Merge pull request #112 from iits-consulting/feat/cce

feat(cce): adds option for "enable_volume_encryption" in cce module
iits-consulting · Jul 15, 2024 · 13b3556 · 13b3556
2 parents 1c931c1 + c5b5236
commit 13b3556
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 15 deletions.
diff --git a/modules/cce/README.md b/modules/cce/README.md
@@ -198,6 +198,7 @@ No modules.
 | <a name="input_cluster_container_cidr"></a> [cluster\_container\_cidr](#input\_cluster\_container\_cidr) | Kubernetes pod network CIDR range (default: 172.16.0.0/16) | `string` | `"172.16.0.0/16"` | no |
 | <a name="input_cluster_container_network_type"></a> [cluster\_container\_network\_type](#input\_cluster\_container\_network\_type) | Container network type: vpc-router or overlay\_l2 for VirtualMachine Clusters; underlay\_ipvlan for BareMetal Clusters | `string` | `""` | no |
 | <a name="input_cluster_enable_scaling"></a> [cluster\_enable\_scaling](#input\_cluster\_enable\_scaling) | Enable autoscaling of the cluster (default: false) | `bool` | `false` | no |
+| <a name="input_cluster_enable_volume_encryption"></a> [cluster\_enable\_volume\_encryption](#input\_cluster\_enable\_volume\_encryption) | (Optional) System and data disks encryption of master nodes. Changing this parameter will create a new cluster resource. | `bool` | `false` | no |
 | <a name="input_cluster_high_availability"></a> [cluster\_high\_availability](#input\_cluster\_high\_availability) | Create the cluster in highly available mode (default: false) | `bool` | `false` | no |
 | <a name="input_cluster_install_icagent"></a> [cluster\_install\_icagent](#input\_cluster\_install\_icagent) | Install icagent for logging and metrics via AOM (default: false) | `bool` | `false` | no |
 | <a name="input_cluster_public_access"></a> [cluster\_public\_access](#input\_cluster\_public\_access) | Bind a public IP to the CLuster to make it public available (default: true) | `bool` | `true` | no |

diff --git a/modules/cce/cluster.tf b/modules/cce/cluster.tf
@@ -50,19 +50,20 @@ locals {
 }
 
 resource "opentelekomcloud_cce_cluster_v3" "cluster" {
-  name                    = var.name
-  cluster_type            = var.cluster_type
-  flavor_id               = local.flavor_id
-  vpc_id                  = var.cluster_vpc_id
-  subnet_id               = var.cluster_subnet_id
-  container_network_type  = local.cluster_container_network_type
-  container_network_cidr  = var.cluster_container_cidr
-  kubernetes_svc_ip_range = var.cluster_service_cidr
-  description             = "Kubernetes Cluster ${var.name}."
-  eip                     = var.cluster_public_access ? opentelekomcloud_vpc_eip_v1.cce_eip[0].publicip[0].ip_address : null
-  cluster_version         = var.cluster_version
-  authentication_mode     = var.cluster_authentication_mode
-  annotations             = var.cluster_install_icagent ? { "cluster.install.addons.external/install" = jsonencode([{ addonTemplateName = "icagent" }]) } : null
+  name                     = var.name
+  cluster_type             = var.cluster_type
+  flavor_id                = local.flavor_id
+  vpc_id                   = var.cluster_vpc_id
+  subnet_id                = var.cluster_subnet_id
+  container_network_type   = local.cluster_container_network_type
+  container_network_cidr   = var.cluster_container_cidr
+  kubernetes_svc_ip_range  = var.cluster_service_cidr
+  description              = "Kubernetes Cluster ${var.name}."
+  eip                      = var.cluster_public_access ? opentelekomcloud_vpc_eip_v1.cce_eip[0].publicip[0].ip_address : null
+  cluster_version          = var.cluster_version
+  authentication_mode      = var.cluster_authentication_mode
+  annotations              = var.cluster_install_icagent ? { "cluster.install.addons.external/install" = jsonencode([{ addonTemplateName = "icagent" }]) } : null
+  enable_volume_encryption = var.cluster_enable_volume_encryption
   dynamic "authenticating_proxy" {
     for_each = var.cluster_authentication_mode != "authenticating_proxy" ? toset([]) : toset(["authenticating_proxy"])
     content {

diff --git a/modules/cce/variables.tf b/modules/cce/variables.tf
@@ -65,6 +65,12 @@ resource "errorcheck_is_valid" "container_network_type" {
   }
 }
 
+variable "cluster_enable_volume_encryption" {
+  description = "(Optional) System and data disks encryption of master nodes. Changing this parameter will create a new cluster resource."
+  default     = false
+  type        = bool
+}
+
 variable "cluster_container_cidr" {
   type        = string
   description = "Kubernetes pod network CIDR range (default: 172.16.0.0/16)"

diff --git a/modules/projects/README.md b/modules/projects/README.md
@@ -19,7 +19,6 @@ module "projects" {
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | v1.4.6 |
 | <a name="requirement_opentelekomcloud"></a> [opentelekomcloud](#requirement\_opentelekomcloud) | >=1.34.4 |
 
 ## Providers

diff --git a/modules/state_bucket/README.md b/modules/state_bucket/README.md
@@ -28,7 +28,6 @@ Notes:
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | v1.4.6 |
 | <a name="requirement_opentelekomcloud"></a> [opentelekomcloud](#requirement\_opentelekomcloud) | >=1.34.4 |
 
 ## Providers