Merge branch 'master' into master

Author: Aaron Lane

.kitchen.yml

@@ -52,6 +52,23 @@ suites:
       systems:
         - name: simple_regional
           backend: local
+  - name: "private_zonal_with_networking"
+    driver:
+      root_module_directory: test/fixtures/private_zonal_with_networking
+    verifier:
+      systems:
+        - name: private_zonal_with_networking
+          backend: local
+          controls:
+            - gcloud
+        - name: private_zonal_with_networking
+          backend: local
+          controls:
+            - subnet
+        - name: network
+          backend: gcp
+          controls:
+            - network
   - name: "simple_regional_with_networking"
     driver:
       root_module_directory: test/fixtures/simple_regional_with_networking

CHANGELOG.md

@@ -14,6 +14,8 @@ Extending the adopted spec, each change should have a link to its corresponding
 * Support for setting node_locations on node pools. [#303]
 * Fix for specifying  `node_count` on node pools when autoscaling is disabled. [#311]
 * Added submodule for installing Anthos Config Management. [#268]
+* Support for `local_ssd_count` in node pool configuration. [#244]
+* Wait for cluster to be ready before returning endpoint. [#340]
 
 ## [v5.1.1] - 2019-10-25
 
@@ -228,6 +230,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [v0.3.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.2.0...v0.3.0
 [v0.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.1.0...v0.2.0
 
+[#340]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/340
 [#268]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/268
 [#311]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/311
 [#303]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/303
@@ -245,6 +248,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [#238]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/238
 [#241]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/241
 [#250]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/250
+[#244]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/244
 [#236]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/236
 [#217]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/217
 [#234]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/234

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.4.6
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

README.md

@@ -43,6 +43,7 @@ module "gke" {
       machine_type       = "n1-standard-2"
       min_count          = 1
       max_count          = 100
+      local_ssd_count    = 0
       disk_size_gb       = 100
       disk_type          = "pd-standard"
       image_type         = "COS"

autogen/README.md

@@ -60,6 +60,7 @@ module "gke" {
       {% endif %}
       min_count          = 1
       max_count          = 100
+      local_ssd_count    = 0
       disk_size_gb       = 100
       disk_type          = "pd-standard"
       image_type         = "COS"

autogen/auth.tf renamed to autogen/auth.tf.tmpl

@@ -252,10 +252,10 @@ resource "random_id" "name" {
       labels = join(",",
         sort(
           concat(
-            keys(var.node_pools_labels["all"]),
-            values(var.node_pools_labels["all"]),
-            keys(var.node_pools_labels[var.node_pools[count.index]["name"]]),
-            values(var.node_pools_labels[var.node_pools[count.index]["name"]])
+            keys(local.node_pools_labels["all"]),
+            values(local.node_pools_labels["all"]),
+            keys(local.node_pools_labels[var.node_pools[count.index]["name"]]),
+            values(local.node_pools_labels[var.node_pools[count.index]["name"]])
           )
         )
       )
@@ -264,10 +264,10 @@ resource "random_id" "name" {
       metadata = join(",",
         sort(
           concat(
-            keys(var.node_pools_metadata["all"]),
-            values(var.node_pools_metadata["all"]),
-            keys(var.node_pools_metadata[var.node_pools[count.index]["name"]]),
-            values(var.node_pools_metadata[var.node_pools[count.index]["name"]])
+            keys(local.node_pools_metadata["all"]),
+            values(local.node_pools_metadata["all"]),
+            keys(local.node_pools_metadata[var.node_pools[count.index]["name"]]),
+            values(local.node_pools_metadata[var.node_pools[count.index]["name"]])
           )
         )
       )
@@ -276,8 +276,8 @@ resource "random_id" "name" {
       oauth_scopes = join(",",
         sort(
           concat(
-            var.node_pools_oauth_scopes["all"],
-            var.node_pools_oauth_scopes[var.node_pools[count.index]["name"]]
+            local.node_pools_oauth_scopes["all"],
+            local.node_pools_oauth_scopes[var.node_pools[count.index]["name"]]
           )
         )
       )
@@ -286,8 +286,8 @@ resource "random_id" "name" {
       tags = join(",",
         sort(
           concat(
-            var.node_pools_tags["all"],
-            var.node_pools_tags[var.node_pools[count.index]["name"]]
+            local.node_pools_tags["all"],
+            local.node_pools_tags[var.node_pools[count.index]["name"]]
           )
         )
       )
@@ -314,7 +314,9 @@ resource "google_container_node_pool" "pools" {
   // use node_locations if provided, defaults to cluster level node_locations if not specified
   node_locations = lookup(var.node_pools[count.index], "node_locations", "") != "" ? split(",", var.node_pools[count.index]["node_locations"]) : null
   {% endif %}
-  cluster  = google_container_cluster.primary.name
+
+  cluster = google_container_cluster.primary.name
+
   version = lookup(var.node_pools[count.index], "auto_upgrade", false) ? "" : lookup(
     var.node_pools[count.index],
     "version",
@@ -350,25 +352,25 @@ resource "google_container_node_pool" "pools" {
     image_type   = lookup(var.node_pools[count.index], "image_type", "COS")
     machine_type = lookup(var.node_pools[count.index], "machine_type", "n1-standard-2")
     labels = merge(
-      lookup(lookup(var.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {},
-      lookup(lookup(var.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = var.node_pools[count.index]["name"] } : {},
-      var.node_pools_labels["all"],
-      var.node_pools_labels[var.node_pools[count.index]["name"]],
+      lookup(lookup(local.node_pools_labels, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {},
+      lookup(lookup(local.node_pools_labels, "default_values", {}), "node_pool", true) ? { "node_pool" = var.node_pools[count.index]["name"] } : {},
+      local.node_pools_labels["all"],
+      local.node_pools_labels[var.node_pools[count.index]["name"]],
     )
     metadata = merge(
-      lookup(lookup(var.node_pools_metadata, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {},
-      lookup(lookup(var.node_pools_metadata, "default_values", {}), "node_pool", true) ? { "node_pool" = var.node_pools[count.index]["name"] } : {},
-      var.node_pools_metadata["all"],
-      var.node_pools_metadata[var.node_pools[count.index]["name"]],
+      lookup(lookup(local.node_pools_metadata, "default_values", {}), "cluster_name", true) ? { "cluster_name" = var.name } : {},
+      lookup(lookup(local.node_pools_metadata, "default_values", {}), "node_pool", true) ? { "node_pool" = var.node_pools[count.index]["name"] } : {},
+      local.node_pools_metadata["all"],
+      local.node_pools_metadata[var.node_pools[count.index]["name"]],
       {
         "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints
       },
     )
     {% if beta_cluster %}
     dynamic "taint" {
       for_each = concat(
-        var.node_pools_taints["all"],
-        var.node_pools_taints[var.node_pools[count.index]["name"]],
+        local.node_pools_taints["all"],
+        local.node_pools_taints[var.node_pools[count.index]["name"]],
       )
       content {
         effect = taint.value.effect
@@ -378,14 +380,16 @@ resource "google_container_node_pool" "pools" {
     }
     {% endif %}
     tags = concat(
-      lookup(var.node_pools_tags, "default_values", [true, true])[0] ? ["gke-${var.name}"] : [],
-      lookup(var.node_pools_tags, "default_values", [true, true])[1] ? ["gke-${var.name}-${var.node_pools[count.index]["name"]}"] : [],
-      var.node_pools_tags["all"],
-      var.node_pools_tags[var.node_pools[count.index]["name"]],
+      lookup(local.node_pools_tags, "default_values", [true, true])[0] ? ["gke-${var.name}"] : [],
+      lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["gke-${var.name}-${var.node_pools[count.index]["name"]}"] : [],
+      local.node_pools_tags["all"],
+      local.node_pools_tags[var.node_pools[count.index]["name"]],
     )
 
-    disk_size_gb = lookup(var.node_pools[count.index], "disk_size_gb", 100)
-    disk_type    = lookup(var.node_pools[count.index], "disk_type", "pd-standard")
+    local_ssd_count = lookup(var.node_pools[count.index], "local_ssd_count", 0)
+    disk_size_gb    = lookup(var.node_pools[count.index], "disk_size_gb", 100)
+    disk_type       = lookup(var.node_pools[count.index], "disk_type", "pd-standard")
+
     service_account = lookup(
       var.node_pools[count.index],
       "service_account",
@@ -394,8 +398,8 @@ resource "google_container_node_pool" "pools" {
     preemptible = lookup(var.node_pools[count.index], "preemptible", false)
 
     oauth_scopes = concat(
-      var.node_pools_oauth_scopes["all"],
-      var.node_pools_oauth_scopes[var.node_pools[count.index]["name"]],
+      local.node_pools_oauth_scopes["all"],
+      local.node_pools_oauth_scopes[var.node_pools[count.index]["name"]],
     )
 
     guest_accelerator = [
@@ -429,6 +433,7 @@ resource "google_container_node_pool" "pools" {
 
   lifecycle {
     ignore_changes = [initial_node_count]
+
     {% if update_variant %}
     create_before_destroy = true
     {% endif %}

autogen/cluster.tf renamed to autogen/cluster.tf.tmpl

@@ -147,7 +147,8 @@ locals {
   cluster_pod_security_policy_enabled      = local.cluster_output_pod_security_policy_enabled
   cluster_intranode_visibility_enabled     = local.cluster_output_intranode_visbility_enabled
   cluster_vertical_pod_autoscaling_enabled = local.cluster_output_vertical_pod_autoscaling_enabled
-  cluster_workload_identity_config         = var.identity_namespace == "" ? [] : [{
+
+  cluster_workload_identity_config = var.identity_namespace == "" ? [] : [{
     identity_namespace = var.identity_namespace
   }]
   # /BETA features

autogen/dns.tf renamed to autogen/dns.tf.tmpl

@@ -54,6 +54,7 @@ output "endpoint" {
     */
     google_container_cluster.primary,
     google_container_node_pool.pools,
+    null_resource.wait_for_cluster.id,
   ]
 }
 

autogen/main.tf renamed to autogen/main.tf.tmpl

@@ -79,7 +79,7 @@ variable "node_version" {
 }
 
 variable "master_authorized_networks_config" {
-  type        = list(object({cidr_blocks = list(object({cidr_block = string, display_name = string}))}))
+  type        = list(object({ cidr_blocks = list(object({ cidr_block = string, display_name = string })) }))
   description = "The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
   default     = []
 }
@@ -163,6 +163,7 @@ variable "node_pools_labels" {
   type        = map(map(string))
   description = "Map of maps containing node labels by node-pool name"
 
+  # Default is being set in variables_defaults.tf
   default = {
     all               = {}
     default-node-pool = {}
@@ -173,6 +174,7 @@ variable "node_pools_metadata" {
   type        = map(map(string))
   description = "Map of maps containing node metadata by node-pool name"
 
+  # Default is being set in variables_defaults.tf
   default = {
     all               = {}
     default-node-pool = {}
@@ -181,9 +183,10 @@ variable "node_pools_metadata" {
 
 {% if beta_cluster %}
 variable "node_pools_taints" {
-  type        = map(list(object({key=string,value=string,effect=string})))
+  type        = map(list(object({ key = string, value = string, effect = string })))
   description = "Map of lists containing node taints by node-pool name"
 
+  # Default is being set in variables_defaults.tf
   default = {
     all               = []
     default-node-pool = []
@@ -195,6 +198,7 @@ variable "node_pools_tags" {
   type        = map(list(string))
   description = "Map of lists containing node network tags by node-pool name"
 
+  # Default is being set in variables_defaults.tf
   default = {
     all               = []
     default-node-pool = []
@@ -205,6 +209,7 @@ variable "node_pools_oauth_scopes" {
   type        = map(list(string))
   description = "Map of lists containing node oauth scopes by node-pool name"
 
+  # Default is being set in variables_defaults.tf
   default = {
     all               = ["https://www.googleapis.com/auth/cloud-platform"]
     default-node-pool = []
@@ -356,10 +361,11 @@ variable "default_max_pods_per_node" {
 
 variable "database_encryption" {
   description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key."
-  type        = list(object({state = string, key_name = string}))
-  default     = [{
-    state     = "DECRYPTED"
-    key_name  = ""
+  type        = list(object({ state = string, key_name = string }))
+
+  default = [{
+    state    = "DECRYPTED"
+    key_name = ""
   }]
 }
 
@@ -375,7 +381,8 @@ variable "enable_binary_authorization" {
 
 variable "pod_security_policy_config" {
   description = "enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created."
-  default     = [{
+
+  default = [{
     "enabled" = false
   }]
 }
@@ -429,8 +436,8 @@ variable "release_channel" {
 }
 
 variable "enable_shielded_nodes" {
-  type = bool
+  type        = bool
   description = "Enable Shielded Nodes features on all nodes in this cluster"
-  default = false
+  default     = false
 }
 {% endif %}

autogen/masq.tf renamed to autogen/masq.tf.tmpl

@@ -0,0 +1,74 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+{{ autogeneration_note }}
+
+# Setup dynamic default values for variables which can't be setup using
+# the standard terraform "variable default" functionality
+
+locals {
+  node_pools_labels = merge(
+    { all = {} },
+    { default-node-pool = {} },
+    zipmap(
+      [for node_pool in var.node_pools : node_pool["name"]],
+      [for node_pool in var.node_pools : {}]
+    ),
+    var.node_pools_labels
+  )
+
+  node_pools_metadata = merge(
+    { all = {} },
+    { default-node-pool = {} },
+    zipmap(
+      [for node_pool in var.node_pools : node_pool["name"]],
+      [for node_pool in var.node_pools : {}]
+    ),
+    var.node_pools_metadata
+  )
+
+{% if beta_cluster %}
+  node_pools_taints = merge(
+    { all = [] },
+    { default-node-pool = [] },
+    zipmap(
+      [for node_pool in var.node_pools : node_pool["name"]],
+      [for node_pool in var.node_pools : []]
+    ),
+    var.node_pools_taints
+  )
+
+{% endif %}
+  node_pools_tags = merge(
+    { all = [] },
+    { default-node-pool = [] },
+    zipmap(
+      [for node_pool in var.node_pools : node_pool["name"]],
+      [for node_pool in var.node_pools : []]
+    ),
+    var.node_pools_tags
+  )
+
+  node_pools_oauth_scopes = merge(
+    { all = ["https://www.googleapis.com/auth/cloud-platform"] },
+    { default-node-pool = [] },
+    zipmap(
+      [for node_pool in var.node_pools : node_pool["name"]],
+      [for node_pool in var.node_pools : []]
+    ),
+    var.node_pools_oauth_scopes
+  )
+}