Merge pull request #248 from ingwarr/master

morgante · web-flow · commit 6dae1f32473d · 2019-09-12T07:56:22.000-07:00
Enabling metadata-concealment by default
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,9 +11,9 @@ Extending the adopted spec, each change should have a link to its corresponding
 ### Changed
 
 * All Beta functionality removed from non-beta clusters, some properties like node_pool taints available only in beta cluster now [#228]
+* **Breaking**: Enabled metadata-concealment by default [#248]
 
 ### Added
-
 * Added support for resource usage export config [#238]
 * Added `sandbox_enabled` variable to use GKE Sandbox [#241]
 * Added `grant_registry_access` variable to grant Container Registry access to created SA [#236]
@@ -178,6 +178,7 @@ Extending the adopted spec, each change should have a link to its corresponding
 [v0.3.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.2.0...v0.3.0
 [v0.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.1.0...v0.2.0
 
+[#248]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/248
 [#228]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/228
 [#238]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/238
 [#241]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/241
diff --git a/autogen/variables.tf b/autogen/variables.tf
@@ -376,7 +376,8 @@ variable "resource_usage_export_dataset_id" {
 
 variable "node_metadata" {
   description = "Specifies how node metadata is exposed to the workload running on the node"
-  default     = "UNSPECIFIED"
+  default     = "SECURE"
+  type        = string
 }
 
 variable "sandbox_enabled" {
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
@@ -177,7 +177,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | network\_policy | Enable network policy addon | bool | `"false"` | no |
 | network\_policy\_provider | The network policy provider. | string | `"CALICO"` | no |
 | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | string | `""` | no |
-| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | string | `"UNSPECIFIED"` | no |
+| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | string | `"SECURE"` | no |
 | node\_pools | List of maps containing node pools | list(map(string)) | `<list>` | no |
 | node\_pools\_labels | Map of maps containing node labels by node-pool name | map(map(string)) | `<map>` | no |
 | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `<map>` | no |
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
@@ -371,7 +371,8 @@ variable "resource_usage_export_dataset_id" {
 
 variable "node_metadata" {
   description = "Specifies how node metadata is exposed to the workload running on the node"
-  default     = "UNSPECIFIED"
+  default     = "SECURE"
+  type        = string
 }
 
 variable "sandbox_enabled" {
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
@@ -168,7 +168,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | network\_policy | Enable network policy addon | bool | `"false"` | no |
 | network\_policy\_provider | The network policy provider. | string | `"CALICO"` | no |
 | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | string | `""` | no |
-| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | string | `"UNSPECIFIED"` | no |
+| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | string | `"SECURE"` | no |
 | node\_pools | List of maps containing node pools | list(map(string)) | `<list>` | no |
 | node\_pools\_labels | Map of maps containing node labels by node-pool name | map(map(string)) | `<map>` | no |
 | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `<map>` | no |
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
@@ -347,7 +347,8 @@ variable "resource_usage_export_dataset_id" {
 
 variable "node_metadata" {
   description = "Specifies how node metadata is exposed to the workload running on the node"
-  default     = "UNSPECIFIED"
+  default     = "SECURE"
+  type        = string
 }
 
 variable "sandbox_enabled" {

Original file line number	Diff line number	Diff line change
`@@ -376,7 +376,8 @@ variable "resource_usage_export_dataset_id" {`
`376`	`376`
`377`	`377`	`variable "node_metadata" {`
`378`	`378`	`description = "Specifies how node metadata is exposed to the workload running on the node"`
`379`		`- default = "UNSPECIFIED"`
	`379`	`+ default = "SECURE"`
	`380`	`+ type = string`
`380`	`381`	`}`
`381`	`382`
`382`	`383`	`variable "sandbox_enabled" {`
Original file line number	Diff line number	Diff line change
`@@ -371,7 +371,8 @@ variable "resource_usage_export_dataset_id" {`
`371`	`371`
`372`	`372`	`variable "node_metadata" {`
`373`	`373`	`description = "Specifies how node metadata is exposed to the workload running on the node"`
`374`		`- default = "UNSPECIFIED"`
	`374`	`+ default = "SECURE"`
	`375`	`+ type = string`
`375`	`376`	`}`
`376`	`377`
`377`	`378`	`variable "sandbox_enabled" {`
Original file line number	Diff line number	Diff line change
`@@ -347,7 +347,8 @@ variable "resource_usage_export_dataset_id" {`
`347`	`347`
`348`	`348`	`variable "node_metadata" {`
`349`	`349`	`description = "Specifies how node metadata is exposed to the workload running on the node"`
`350`		`- default = "UNSPECIFIED"`
	`350`	`+ default = "SECURE"`
	`351`	`+ type = string`
`351`	`352`	`}`
`352`	`353`
`353`	`354`	`variable "sandbox_enabled" {`