Merge pull request #6 from terraform-google-modules/master

update

CHANGELOG.md

@@ -20,8 +20,9 @@ Extending the adopted spec, each change should have a link to its corresponding
 * `simple_regional_with_networking` example. [#195]
 * `release_channel` variable for beta submodules. [#271]
 * The `node_locations` attribute to the `node_pools` object for beta submodules. [#290]
-* `private_zonal_with_nteworking` example. [#308]
+* `private_zonal_with_networking` example. [#308]
 * `regional_private_node_pool_oauth_scopes` example. [#321]
+* The `cluster_autoscaling` variable for beta submodules. [#93]
 
 ### Changed
 
@@ -314,6 +315,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 [#108]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/108
 [#106]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/106
 [#94]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/94
+[#93]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/93
 [#89]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/89
 [#80]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/80
 [#77]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/77

README.md

@@ -149,7 +149,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | string | `"latest"` | no |
 | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | string | `"logging.googleapis.com"` | no |
 | maintenance\_start\_time | Time window specified for daily maintenance operations in RFC3339 format | string | `"05:00"` | no |
-| master\_authorized\_networks\_config | The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). | object | `<list>` | no |
+| master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | object | `<list>` | no |
 | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | string | `"monitoring.googleapis.com"` | no |
 | name | The name of the cluster (required) | string | n/a | yes |
 | network | The VPC network to host the cluster in (required) | string | n/a | yes |

autogen/cluster.tf.tmpl

@@ -62,6 +62,18 @@ resource "google_container_cluster" "primary" {
   monitoring_service = var.monitoring_service
 
 {% if beta_cluster %}
+  cluster_autoscaling {
+    enabled = var.cluster_autoscaling.enabled
+    dynamic "resource_limits" {
+      for_each = local.autoscalling_resource_limits
+      content {
+        resource_type = lookup(resource_limits.value, "resource_type")
+        minimum       = lookup(resource_limits.value, "minimum")
+        maximum       = lookup(resource_limits.value, "maximum")
+      }
+    }
+  }
+
   enable_binary_authorization = var.enable_binary_authorization
   enable_intranode_visibility = var.enable_intranode_visibility
   default_max_pods_per_node   = var.default_max_pods_per_node
@@ -89,7 +101,7 @@ resource "google_container_cluster" "primary" {
   }
 {% endif %}
   dynamic "master_authorized_networks_config" {
-    for_each = var.master_authorized_networks_config
+    for_each = local.master_authorized_networks_config
     content {
       dynamic "cidr_blocks" {
         for_each = master_authorized_networks_config.value.cidr_blocks

autogen/main.tf.tmpl

@@ -50,6 +50,17 @@ locals {
   node_version            = var.regional ? local.node_version_regional : local.node_version_zonal
 {% if beta_cluster %}
   release_channel         = var.release_channel != null ? [{ channel : var.release_channel }] : []
+
+  autoscalling_resource_limits = var.cluster_autoscaling.enabled ? [{
+      resource_type = "cpu"
+      minimum       = var.cluster_autoscaling.min_cpu_cores
+      maximum       = var.cluster_autoscaling.max_cpu_cores
+    }, {
+      resource_type = "memory"
+      minimum       = var.cluster_autoscaling.min_memory_gb
+      maximum       = var.cluster_autoscaling.max_memory_gb
+    }] : []
+
 {% endif %}
 
 
@@ -116,6 +127,10 @@ locals {
   # /BETA features
   {% endif %}
 
+  master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{
+    cidr_blocks : var.master_authorized_networks
+  }]
+
   cluster_output_node_pools_names    = concat(google_container_node_pool.pools.*.name, [""])
   cluster_output_node_pools_versions = concat(google_container_node_pool.pools.*.version, [""])
 

autogen/outputs.tf.tmpl

@@ -75,7 +75,7 @@ output "monitoring_service" {
 
 output "master_authorized_networks_config" {
   description = "Networks from which access to master is permitted"
-  value       = var.master_authorized_networks_config
+  value       = google_container_cluster.primary.master_authorized_networks_config
 }
 
 output "master_version" {

autogen/variables.tf.tmpl

@@ -78,9 +78,9 @@ variable "node_version" {
   default     = ""
 }
 
-variable "master_authorized_networks_config" {
-  type        = list(object({ cidr_blocks = list(object({ cidr_block = string, display_name = string })) }))
-  description = "The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
+variable "master_authorized_networks" {
+  type        = list(object({ cidr_block = string, display_name = string }))
+  description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
   default     = []
 }
 
@@ -174,8 +174,26 @@ variable "node_pools_metadata" {
     default-node-pool = {}
   }
 }
-
 {% if beta_cluster %}
+
+variable "cluster_autoscaling" {
+  type = object({
+    enabled       = bool
+    min_cpu_cores = number
+    max_cpu_cores = number
+    min_memory_gb = number
+    max_memory_gb = number
+  })
+  default = {
+    enabled       = false
+    max_cpu_cores = 0
+    min_cpu_cores = 0
+    max_memory_gb = 0
+    min_memory_gb = 0
+  }
+  description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
+}
+
 variable "node_pools_taints" {
   type        = map(list(object({ key = string, value = string, effect = string })))
   description = "Map of lists containing node taints by node-pool name"

cluster.tf

@@ -49,7 +49,7 @@ resource "google_container_cluster" "primary" {
   monitoring_service = var.monitoring_service
 
   dynamic "master_authorized_networks_config" {
-    for_each = var.master_authorized_networks_config
+    for_each = local.master_authorized_networks_config
     content {
       dynamic "cidr_blocks" {
         for_each = master_authorized_networks_config.value.cidr_blocks

docs/upgrading_to_v6.0.md

@@ -0,0 +1,37 @@
+# Upgrading to v6.0
+
+The v6.0 release of *kubernetes-engine* is a backwards incompatible
+release.
+
+## Dropped support
+Due to changes in GKE, the module has dropped support for setting the `kubernetes_dashboard` variable.
+
+Additionally, support for Google provider versions older than v2.18 has been removed.
+
+## Migration Instructions
+
+### Master Authorized Networks
+Previously, setting up master authorized networks required setting a nested config within `master_authorized_networks_config`.
+Now, to set up master authorized networks you can simply pass a list of authorized networks.
+
+```diff
+ module "kubernetes_engine_private_cluster" {
+   source  = "terraform-google-modules/kubernetes-engine/google"
+-  version = "~> 5.0"
++  version = "~> 6.0"
+
+-  master_authorized_networks_config = [
++  master_authorized_networks = [
+     {
+-      cidr_blocks = [
+-        {
+-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+-          display_name = "VPC"
+-        },
+-      ]
++      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
++      display_name = "VPC"
+     },
+   ]
+ }
+```

examples/node_pool/README.md

@@ -7,6 +7,7 @@ This example illustrates how to create a cluster with multiple custom node-pool
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object | `<map>` | no |
 | cluster\_name\_suffix | A suffix to append to the default cluster name | string | `""` | no |
 | compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | string | n/a | yes |
 | ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes |

examples/node_pool/main.tf

@@ -36,6 +36,7 @@ module "gke" {
   create_service_account            = false
   remove_default_node_pool          = true
   disable_legacy_metadata_endpoints = false
+  cluster_autoscaling               = var.cluster_autoscaling
 
   node_pools = [
     {

examples/node_pool/variables.tf

@@ -52,3 +52,20 @@ variable "compute_engine_service_account" {
   description = "Service account to associate to the nodes in the cluster"
 }
 
+variable "cluster_autoscaling" {
+  type = object({
+    enabled       = bool
+    min_cpu_cores = number
+    max_cpu_cores = number
+    min_memory_gb = number
+    max_memory_gb = number
+  })
+  default = {
+    enabled       = false
+    max_cpu_cores = 0
+    min_cpu_cores = 0
+    max_memory_gb = 0
+    min_memory_gb = 0
+  }
+  description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
+}

examples/node_pool_update_variant/main.tf

@@ -46,14 +46,10 @@ module "gke" {
   enable_private_nodes    = true
   master_ipv4_cidr_block  = "172.16.0.0/28"
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+      display_name = "VPC"
     },
   ]
 

examples/node_pool_update_variant_beta/main.tf

@@ -47,14 +47,10 @@ module "gke" {
   enable_private_nodes    = true
   master_ipv4_cidr_block  = "172.16.0.0/28"
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+      display_name = "VPC"
     },
   ]
 

examples/private_zonal_with_networking/main.tf

@@ -71,14 +71,10 @@ module "gke" {
   enable_private_nodes    = true
   master_ipv4_cidr_block  = "172.16.0.0/28"
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+      display_name = "VPC"
     },
   ]
 }

examples/regional_private_node_pool_oauth_scopes/main.tf

@@ -33,14 +33,10 @@ module "gke" {
   remove_default_node_pool          = true
   disable_legacy_metadata_endpoints = true
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = module.gke-network.subnets_ips[0]
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = module.gke-network.subnets_ips[0]
+      display_name = "VPC"
     },
   ]
 

examples/safer_cluster/main.tf

@@ -49,16 +49,14 @@ module "gke" {
   ip_range_services              = local.svc_range_name
   compute_engine_service_account = var.compute_engine_service_account
   master_ipv4_cidr_block         = "172.16.0.0/28"
-  master_authorized_networks_config = [
+
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = "10.60.0.0/17"
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = "10.60.0.0/17"
+      display_name = "VPC"
     },
   ]
+
   istio    = true
   cloudrun = true
 }

examples/simple_regional_private/main.tf

@@ -45,14 +45,10 @@ module "gke" {
   enable_private_nodes    = true
   master_ipv4_cidr_block  = "172.16.0.0/28"
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+      display_name = "VPC"
     },
   ]
 }

examples/simple_regional_private_beta/main.tf

@@ -44,14 +44,10 @@ module "gke" {
   enable_private_nodes    = true
   master_ipv4_cidr_block  = "172.16.0.0/28"
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+      display_name = "VPC"
     },
   ]
 

examples/simple_zonal_private/main.tf

@@ -46,14 +46,10 @@ module "gke" {
   enable_private_nodes    = true
   master_ipv4_cidr_block  = "172.16.0.0/28"
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+      display_name = "VPC"
     },
   ]
 }

examples/stub_domains_private/main.tf

@@ -40,14 +40,10 @@ module "gke" {
   enable_private_endpoint       = false
   enable_private_nodes          = true
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+      display_name = "VPC"
     },
   ]