Merge branch 'df-cmek-01' of https://github.com/terraform-google-modules/cloud-foundation-fabric into df-cmek-01
This commit is contained in:
commit
3237db06d8
11
CHANGELOG.md
11
CHANGELOG.md
|
@ -3,15 +3,16 @@
|
|||
All notable changes to this project will be documented in this file.
|
||||
|
||||
## [Unreleased]
|
||||
- Create `pubsub` service identity if service is enabled
|
||||
- create `pubsub` service identity if service is enabled
|
||||
- support for creation of GKE Autopilot clusters
|
||||
- Add support for CMEK keys in Data Foundation end to end example
|
||||
|
||||
## [5.0.0] - 2021-06-17
|
||||
|
||||
- Fix `message_retention_duration` variable type in `pubsub` module
|
||||
- Move `bq` robot service account into the robot service account project output
|
||||
- Add IAM cryptDecrypt role to robot service account on specified keys
|
||||
- Add Service Identity creation on `project` module if secretmanager enabled
|
||||
- fix `message_retention_duration` variable type in `pubsub` module
|
||||
- move `bq` robot service account into the robot service account project output
|
||||
- add IAM cryptDecrypt role to robot service account on specified keys
|
||||
- add Service Identity creation on `project` module if secretmanager enabled
|
||||
- add Data Foundation end to end example
|
||||
|
||||
## [4.9.0] - 2021-06-04
|
||||
|
|
|
@ -81,6 +81,7 @@ module "cluster-1" {
|
|||
| *database_encryption* | Enable and configure GKE application-layer secrets encryption. | <code title="object({ enabled = bool state = string key_name = string })">object({...})</code> | | <code title="{ enabled = false state = "DECRYPTED" key_name = null }">...</code> |
|
||||
| *default_max_pods_per_node* | Maximum number of pods per node in this cluster. | <code title="">number</code> | | <code title="">110</code> |
|
||||
| *description* | Cluster description. | <code title="">string</code> | | <code title="">null</code> |
|
||||
| *enable_autopilot* | Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node) | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *enable_binary_authorization* | Enable Google Binary Authorization. | <code title="">bool</code> | | <code title="">null</code> |
|
||||
| *enable_dataplane_v2* | Enable Dataplane V2 on the cluster, will disable network_policy addons config | <code title="">bool</code> | | <code title="">false</code> |
|
||||
| *enable_intranode_visibility* | Enable intra-node visibility to make same node pod to pod traffic visible. | <code title="">bool</code> | | <code title="">null</code> |
|
||||
|
|
|
@ -42,14 +42,15 @@ resource "google_container_cluster" "cluster" {
|
|||
logging_service = var.logging_service
|
||||
monitoring_service = var.monitoring_service
|
||||
resource_labels = var.labels
|
||||
default_max_pods_per_node = var.default_max_pods_per_node
|
||||
default_max_pods_per_node = var.enable_autopilot ? null : var.default_max_pods_per_node
|
||||
enable_binary_authorization = var.enable_binary_authorization
|
||||
enable_intranode_visibility = var.enable_intranode_visibility
|
||||
enable_shielded_nodes = var.enable_shielded_nodes
|
||||
enable_tpu = var.enable_tpu
|
||||
initial_node_count = 1
|
||||
remove_default_node_pool = true
|
||||
remove_default_node_pool = var.enable_autopilot ? null : true
|
||||
datapath_provider = var.enable_dataplane_v2 ? "ADVANCED_DATAPATH" : "DATAPATH_PROVIDER_UNSPECIFIED"
|
||||
enable_autopilot = var.enable_autopilot == true ? true : null
|
||||
|
||||
# node_config {}
|
||||
# NOTE: Default node_pool is deleted, so node_config (here) is extranneous.
|
||||
|
@ -66,9 +67,12 @@ resource "google_container_cluster" "cluster" {
|
|||
horizontal_pod_autoscaling {
|
||||
disabled = !var.addons.horizontal_pod_autoscaling
|
||||
}
|
||||
network_policy_config {
|
||||
dynamic "network_policy_config" {
|
||||
for_each = !var.enable_autopilot ? [""] : []
|
||||
content {
|
||||
disabled = !var.addons.network_policy_config
|
||||
}
|
||||
}
|
||||
cloudrun_config {
|
||||
disabled = !var.addons.cloudrun_config
|
||||
}
|
||||
|
@ -217,7 +221,7 @@ resource "google_container_cluster" "cluster" {
|
|||
}
|
||||
|
||||
dynamic "workload_identity_config" {
|
||||
for_each = var.workload_identity ? [""] : []
|
||||
for_each = var.workload_identity && !var.enable_autopilot ? [""] : []
|
||||
content {
|
||||
identity_namespace = "${var.project_id}.svc.id.goog"
|
||||
}
|
||||
|
|
|
@ -25,9 +25,7 @@ variable "addons" {
|
|||
enabled = bool
|
||||
tls = bool
|
||||
})
|
||||
|
||||
network_policy_config = bool
|
||||
|
||||
gce_persistent_disk_csi_driver_config = bool
|
||||
})
|
||||
default = {
|
||||
|
@ -257,3 +255,10 @@ variable "workload_identity" {
|
|||
type = bool
|
||||
default = true
|
||||
}
|
||||
|
||||
variable "enable_autopilot" {
|
||||
description = "Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node)"
|
||||
type = bool
|
||||
default = false
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue