods
   ip_range_services      = var.ip_range_services
-  network_policy         = true
   create_service_account = false
   service_account        = var.compute_engine_service_account
 

modules/beta-private-cluster-update-variant/README.md

@@ -176,7 +176,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | string | `"monitoring.googleapis.com"` | no |
 | name | The name of the cluster (required) | string | n/a | yes |
 | network | The VPC network to host the cluster in (required) | string | n/a | yes |
-| network\_policy | Enable network policy addon | bool | `"false"` | no |
+| network\_policy | Enable network policy addon | bool | `"true"` | no |
 | network\_policy\_provider | The network policy provider. | string | `"CALICO"` | no |
 | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | string | `""` | no |
 | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | string | `"SECURE"` | no |

modules/beta-private-cluster-update-variant/variables.tf

@@ -99,7 +99,7 @@ variable "http_load_balancing" {
 variable "network_policy" {
   type        = bool
   description = "Enable network policy addon"
-  default     = false
+  default     = true
 }
 
 variable "network_policy_provider" {

modules/beta-private-cluster/README.md

@@ -176,7 +176,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | string | `"monitoring.googleapis.com"` | no |
 | name | The name of the cluster (required) | string | n/a | yes |
 | network | The VPC network to host the cluster in (required) | string | n/a | yes |
-| network\_policy | Enable network policy addon | bool | `"false"` | no |
+| network\_policy | Enable network policy addon | bool | `"true"` | no |
 | network\_policy\_provider | The network policy provider. | string | `"CALICO"` | no |
 | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | string | `""` | no |
 | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | string | `"SECURE"` | no |

modules/beta-private-cluster/variables.tf

@@ -99,7 +99,7 @@ variable "http_load_balancing" {
 variable "network_policy" {
   type        = bool
   description = "Enable network policy addon"
-  default     = false
+  default     = true
 }
 
 variable "network_policy_provider" {

modules/beta-public-cluster/README.md

@@ -167,7 +167,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | string | `"monitoring.googleapis.com"` | no |
 | name | The name of the cluster (required) | string | n/a | yes |
 | network | The VPC network to host the cluster in (required) | string | n/a | yes |
-| network\_policy | Enable network policy addon | bool | `"false"` | no |
+| network\_policy | Enable network policy addon | bool | `"true"` | no |
 | network\_policy\_provider | The network policy provider. | string | `"CALICO"` | no |
 | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | string | `""` | no |
 | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | string | `"SECURE"` | no |

modules/beta-public-cluster/variables.tf

@@ -99,7 +99,7 @@ variable "http_load_balancing" {
 variable "network_policy" {
   type        = bool
   description = "Enable network policy addon"
-  default     = false
+  default     = true
 }
 
 variable "network_policy_provider" {

modules/private-cluster-update-variant/README.md

@@ -162,7 +162,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | string | `"monitoring.googleapis.com"` | no |
 | name | The name of the cluster (required) | string | n/a | yes |
 | network | The VPC network to host the cluster in (required) | string | n/a | yes |
-| network\_policy | Enable network policy addon | bool | `"false"` | no |
+| network\_policy | Enable network policy addon | bool | `"true"` | no |
 | network\_policy\_provider | The network policy provider. | string | `"CALICO"` | no |
 | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | string | `""` | no |
 | node\_pools | List of maps containing node pools | list(map(string)) | `<list>` | no |

modules/private-cluster-update-variant/variables.tf

@@ -99,7 +99,7 @@ variable "http_load_balancing" {
 variable "network_policy" {
   type        = bool
   description = "Enable network policy addon"
-  default     = false
+  default     = true
 }
 
 variable "network_policy_provider" {

modules/private-cluster/README.md

@@ -162,7 +162,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | string | `"monitoring.googleapis.com"` | no |
 | name | The name of the cluster (required) | string | n/a | yes |
 | network | The VPC network to host the cluster in (required) | string | n/a | yes |
-| network\_policy | Enable network policy addon | bool | `"false"` | no |
+| network\_policy | Enable network policy addon | bool | `"true"` | no |
 | network\_policy\_provider | The network policy provider. | string | `"CALICO"` | no |
 | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | string | `""` | no |
 | node\_pools | List of maps containing node pools | list(map(string)) | `<list>` | no |

modules/private-cluster/variables.tf

@@ -99,7 +99,7 @@ variable "http_load_balancing" {
 variable "network_policy" {
   type        = bool
   description = "Enable network policy addon"
-  default     = false
+  default     = true
 }
 
 variable "network_policy_provider" {

test/integration/private_zonal_with_networking/controls/gcloud.rb

@@ -58,9 +58,7 @@
           "kubernetesDashboard" => {
             "disabled" => true,
           },
-          "networkPolicyConfig" => {
-            "disabled" => true,
-          },
+          "networkPolicyConfig" => {},
         })
       end
     end

test/integration/sandbox_enabled/controls/gcloud.rb

@@ -50,9 +50,7 @@
           "kubernetesDashboard" => {
             "disabled" => true,
           },
-          "networkPolicyConfig" => {
-            "disabled" => true,
-          },
+          "networkPolicyConfig" => {},
         })
       end
     end

test/integration/simple_regional/controls/gcloud.rb

@@ -50,9 +50,7 @@
           "kubernetesDashboard" => {
             "disabled" => true,
           },
-          "networkPolicyConfig" => {
-            "disabled" => true,
-          },
+          "networkPolicyConfig" => {},
         })
       end
     end

test/integration/simple_regional_private/controls/gcloud.rb

@@ -54,9 +54,7 @@
           "kubernetesDashboard" => {
             "disabled" => true,
           },
-          "networkPolicyConfig" => {
-            "disabled" => true,
-          },
+          "networkPolicyConfig" => {},
         })
       end
     end

test/integration/simple_regional_with_networking/controls/gcloud.rb

@@ -50,9 +50,7 @@
           "kubernetesDashboard" => {
             "disabled" => true,
           },
-          "networkPolicyConfig" => {
-            "disabled" => true,
-          },
+          "networkPolicyConfig" => {},
         })
       end
     end

test/integration/simple_zonal/controls/gcloud.rb

@@ -55,9 +55,7 @@
           "kubernetesDashboard" => {
             "disabled" => true,
           },
-          "networkPolicyConfig" => {
-            "disabled" => true,
-          },
+          "networkPolicyConfig" => {},
         })
       end
     end

test/integration/simple_zonal_private/controls/gcloud.rb

@@ -58,9 +58,7 @@
           "kubernetesDashboard" => {
             "disabled" => true,
           },
-          "networkPolicyConfig" => {
-            "disabled" => true,
-          },
+          "networkPolicyConfig" => {},
         })
       end
     end

variables.tf

@@ -99,7 +99,7 @@ variable "http_load_balancing" {
 variable "network_policy" {
   type        = bool
   description = "Enable network policy addon"
-  default     = false
+  default     = true
 }
 
 variable "network_policy_provider" {