Dataplane V2 integration (#256)

* Dataplane V2 integration * Moving enable_dataplane_v2 outside addons * Fixing enable_dataplane_v2 position and default value * Fix README with default value * Removing enable_dataplane_v2 from addons * Adding standalone Dataplane V2 Example
2021-06-04 12:29:12 +02:00 · 2021-06-04 12:29:12 +02:00 · 71031efc7c
parent f53aba9bba
commit 71031efc7c
3 changed files with 46 additions and 3 deletions
--- a/modules/gke-cluster/README.md
+++ b/modules/gke-cluster/README.md
@ -4,6 +4,8 @@ This module allows simplified creation and management of GKE clusters and should

 ## Example

+### GKE Cluster
+
 ```hcl
 module "cluster-1" {
  source                    = "./modules/gke-cluster"
@ -31,6 +33,36 @@ module "cluster-1" {
 # tftest:modules=1:resources=1
 ```

+### GKE Cluster with Dataplane V2 enabled
+
+```hcl
+module "cluster-1" {
+  source                    = "./modules/gke-cluster"
+  project_id                = "myproject"
+  name                      = "cluster-1"
+  location                  = "europe-west1-b"
+  network                   = var.vpc.self_link
+  subnetwork                = var.subnet.self_link
+  secondary_range_pods      = "pods"
+  secondary_range_services  = "services"
+  default_max_pods_per_node = 32
+  enable_dataplane_v2       = true
+  master_authorized_ranges = {
+    internal-vms = "10.0.0.0/8"
+  }
+  private_cluster_config = {
+    enable_private_nodes    = true
+    enable_private_endpoint = true
+    master_ipv4_cidr_block  = "192.168.0.0/28"
+    master_global_access    = false
+  }
+  labels = {
+    environment = "dev"
+  }
+}
+# tftest:modules=1:resources=1
+```
+
 <!-- BEGIN TFDOC -->
 ## Variables

@ -50,6 +82,7 @@ module "cluster-1" {
 | *default_max_pods_per_node* | Maximum number of pods per node in this cluster. | <code title="">number</code> |  | <code title="">110</code> |
 | *description* | Cluster description. | <code title="">string</code> |  | <code title="">null</code> |
 | *enable_binary_authorization* | Enable Google Binary Authorization. | <code title="">bool</code> |  | <code title="">null</code> |
+| *enable_dataplane_v2* | Enable Dataplane V2 on the cluster, will disable network_policy addons config | <code title="">bool</code> |  | <code title="">false</code> |
 | *enable_intranode_visibility* | Enable intra-node visibility to make same node pod to pod traffic visible. | <code title="">bool</code> |  | <code title="">null</code> |
 | *enable_shielded_nodes* | Enable Shielded Nodes features on all nodes in this cluster. | <code title="">bool</code> |  | <code title="">null</code> |
 | *enable_tpu* | Enable Cloud TPU resources in this cluster. | <code title="">bool</code> |  | <code title="">null</code> |
--- a/modules/gke-cluster/main.tf
+++ b/modules/gke-cluster/main.tf
@ -49,7 +49,8 @@ resource "google_container_cluster" "cluster" {
  enable_tpu                  = var.enable_tpu
  initial_node_count          = 1
  remove_default_node_pool    = true
-
+  datapath_provider           = var.enable_dataplane_v2 ? "ADVANCED_DATAPATH" : "DATAPATH_PROVIDER_UNSPECIFIED"
+  
  # node_config {}
  # NOTE: Default node_pool is deleted, so node_config (here) is extranneous.
  # Specify that node_config as an parameter to gke-nodepool module instead.
@ -120,11 +121,12 @@ resource "google_container_cluster" "cluster" {
    }
  }

+  #the network_policy block is enabled if network_policy_config and network_dataplane_v2 is set to false. Dataplane V2 has built-in network policies.
  dynamic "network_policy" {
    for_each = var.addons.network_policy_config ? [""] : []
    content {
-      enabled  = true
-      provider = "CALICO"
+      enabled  = var.enable_dataplane_v2 ? false : true                       
+      provider = var.enable_dataplane_v2 ? "PROVIDER_UNSPECIFIED" : "CALICO"
    }
  }

--- a/modules/gke-cluster/variables.tf
+++ b/modules/gke-cluster/variables.tf
@ -25,7 +25,9 @@ variable "addons" {
      enabled = bool
      tls     = bool
    })
+   
    network_policy_config = bool
+
    gce_persistent_disk_csi_driver_config = bool
  })
  default = {
@ -42,6 +44,12 @@ variable "addons" {
  }
 }

+variable "enable_dataplane_v2" {
+  description = "Enable Dataplane V2 on the cluster, will disable network_policy addons config"
+  type = bool
+  default = false
+}
+
 variable "authenticator_security_group" {
  description = "RBAC security group for Google Groups for GKE, format is gke-security-groups@yourdomain.com."
  type        = string