fix: add node_pool_taints to all the modules

Author: marko7460

README.md

@@ -140,6 +140,7 @@ Then perform the following commands on the root folder:
 | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `<map>` | no |
 | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `<map>` | no |
 | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `<map>` | no |
+| node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `<map>` | no |
 | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `<list>` | no |
 | project\_id | The project ID to host the cluster in (required) | string | n/a | yes |
 | region | The region to host the cluster in (optional if zonal cluster / required if regional) | string | `"null"` | no |

autogen/main/cluster.tf.tmpl

@@ -458,7 +458,6 @@ resource "google_container_node_pool" "pools" {
         "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints
       },
     )
-    {% if beta_cluster %}
     dynamic "taint" {
       for_each = concat(
         local.node_pools_taints["all"],
@@ -470,7 +469,6 @@ resource "google_container_node_pool" "pools" {
         value  = taint.value.value
       }
     }
-    {% endif %}
     tags = concat(
       lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [],
       lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-${each.value["name"]}"] : [],

autogen/main/variables.tf.tmpl

@@ -227,6 +227,7 @@ variable "cluster_autoscaling" {
   }
   description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
 }
+{% endif %}
 
 variable "node_pools_taints" {
   type        = map(list(object({ key = string, value = string, effect = string })))
@@ -239,7 +240,6 @@ variable "node_pools_taints" {
   }
 }
 
-{% endif %}
 variable "node_pools_tags" {
   type        = map(list(string))
   description = "Map of lists containing node network tags by node-pool name"

autogen/main/variables_defaults.tf

@@ -40,7 +40,6 @@ locals {
     var.node_pools_metadata
   )
 
-{% if beta_cluster %}
   node_pools_taints = merge(
     { all = [] },
     { default-node-pool = [] },
@@ -51,7 +50,6 @@ locals {
     var.node_pools_taints
   )
 
-{% endif %}
   node_pools_tags = merge(
     { all = [] },
     { default-node-pool = [] },

cluster.tf

@@ -198,6 +198,17 @@ resource "google_container_node_pool" "pools" {
         "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints
       },
     )
+    dynamic "taint" {
+      for_each = concat(
+        local.node_pools_taints["all"],
+        local.node_pools_taints[each.value["name"]],
+      )
+      content {
+        effect = taint.value.effect
+        key    = taint.value.key
+        value  = taint.value.value
+      }
+    }
     tags = concat(
       lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [],
       lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-${each.value["name"]}"] : [],

modules/private-cluster-update-variant/README.md

@@ -172,6 +172,7 @@ Then perform the following commands on the root folder:
 | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `<map>` | no |
 | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `<map>` | no |
 | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `<map>` | no |
+| node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `<map>` | no |
 | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `<list>` | no |
 | project\_id | The project ID to host the cluster in (required) | string | n/a | yes |
 | region | The region to host the cluster in (optional if zonal cluster / required if regional) | string | `"null"` | no |

modules/private-cluster-update-variant/cluster.tf

@@ -283,6 +283,17 @@ resource "google_container_node_pool" "pools" {
         "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints
       },
     )
+    dynamic "taint" {
+      for_each = concat(
+        local.node_pools_taints["all"],
+        local.node_pools_taints[each.value["name"]],
+      )
+      content {
+        effect = taint.value.effect
+        key    = taint.value.key
+        value  = taint.value.value
+      }
+    }
     tags = concat(
       lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [],
       lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-${each.value["name"]}"] : [],

modules/private-cluster-update-variant/variables.tf

@@ -187,6 +187,18 @@ variable "enable_resource_consumption_export" {
   description = "Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export."
   default     = true
 }
+
+variable "node_pools_taints" {
+  type        = map(list(object({ key = string, value = string, effect = string })))
+  description = "Map of lists containing node taints by node-pool name"
+
+  # Default is being set in variables_defaults.tf
+  default = {
+    all               = []
+    default-node-pool = []
+  }
+}
+
 variable "node_pools_tags" {
   type        = map(list(string))
   description = "Map of lists containing node network tags by node-pool name"

modules/private-cluster-update-variant/variables_defaults.tf

@@ -40,6 +40,16 @@ locals {
     var.node_pools_metadata
   )
 
+  node_pools_taints = merge(
+    { all = [] },
+    { default-node-pool = [] },
+    zipmap(
+      [for node_pool in var.node_pools : node_pool["name"]],
+      [for node_pool in var.node_pools : []]
+    ),
+    var.node_pools_taints
+  )
+
   node_pools_tags = merge(
     { all = [] },
     { default-node-pool = [] },

modules/private-cluster/README.md

@@ -150,6 +150,7 @@ Then perform the following commands on the root folder:
 | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `<map>` | no |
 | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `<map>` | no |
 | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `<map>` | no |
+| node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `<map>` | no |
 | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `<list>` | no |
 | project\_id | The project ID to host the cluster in (required) | string | n/a | yes |
 | region | The region to host the cluster in (optional if zonal cluster / required if regional) | string | `"null"` | no |

modules/private-cluster/cluster.tf

@@ -211,6 +211,17 @@ resource "google_container_node_pool" "pools" {
         "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints
       },
     )
+    dynamic "taint" {
+      for_each = concat(
+        local.node_pools_taints["all"],
+        local.node_pools_taints[each.value["name"]],
+      )
+      content {
+        effect = taint.value.effect
+        key    = taint.value.key
+        value  = taint.value.value
+      }
+    }
     tags = concat(
       lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [],
       lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-${each.value["name"]}"] : [],

modules/private-cluster/variables.tf

@@ -187,6 +187,18 @@ variable "enable_resource_consumption_export" {
   description = "Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export."
   default     = true
 }
+
+variable "node_pools_taints" {
+  type        = map(list(object({ key = string, value = string, effect = string })))
+  description = "Map of lists containing node taints by node-pool name"
+
+  # Default is being set in variables_defaults.tf
+  default = {
+    all               = []
+    default-node-pool = []
+  }
+}
+
 variable "node_pools_tags" {
   type        = map(list(string))
   description = "Map of lists containing node network tags by node-pool name"

modules/private-cluster/variables_defaults.tf

@@ -40,6 +40,16 @@ locals {
     var.node_pools_metadata
   )
 
+  node_pools_taints = merge(
+    { all = [] },
+    { default-node-pool = [] },
+    zipmap(
+      [for node_pool in var.node_pools : node_pool["name"]],
+      [for node_pool in var.node_pools : []]
+    ),
+    var.node_pools_taints
+  )
+
   node_pools_tags = merge(
     { all = [] },
     { default-node-pool = [] },

test/setup/main.tf

@@ -20,7 +20,7 @@ resource "random_id" "random_project_id_suffix" {
 
 module "gke-project-1" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 8.0"
+  version = "~> 9.1.0"
 
   name                 = "ci-gke-${random_id.random_project_id_suffix.hex}"
   random_project_id    = true
@@ -35,15 +35,22 @@ module "gke-project-1" {
     "cloudkms.googleapis.com",
     "cloudresourcemanager.googleapis.com",
     "container.googleapis.com",
+    "compute.googleapis.com",
     "pubsub.googleapis.com",
     "serviceusage.googleapis.com",
     "storage-api.googleapis.com",
   ]
+  activate_api_identities = [
+    {
+      api   = "container.googleapis.com"
+      roles = ["roles/cloudkms.cryptoKeyEncrypterDecrypter"]
+    },
+  ]
 }
 
 module "gke-project-2" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 8.0"
+  version = "~> 9.1.0"
 
   name                 = "ci-gke-${random_id.random_project_id_suffix.hex}"
   random_project_id    = true
@@ -56,16 +63,23 @@ module "gke-project-2" {
     "cloudkms.googleapis.com",
     "cloudresourcemanager.googleapis.com",
     "container.googleapis.com",
+    "compute.googleapis.com",
     "pubsub.googleapis.com",
     "serviceusage.googleapis.com",
     "storage-api.googleapis.com",
   ]
+  activate_api_identities = [
+    {
+      api   = "container.googleapis.com"
+      roles = ["roles/cloudkms.cryptoKeyEncrypterDecrypter"]
+    },
+  ]
 }
 
 # apis as documented https://cloud.google.com/service-mesh/docs/gke-install-new-cluster#setting_up_your_project
 module "gke-project-asm" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 8.0"
+  version = "~> 9.1.0"
 
   name                 = "ci-gke-asm-${random_id.random_project_id_suffix.hex}"
   random_project_id    = true

test/setup/versions.tf

@@ -19,9 +19,9 @@ terraform {
 }
 
 provider "google" {
-  version = "3.25.0"
+  version = "3.42.0"
 }
 
 provider "google-beta" {
-  version = "3.32.0"
+  version = "3.42.0"
 }

variables.tf

@@ -187,6 +187,18 @@ variable "enable_resource_consumption_export" {
   description = "Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export."
   default     = true
 }
+
+variable "node_pools_taints" {
+  type        = map(list(object({ key = string, value = string, effect = string })))
+  description = "Map of lists containing node taints by node-pool name"
+
+  # Default is being set in variables_defaults.tf
+  default = {
+    all               = []
+    default-node-pool = []
+  }
+}
+
 variable "node_pools_tags" {
   type        = map(list(string))
   description = "Map of lists containing node network tags by node-pool name"

variables_defaults.tf

@@ -40,6 +40,16 @@ locals {
     var.node_pools_metadata
   )
 
+  node_pools_taints = merge(
+    { all = [] },
+    { default-node-pool = [] },
+    zipmap(
+      [for node_pool in var.node_pools : node_pool["name"]],
+      [for node_pool in var.node_pools : []]
+    ),
+    var.node_pools_taints
+  )
+
   node_pools_tags = merge(
     { all = [] },
     { default-node-pool = [] },