Skip to content

Commit

Permalink
Add network policy
Browse files Browse the repository at this point in the history
  • Loading branch information
Sébastien GLON committed Nov 2, 2017
1 parent 3ee79d2 commit 666ccf8
Show file tree
Hide file tree
Showing 3 changed files with 73 additions and 0 deletions.
24 changes: 24 additions & 0 deletions google/resource_container_cluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,22 @@ func resourceContainerCluster() *schema.Resource {
},
},
},
"network_policy": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"disabled": {
Type: schema.TypeBool,
Default: true,
Optional: true,
ForceNew: true,
},
},
},
},
},
},
},
Expand Down Expand Up @@ -813,6 +829,14 @@ func expandClusterAddonsConfig(configured interface{}) *container.AddonsConfig {
ForceSendFields: []string{"Disabled"},
}
}

if v, ok := config["network_policy"]; ok && len(v.([]interface{})) > 0 {
addon := v.([]interface{})[0].(map[string]interface{})
ac.NetworkPolicyConfig = &container.NetworkPolicyConfig{
Disabled: addon["disabled"].(bool),
ForceSendFields: []string{"Disabled"},
}
}
return ac
}

Expand Down
7 changes: 7 additions & 0 deletions google/resource_container_cluster_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -667,9 +667,14 @@ func testAccCheckContainerCluster(n string) resource.TestCheckFunc {
if cluster.AddonsConfig != nil && cluster.AddonsConfig.KubernetesDashboard != nil {
kubernetesDashboardDisabled = cluster.AddonsConfig.KubernetesDashboard.Disabled
}
networkPolicyDisabled := false
if cluster.AddonsConfig != nil && cluster.AddonsConfig.NetworkPolicyConfig != nil {
networkPolicyDisabled = cluster.AddonsConfig.NetworkPolicyConfig.Disabled
}
clusterTests = append(clusterTests, clusterTestField{"addons_config.0.http_load_balancing.0.disabled", httpLoadBalancingDisabled})
clusterTests = append(clusterTests, clusterTestField{"addons_config.0.horizontal_pod_autoscaling.0.disabled", horizontalPodAutoscalingDisabled})
clusterTests = append(clusterTests, clusterTestField{"addons_config.0.kubernetes_dashboard.0.disabled", kubernetesDashboardDisabled})
clusterTests = append(clusterTests, clusterTestField{"addons_config.0.network_policy.0.disabled", networkPolicyDisabled})

for i, np := range cluster.NodePools {
prefix := fmt.Sprintf("node_pool.%d.", i)
Expand Down Expand Up @@ -876,6 +881,7 @@ resource "google_container_cluster" "primary" {
addons_config {
http_load_balancing { disabled = true }
kubernetes_dashboard { disabled = true }
network_policy { disabled = true }
}
}`, clusterName)
}
Expand All @@ -891,6 +897,7 @@ resource "google_container_cluster" "primary" {
http_load_balancing { disabled = false }
kubernetes_dashboard { disabled = true }
horizontal_pod_autoscaling { disabled = true }
network_policy { disabled = false }
}
}`, clusterName)
}
Expand Down
42 changes: 42 additions & 0 deletions website/docs/r/container_cluster.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,48 @@ The `node_config` block supports:
* `service_account` - (Optional) The service account to be used by the Node VMs.
If not specified, the "default" service account is used.

* `min_cpu_platform` - (Optional) Minimum CPU platform to be used by this instance.
The instance may be scheduled on the specified or newer CPU platform. Applicable
values are the friendly names of CPU platforms, such as `Intel Haswell`. See the
[official documentation](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform)
for more information.

**Addons Config** supports the following addons:

* `http_load_balancing` - (Optional) The status of the HTTP Load Balancing
add-on. It is enabled by default; set `disabled = true` to disable.

* `horizontal_pod_autoscaling` - (Optional) The status of the Horizontal Pod
Autoscaling addon. It is enabled by default; set `disabled = true` to
disable.

* `kubernetes_dashboard` - (Optional) The status of the Kubernetes Dashboard
add-on. It is enabled by default; set `disabled = true` to disable.

* `network_policy` - (Optional) The status of the Network Policy
add-on. It is disable by default; set `disabled = false` to enable.

This example `addons_config` disables both addons:

```
addons_config {
http_load_balancing {
disabled = true
}
horizontal_pod_autoscaling {
disabled = true
}
}
```

**Node Pool** supports the following arguments:

* `initial_node_count` - (Required) The initial node count for the pool.

* `name` - (Optional) The name of the node pool. If left blank, Terraform will
auto-generate a unique name.
>>>>>>> Add network policy
* `tags` - (Optional) The list of instance tags applied to all nodes. Tags are used to identify
valid sources or targets for network firewalls.

Expand Down

0 comments on commit 666ccf8

Please sign in to comment.