From af0cd08682e9e0aa0f0e03b554ac9ed79fd7424b Mon Sep 17 00:00:00 2001 From: Marko Vlahovic Date: Thu, 8 Oct 2020 14:21:41 -0700 Subject: [PATCH] fix: add node_pool_taints to all the modules --- README.md | 1 + autogen/main/cluster.tf.tmpl | 2 -- autogen/main/variables.tf.tmpl | 2 +- autogen/main/variables_defaults.tf | 2 -- cluster.tf | 11 ++++++++++ examples/deploy_service/main.tf | 2 +- examples/disable_client_cert/main.tf | 2 +- examples/node_pool/main.tf | 2 +- examples/node_pool_update_variant/main.tf | 2 +- .../node_pool_update_variant_beta/main.tf | 2 +- .../private_zonal_with_networking/main.tf | 2 +- .../network.tf | 2 +- .../provider.tf | 4 ++-- examples/safer_cluster/main.tf | 4 ++-- examples/safer_cluster/network.tf | 2 +- examples/safer_cluster_iap_bastion/network.tf | 2 +- .../safer_cluster_iap_bastion/provider.tf | 4 ++-- examples/shared_vpc/main.tf | 2 +- examples/simple_regional/main.tf | 2 +- examples/simple_regional_beta/main.tf | 2 +- examples/simple_regional_private/main.tf | 2 +- examples/simple_regional_private_beta/main.tf | 4 ++-- .../simple_regional_with_kubeconfig/main.tf | 2 +- .../simple_regional_with_networking/main.tf | 4 ++-- examples/simple_zonal_private/main.tf | 2 +- examples/simple_zonal_with_acm/main.tf | 2 +- examples/simple_zonal_with_asm/main.tf | 2 +- examples/simple_zonal_with_hub/main.tf | 2 +- examples/stub_domains/main.tf | 2 +- examples/stub_domains_private/main.tf | 2 +- .../stub_domains_upstream_nameservers/main.tf | 2 +- examples/upstream_nameservers/main.tf | 2 +- examples/workload_identity/main.tf | 2 +- examples/workload_metadata_config/main.tf | 2 +- .../private-cluster-update-variant/README.md | 1 + .../private-cluster-update-variant/cluster.tf | 11 ++++++++++ .../variables.tf | 12 +++++++++++ .../variables_defaults.tf | 10 ++++++++++ modules/private-cluster/README.md | 1 + modules/private-cluster/cluster.tf | 11 ++++++++++ modules/private-cluster/variables.tf | 12 +++++++++++ modules/private-cluster/variables_defaults.tf | 10 ++++++++++ test/fixtures/deploy_service/network.tf | 2 +- test/fixtures/disable_client_cert/network.tf | 2 +- test/fixtures/shared_vpc/network.tf | 2 +- test/fixtures/simple_regional/network.tf | 2 +- .../network.tf | 2 +- test/fixtures/simple_zonal/network.tf | 2 +- .../fixtures/simple_zonal_with_asm/network.tf | 2 +- test/fixtures/stub_domains/network.tf | 2 +- .../network.tf | 2 +- test/fixtures/upstream_nameservers/network.tf | 2 +- test/setup/main.tf | 20 ++++++++++++++++--- test/setup/versions.tf | 4 ++-- variables.tf | 12 +++++++++++ variables_defaults.tf | 10 ++++++++++ 56 files changed, 166 insertions(+), 54 deletions(-) diff --git a/README.md b/README.md index 5ca61be5b5..0a2535ebd9 100644 --- a/README.md +++ b/README.md @@ -140,6 +140,7 @@ Then perform the following commands on the root folder: | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `` | no | | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | +| node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `` | no | | project\_id | The project ID to host the cluster in (required) | string | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | string | `"null"` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index c46f6725fc..72b0f2bc2f 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -458,7 +458,6 @@ resource "google_container_node_pool" "pools" { "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints }, ) - {% if beta_cluster %} dynamic "taint" { for_each = concat( local.node_pools_taints["all"], @@ -470,7 +469,6 @@ resource "google_container_node_pool" "pools" { value = taint.value.value } } - {% endif %} tags = concat( lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-${each.value["name"]}"] : [], diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 051df31f91..2205321bbe 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -227,6 +227,7 @@ variable "cluster_autoscaling" { } description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)" } +{% endif %} variable "node_pools_taints" { type = map(list(object({ key = string, value = string, effect = string }))) @@ -239,7 +240,6 @@ variable "node_pools_taints" { } } -{% endif %} variable "node_pools_tags" { type = map(list(string)) description = "Map of lists containing node network tags by node-pool name" diff --git a/autogen/main/variables_defaults.tf b/autogen/main/variables_defaults.tf index ccc9b0eed3..5ba467eb80 100644 --- a/autogen/main/variables_defaults.tf +++ b/autogen/main/variables_defaults.tf @@ -40,7 +40,6 @@ locals { var.node_pools_metadata ) -{% if beta_cluster %} node_pools_taints = merge( { all = [] }, { default-node-pool = [] }, @@ -51,7 +50,6 @@ locals { var.node_pools_taints ) -{% endif %} node_pools_tags = merge( { all = [] }, { default-node-pool = [] }, diff --git a/cluster.tf b/cluster.tf index df45c9cba8..abcdbc0c89 100644 --- a/cluster.tf +++ b/cluster.tf @@ -198,6 +198,17 @@ resource "google_container_node_pool" "pools" { "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints }, ) + dynamic "taint" { + for_each = concat( + local.node_pools_taints["all"], + local.node_pools_taints[each.value["name"]], + ) + content { + effect = taint.value.effect + key = taint.value.key + value = taint.value.value + } + } tags = concat( lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-${each.value["name"]}"] : [], diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf index efb3bd8388..3bf6ed2739 100644 --- a/examples/deploy_service/main.tf +++ b/examples/deploy_service/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/disable_client_cert/main.tf b/examples/disable_client_cert/main.tf index 8aa0791446..3615bf3f6b 100644 --- a/examples/disable_client_cert/main.tf +++ b/examples/disable_client_cert/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index d0358e5ffd..0dce9d78db 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/node_pool_update_variant/main.tf b/examples/node_pool_update_variant/main.tf index 1694f9248e..e36dc1a681 100644 --- a/examples/node_pool_update_variant/main.tf +++ b/examples/node_pool_update_variant/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/node_pool_update_variant_beta/main.tf b/examples/node_pool_update_variant_beta/main.tf index cbfa818bdb..39256b738e 100644 --- a/examples/node_pool_update_variant_beta/main.tf +++ b/examples/node_pool_update_variant_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" credentials = file(var.credentials_path) region = var.region } diff --git a/examples/private_zonal_with_networking/main.tf b/examples/private_zonal_with_networking/main.tf index 006dee61a6..75d13dd218 100644 --- a/examples/private_zonal_with_networking/main.tf +++ b/examples/private_zonal_with_networking/main.tf @@ -16,7 +16,7 @@ module "gcp-network" { source = "terraform-google-modules/network/google" - version = "~> 2.0" + version = "~> 2.5" project_id = var.project_id network_name = var.network diff --git a/examples/regional_private_node_pool_oauth_scopes/network.tf b/examples/regional_private_node_pool_oauth_scopes/network.tf index 7f60f15fa8..140c20d941 100644 --- a/examples/regional_private_node_pool_oauth_scopes/network.tf +++ b/examples/regional_private_node_pool_oauth_scopes/network.tf @@ -16,7 +16,7 @@ module "gke-network" { source = "terraform-google-modules/network/google" - version = "~> 2.0" + version = "~> 2.5" project_id = var.project_id network_name = "random-gke-network" diff --git a/examples/regional_private_node_pool_oauth_scopes/provider.tf b/examples/regional_private_node_pool_oauth_scopes/provider.tf index 543821ce86..4afb1e7ef3 100644 --- a/examples/regional_private_node_pool_oauth_scopes/provider.tf +++ b/examples/regional_private_node_pool_oauth_scopes/provider.tf @@ -15,9 +15,9 @@ */ provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" } diff --git a/examples/safer_cluster/main.tf b/examples/safer_cluster/main.tf index 3d0f5aa39c..efe5449e48 100644 --- a/examples/safer_cluster/main.tf +++ b/examples/safer_cluster/main.tf @@ -30,11 +30,11 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" } module "gke" { diff --git a/examples/safer_cluster/network.tf b/examples/safer_cluster/network.tf index c647547f9c..bf36d6f477 100644 --- a/examples/safer_cluster/network.tf +++ b/examples/safer_cluster/network.tf @@ -16,7 +16,7 @@ module "gcp-network" { source = "terraform-google-modules/network/google" - version = "~> 2.0" + version = "~> 2.5" project_id = var.project_id network_name = local.network_name diff --git a/examples/safer_cluster_iap_bastion/network.tf b/examples/safer_cluster_iap_bastion/network.tf index 57c6f8aead..00e23bdfe5 100644 --- a/examples/safer_cluster_iap_bastion/network.tf +++ b/examples/safer_cluster_iap_bastion/network.tf @@ -17,7 +17,7 @@ module "vpc" { source = "terraform-google-modules/network/google" - version = "~> 2.3" + version = "~> 2.5" project_id = module.enabled_google_apis.project_id network_name = var.network_name diff --git a/examples/safer_cluster_iap_bastion/provider.tf b/examples/safer_cluster_iap_bastion/provider.tf index b19b4bfb01..4c2b042d09 100644 --- a/examples/safer_cluster_iap_bastion/provider.tf +++ b/examples/safer_cluster_iap_bastion/provider.tf @@ -15,9 +15,9 @@ */ provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" } diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf index 876339c8eb..a4ecdc28e6 100644 --- a/examples/shared_vpc/main.tf +++ b/examples/shared_vpc/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf index 766ead4031..c4ddf21aa2 100644 --- a/examples/simple_regional/main.tf +++ b/examples/simple_regional/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_regional_beta/main.tf b/examples/simple_regional_beta/main.tf index 81c72f0f2c..94d394b39a 100644 --- a/examples/simple_regional_beta/main.tf +++ b/examples/simple_regional_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_regional_private/main.tf b/examples/simple_regional_private/main.tf index b6224af20a..af484b1812 100644 --- a/examples/simple_regional_private/main.tf +++ b/examples/simple_regional_private/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf index a311609a7b..42a8eb40e6 100644 --- a/examples/simple_regional_private_beta/main.tf +++ b/examples/simple_regional_private_beta/main.tf @@ -19,12 +19,12 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_regional_with_kubeconfig/main.tf b/examples/simple_regional_with_kubeconfig/main.tf index da2911e669..5db7eb266d 100644 --- a/examples/simple_regional_with_kubeconfig/main.tf +++ b/examples/simple_regional_with_kubeconfig/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_regional_with_networking/main.tf b/examples/simple_regional_with_networking/main.tf index 7a529c2e4a..57ccefa32a 100644 --- a/examples/simple_regional_with_networking/main.tf +++ b/examples/simple_regional_with_networking/main.tf @@ -15,12 +15,12 @@ */ provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" } module "gcp-network" { source = "terraform-google-modules/network/google" - version = "~> 2.0" + version = "~> 2.5" project_id = var.project_id network_name = var.network diff --git a/examples/simple_zonal_private/main.tf b/examples/simple_zonal_private/main.tf index e6279ca88c..f6e468083f 100644 --- a/examples/simple_zonal_private/main.tf +++ b/examples/simple_zonal_private/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_zonal_with_acm/main.tf b/examples/simple_zonal_with_acm/main.tf index b234a06901..42b12ee939 100644 --- a/examples/simple_zonal_with_acm/main.tf +++ b/examples/simple_zonal_with_acm/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_zonal_with_asm/main.tf b/examples/simple_zonal_with_asm/main.tf index 5148323bc3..1ad1f5b68e 100644 --- a/examples/simple_zonal_with_asm/main.tf +++ b/examples/simple_zonal_with_asm/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/simple_zonal_with_hub/main.tf b/examples/simple_zonal_with_hub/main.tf index 94d48cc5e8..9da21f9f1e 100644 --- a/examples/simple_zonal_with_hub/main.tf +++ b/examples/simple_zonal_with_hub/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.16.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf index 8e65ad659b..9dce470f3b 100644 --- a/examples/stub_domains/main.tf +++ b/examples/stub_domains/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/stub_domains_private/main.tf b/examples/stub_domains_private/main.tf index 77f202caf5..cde258cddf 100644 --- a/examples/stub_domains_private/main.tf +++ b/examples/stub_domains_private/main.tf @@ -15,7 +15,7 @@ */ provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/stub_domains_upstream_nameservers/main.tf b/examples/stub_domains_upstream_nameservers/main.tf index 7d720375dd..6e14173471 100644 --- a/examples/stub_domains_upstream_nameservers/main.tf +++ b/examples/stub_domains_upstream_nameservers/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/upstream_nameservers/main.tf b/examples/upstream_nameservers/main.tf index 16b81816e4..b77dc4c23b 100644 --- a/examples/upstream_nameservers/main.tf +++ b/examples/upstream_nameservers/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/workload_identity/main.tf b/examples/workload_identity/main.tf index d41a442a30..9579d090ab 100644 --- a/examples/workload_identity/main.tf +++ b/examples/workload_identity/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/examples/workload_metadata_config/main.tf b/examples/workload_metadata_config/main.tf index 2909afa176..a861c2414d 100644 --- a/examples/workload_metadata_config/main.tf +++ b/examples/workload_metadata_config/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.35.0" + version = "~> 3.42.0" region = var.region } diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 79ac09be3f..c0b64b2613 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -172,6 +172,7 @@ Then perform the following commands on the root folder: | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `` | no | | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | +| node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `` | no | | project\_id | The project ID to host the cluster in (required) | string | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | string | `"null"` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 718044a4ba..f624fe1e7b 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -283,6 +283,17 @@ resource "google_container_node_pool" "pools" { "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints }, ) + dynamic "taint" { + for_each = concat( + local.node_pools_taints["all"], + local.node_pools_taints[each.value["name"]], + ) + content { + effect = taint.value.effect + key = taint.value.key + value = taint.value.value + } + } tags = concat( lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-${each.value["name"]}"] : [], diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 8188c2afd0..5df2c4afc1 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -187,6 +187,18 @@ variable "enable_resource_consumption_export" { description = "Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export." default = true } + +variable "node_pools_taints" { + type = map(list(object({ key = string, value = string, effect = string }))) + description = "Map of lists containing node taints by node-pool name" + + # Default is being set in variables_defaults.tf + default = { + all = [] + default-node-pool = [] + } +} + variable "node_pools_tags" { type = map(list(string)) description = "Map of lists containing node network tags by node-pool name" diff --git a/modules/private-cluster-update-variant/variables_defaults.tf b/modules/private-cluster-update-variant/variables_defaults.tf index 93bf1c1341..70ac8ba1c1 100644 --- a/modules/private-cluster-update-variant/variables_defaults.tf +++ b/modules/private-cluster-update-variant/variables_defaults.tf @@ -40,6 +40,16 @@ locals { var.node_pools_metadata ) + node_pools_taints = merge( + { all = [] }, + { default-node-pool = [] }, + zipmap( + [for node_pool in var.node_pools : node_pool["name"]], + [for node_pool in var.node_pools : []] + ), + var.node_pools_taints + ) + node_pools_tags = merge( { all = [] }, { default-node-pool = [] }, diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index a86cfe22a5..fe4eca1406 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -150,6 +150,7 @@ Then perform the following commands on the root folder: | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `` | no | | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | +| node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `` | no | | project\_id | The project ID to host the cluster in (required) | string | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | string | `"null"` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index a8401d0aaa..a0ed848c90 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -211,6 +211,17 @@ resource "google_container_node_pool" "pools" { "disable-legacy-endpoints" = var.disable_legacy_metadata_endpoints }, ) + dynamic "taint" { + for_each = concat( + local.node_pools_taints["all"], + local.node_pools_taints[each.value["name"]], + ) + content { + effect = taint.value.effect + key = taint.value.key + value = taint.value.value + } + } tags = concat( lookup(local.node_pools_tags, "default_values", [true, true])[0] ? [local.cluster_network_tag] : [], lookup(local.node_pools_tags, "default_values", [true, true])[1] ? ["${local.cluster_network_tag}-${each.value["name"]}"] : [], diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 8188c2afd0..5df2c4afc1 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -187,6 +187,18 @@ variable "enable_resource_consumption_export" { description = "Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export." default = true } + +variable "node_pools_taints" { + type = map(list(object({ key = string, value = string, effect = string }))) + description = "Map of lists containing node taints by node-pool name" + + # Default is being set in variables_defaults.tf + default = { + all = [] + default-node-pool = [] + } +} + variable "node_pools_tags" { type = map(list(string)) description = "Map of lists containing node network tags by node-pool name" diff --git a/modules/private-cluster/variables_defaults.tf b/modules/private-cluster/variables_defaults.tf index 93bf1c1341..70ac8ba1c1 100644 --- a/modules/private-cluster/variables_defaults.tf +++ b/modules/private-cluster/variables_defaults.tf @@ -40,6 +40,16 @@ locals { var.node_pools_metadata ) + node_pools_taints = merge( + { all = [] }, + { default-node-pool = [] }, + zipmap( + [for node_pool in var.node_pools : node_pool["name"]], + [for node_pool in var.node_pools : []] + ), + var.node_pools_taints + ) + node_pools_tags = merge( { all = [] }, { default-node-pool = [] }, diff --git a/test/fixtures/deploy_service/network.tf b/test/fixtures/deploy_service/network.tf index 8a49648088..0de80bd3b9 100644 --- a/test/fixtures/deploy_service/network.tf +++ b/test/fixtures/deploy_service/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[0] } diff --git a/test/fixtures/disable_client_cert/network.tf b/test/fixtures/disable_client_cert/network.tf index 8a49648088..0de80bd3b9 100644 --- a/test/fixtures/disable_client_cert/network.tf +++ b/test/fixtures/disable_client_cert/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[0] } diff --git a/test/fixtures/shared_vpc/network.tf b/test/fixtures/shared_vpc/network.tf index 8a49648088..0de80bd3b9 100644 --- a/test/fixtures/shared_vpc/network.tf +++ b/test/fixtures/shared_vpc/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[0] } diff --git a/test/fixtures/simple_regional/network.tf b/test/fixtures/simple_regional/network.tf index 8a49648088..0de80bd3b9 100644 --- a/test/fixtures/simple_regional/network.tf +++ b/test/fixtures/simple_regional/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[0] } diff --git a/test/fixtures/simple_regional_with_kubeconfig/network.tf b/test/fixtures/simple_regional_with_kubeconfig/network.tf index eb30a9b570..e434edc0ea 100644 --- a/test/fixtures/simple_regional_with_kubeconfig/network.tf +++ b/test/fixtures/simple_regional_with_kubeconfig/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[0] } diff --git a/test/fixtures/simple_zonal/network.tf b/test/fixtures/simple_zonal/network.tf index 542b3904cf..4fc294e76d 100644 --- a/test/fixtures/simple_zonal/network.tf +++ b/test/fixtures/simple_zonal/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[1] } diff --git a/test/fixtures/simple_zonal_with_asm/network.tf b/test/fixtures/simple_zonal_with_asm/network.tf index 3ddc86721c..b221dae8a4 100644 --- a/test/fixtures/simple_zonal_with_asm/network.tf +++ b/test/fixtures/simple_zonal_with_asm/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[2] } diff --git a/test/fixtures/stub_domains/network.tf b/test/fixtures/stub_domains/network.tf index fd97996503..f36e983b59 100644 --- a/test/fixtures/stub_domains/network.tf +++ b/test/fixtures/stub_domains/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[1] } diff --git a/test/fixtures/stub_domains_upstream_nameservers/network.tf b/test/fixtures/stub_domains_upstream_nameservers/network.tf index 153058fa26..ee3ee45183 100644 --- a/test/fixtures/stub_domains_upstream_nameservers/network.tf +++ b/test/fixtures/stub_domains_upstream_nameservers/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[1] } diff --git a/test/fixtures/upstream_nameservers/network.tf b/test/fixtures/upstream_nameservers/network.tf index 153058fa26..ee3ee45183 100644 --- a/test/fixtures/upstream_nameservers/network.tf +++ b/test/fixtures/upstream_nameservers/network.tf @@ -21,7 +21,7 @@ resource "random_string" "suffix" { } provider "google" { - version = "~> 3.35.0" + version = "~> 3.42.0" project = var.project_ids[1] } diff --git a/test/setup/main.tf b/test/setup/main.tf index 3cf7fae4e6..75d59b1661 100644 --- a/test/setup/main.tf +++ b/test/setup/main.tf @@ -20,7 +20,7 @@ resource "random_id" "random_project_id_suffix" { module "gke-project-1" { source = "terraform-google-modules/project-factory/google" - version = "~> 8.0" + version = "~> 9.1.0" name = "ci-gke-${random_id.random_project_id_suffix.hex}" random_project_id = true @@ -35,15 +35,22 @@ module "gke-project-1" { "cloudkms.googleapis.com", "cloudresourcemanager.googleapis.com", "container.googleapis.com", + "compute.googleapis.com", "pubsub.googleapis.com", "serviceusage.googleapis.com", "storage-api.googleapis.com", ] + activate_api_identities = [ + { + api = "container.googleapis.com" + roles = ["roles/cloudkms.cryptoKeyEncrypterDecrypter"] + }, + ] } module "gke-project-2" { source = "terraform-google-modules/project-factory/google" - version = "~> 8.0" + version = "~> 9.1.0" name = "ci-gke-${random_id.random_project_id_suffix.hex}" random_project_id = true @@ -56,16 +63,23 @@ module "gke-project-2" { "cloudkms.googleapis.com", "cloudresourcemanager.googleapis.com", "container.googleapis.com", + "compute.googleapis.com", "pubsub.googleapis.com", "serviceusage.googleapis.com", "storage-api.googleapis.com", ] + activate_api_identities = [ + { + api = "container.googleapis.com" + roles = ["roles/cloudkms.cryptoKeyEncrypterDecrypter"] + }, + ] } # apis as documented https://cloud.google.com/service-mesh/docs/gke-install-new-cluster#setting_up_your_project module "gke-project-asm" { source = "terraform-google-modules/project-factory/google" - version = "~> 8.0" + version = "~> 9.1.0" name = "ci-gke-asm-${random_id.random_project_id_suffix.hex}" random_project_id = true diff --git a/test/setup/versions.tf b/test/setup/versions.tf index cec9f1d44e..02f0b2182b 100644 --- a/test/setup/versions.tf +++ b/test/setup/versions.tf @@ -19,9 +19,9 @@ terraform { } provider "google" { - version = "3.25.0" + version = "3.42.0" } provider "google-beta" { - version = "3.32.0" + version = "3.42.0" } diff --git a/variables.tf b/variables.tf index 08beb9f7b3..e197d422ef 100644 --- a/variables.tf +++ b/variables.tf @@ -187,6 +187,18 @@ variable "enable_resource_consumption_export" { description = "Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export." default = true } + +variable "node_pools_taints" { + type = map(list(object({ key = string, value = string, effect = string }))) + description = "Map of lists containing node taints by node-pool name" + + # Default is being set in variables_defaults.tf + default = { + all = [] + default-node-pool = [] + } +} + variable "node_pools_tags" { type = map(list(string)) description = "Map of lists containing node network tags by node-pool name" diff --git a/variables_defaults.tf b/variables_defaults.tf index 93bf1c1341..70ac8ba1c1 100644 --- a/variables_defaults.tf +++ b/variables_defaults.tf @@ -40,6 +40,16 @@ locals { var.node_pools_metadata ) + node_pools_taints = merge( + { all = [] }, + { default-node-pool = [] }, + zipmap( + [for node_pool in var.node_pools : node_pool["name"]], + [for node_pool in var.node_pools : []] + ), + var.node_pools_taints + ) + node_pools_tags = merge( { all = [] }, { default-node-pool = [] },