Merge branch 'master' into fix/180

Author: Aaron Lane

.kitchen.yml

@@ -45,6 +45,13 @@ suites:
       systems:
         - name: shared_vpc
           backend: local
+  - name: "safer_cluster"
+    driver:
+      root_module_directory: test/fixtures/safer_cluster
+    verifier:
+      systems:
+        - name: safer_cluster
+          backend: local
   - name: "simple_regional"
     driver:
       root_module_directory: test/fixtures/simple_regional

CHANGELOG.md

@@ -14,8 +14,31 @@ Extending the adopted spec, each change should have a link to its corresponding
 * Support for setting node_locations on node pools. [#303]
 * Fix for specifying  `node_count` on node pools when autoscaling is disabled. [#311]
 * Added submodule for installing Anthos Config Management. [#268]
-* Support for `local_ssd_count` in node pool configuration. [#244]
+* Support for `local_ssd_count` in node pool configuration. [#339]
 * Wait for cluster to be ready before returning endpoint. [#340]
+* `safer-cluster` submodule. [#315]
+* `simple_regional_with_networking` example. [#195]
+* `release_channel` variable for beta submodules. [#271]
+* The `node_locations` attribute to the `node_pools` object for beta submodules. [#290]
+* `private_zonal_with_networking` example. [#308]
+* `regional_private_node_pool_oauth_scopes` example. [#321]
+* The `cluster_autoscaling` variable for beta submodules. [#93]
+
+### Changed
+
+* The `node_pool_labels`, `node_pool_tags`, and `node_pool_taints` variables have defaults and can be overridden within the
+  `node_pools` object. [#3]
+* `upstream_nameservers` variable is typed as a list of strings. [#350]
+
+### Removed
+
+* **Breaking**: Removed support for enabling the Kubernetes dashboard, as this is deprecated on GKE. [#337]
+* **Beaking**: Removed support for versions of the Google provider and the Google Beta provider older than 2.18. [#261]
+
+### Fixed
+
+* `identity_namespace` output depends on the `google_container_cluster.primary` resource. [#301]
+* Idempotency of the beta submodules. [#326]
 
 ## [v5.1.1] - 2019-10-25
 
@@ -213,7 +236,8 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 
 * Initial release of module.
 
-[Unreleased]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.1.1...HEAD
+[Unreleased]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.2.0...HEAD
+[v5.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.1.1...v5.2.0
 [v5.1.1]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.1.0...v5.1.1
 [v5.1.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v5.0.0...v5.1.0
 [v5.0.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v4.1.0...v5.0.0
@@ -230,16 +254,27 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [v0.3.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.2.0...v0.3.0
 [v0.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.1.0...v0.2.0
 
+[#350]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/350
 [#340]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/340
-[#268]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/268
+[#339]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/339
+[#337]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/337
+[#326]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/326
+[#321]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/321
+[#315]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/315
 [#311]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/311
+[#308]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/308
 [#303]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/303
+[#301]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/301
 [#300]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/300
+[#290]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/290
 [#286]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/286
 [#285]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/285
 [#284]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/284
 [#282]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/282
 [#273]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/273
+[#271]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/271
+[#268]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/268
+[#261]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/261
 [#258]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/258
 [#256]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/256
 [#248]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/248
@@ -248,7 +283,6 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [#238]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/238
 [#241]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/241
 [#250]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/250
-[#244]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/244
 [#236]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/236
 [#217]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/217
 [#234]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/234
@@ -260,6 +294,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [#203]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/203
 [#198]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/198
 [#197]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/197
+[#195]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/195
 [#193]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/193
 [#188]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/188
 [#187]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/187
@@ -280,6 +315,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [#108]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/108
 [#106]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/106
 [#94]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/94
+[#93]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/93
 [#89]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/89
 [#80]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/80
 [#77]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/77
@@ -307,6 +343,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [#15]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/15
 [#10]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/10
 [#9]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/9
+[#3]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/3
 
 [upgrading-to-v2.0]: docs/upgrading_to_v2.0.md
 [upgrading-to-v3.0]: docs/upgrading_to_v3.0.md

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.4.6
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

README.md

@@ -34,7 +34,6 @@ module "gke" {
   ip_range_services          = "us-central1-01-gke-01-services"
   http_load_balancing        = false
   horizontal_pod_autoscaling = true
-  kubernetes_dashboard       = true
   network_policy             = true
 
   node_pools = [
@@ -147,15 +146,14 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | ip\_range\_pods | The _name_ of the secondary subnet ip range to use for pods | string | n/a | yes |
 | ip\_range\_services | The _name_ of the secondary subnet range to use for services | string | n/a | yes |
 | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | bool | `"false"` | no |
-| kubernetes\_dashboard | Enable kubernetes dashboard addon | bool | `"false"` | no |
 | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | string | `"latest"` | no |
 | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | string | `"logging.googleapis.com"` | no |
 | maintenance\_start\_time | Time window specified for daily maintenance operations in RFC3339 format | string | `"05:00"` | no |
-| master\_authorized\_networks\_config | The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). | object | `<list>` | no |
+| master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | object | `<list>` | no |
 | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | string | `"monitoring.googleapis.com"` | no |
 | name | The name of the cluster (required) | string | n/a | yes |
 | network | The VPC network to host the cluster in (required) | string | n/a | yes |
-| network\_policy | Enable network policy addon | bool | `"false"` | no |
+| network\_policy | Enable network policy addon | bool | `"true"` | no |
 | network\_policy\_provider | The network policy provider. | string | `"CALICO"` | no |
 | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | string | `""` | no |
 | node\_pools | List of maps containing node pools | list(map(string)) | `<list>` | no |
@@ -174,7 +172,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | bool | `"false"` | no |
 | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `<map>` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes |
-| upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | list | `<list>` | no |
+| upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | list(string) | `<list>` | no |
 | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | list(string) | `<list>` | no |
 
 ## Outputs
@@ -185,7 +183,6 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | endpoint | Cluster endpoint |
 | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled |
 | http\_load\_balancing\_enabled | Whether http load balancing enabled |
-| kubernetes\_dashboard\_enabled | Whether kubernetes dashboard enabled |
 | location | Cluster location (region if regional cluster, zone if zonal cluster) |
 | logging\_service | Logging service used |
 | master\_authorized\_networks\_config | Networks from which access to master is permitted |

autogen/README.md

@@ -39,7 +39,6 @@ module "gke" {
   ip_range_services          = "us-central1-01-gke-01-services"
   http_load_balancing        = false
   horizontal_pod_autoscaling = true
-  kubernetes_dashboard       = true
   network_policy             = true
   {% if private_cluster %}
   enable_private_endpoint    = true