From a95ce1b7d4b017d24b4583d2a7dfa04fa85e0a6f Mon Sep 17 00:00:00 2001 From: Richard Song Date: Mon, 12 Aug 2019 15:36:37 -0400 Subject: [PATCH 1/2] added check for optional fields added optional field lookup and resource usage export config changed to dataset_id revert examples fixed bug where resource_usage_export_dataset_id was being set even if empty string check for null --- autogen/cluster.tf | 10 +++++++++- autogen/main.tf | 6 +++--- autogen/variables.tf | 5 +++++ modules/beta-private-cluster/README.md | 1 + modules/beta-private-cluster/cluster.tf | 10 +++++++++- modules/beta-private-cluster/main.tf | 6 +++--- modules/beta-private-cluster/variables.tf | 5 +++++ modules/beta-public-cluster/README.md | 1 + modules/beta-public-cluster/cluster.tf | 10 +++++++++- modules/beta-public-cluster/main.tf | 6 +++--- modules/beta-public-cluster/variables.tf | 5 +++++ 11 files changed, 53 insertions(+), 12 deletions(-) diff --git a/autogen/cluster.tf b/autogen/cluster.tf index 664de67855..8f169c1f16 100644 --- a/autogen/cluster.tf +++ b/autogen/cluster.tf @@ -66,7 +66,15 @@ resource "google_container_cluster" "primary" { enabled = pod_security_policy_config.value.enabled } } - + dynamic "resource_usage_export_config" { + for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : [] + content { + enable_network_egress_metering = true + bigquery_destination { + dataset_id = resource_usage_export_dataset_id.value + } + } + } {% endif %} dynamic "master_authorized_networks_config" { for_each = var.master_authorized_networks_config diff --git a/autogen/main.tf b/autogen/main.tf index 9d6476b916..9988aa7b4b 100644 --- a/autogen/main.tf +++ b/autogen/main.tf @@ -102,10 +102,10 @@ locals { {% if beta_cluster %} # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config.0.enabled + cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true" + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false" cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false" # /BETA features {% endif %} diff --git a/autogen/variables.tf b/autogen/variables.tf index 9a956194e0..04b55cb5b3 100644 --- a/autogen/variables.tf +++ b/autogen/variables.tf @@ -366,6 +366,11 @@ variable "pod_security_policy_config" { }] } +variable "resource_usage_export_dataset_id" { + description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic." + default = "" +} + variable "node_metadata" { description = "Specifies how node metadata is exposed to the workload running on the node" default = "UNSPECIFIED" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index eba9f48d31..6b6096e389 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -191,6 +191,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | region | The region to host the cluster in (required) | string | n/a | yes | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool | `"true"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no | +| resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no | | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `` | no | | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index d887d332ed..00b751c440 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -61,7 +61,15 @@ resource "google_container_cluster" "primary" { enabled = pod_security_policy_config.value.enabled } } - + dynamic "resource_usage_export_config" { + for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : [] + content { + enable_network_egress_metering = true + bigquery_destination { + dataset_id = resource_usage_export_dataset_id.value + } + } + } dynamic "master_authorized_networks_config" { for_each = var.master_authorized_networks_config content { diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 43fea3b6dc..4ed2381da2 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -91,10 +91,10 @@ locals { cluster_output_kubernetes_dashboard_enabled = google_container_cluster.primary.addons_config.0.kubernetes_dashboard.0.disabled # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config.0.enabled + cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true" + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false" cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false" # /BETA features diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 6aa50eafff..f2ac656def 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -363,6 +363,11 @@ variable "pod_security_policy_config" { }] } +variable "resource_usage_export_dataset_id" { + description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic." + default = "" +} + variable "node_metadata" { description = "Specifies how node metadata is exposed to the workload running on the node" default = "UNSPECIFIED" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 49ffddedc1..eaca891ea0 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -182,6 +182,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | region | The region to host the cluster in (required) | string | n/a | yes | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool | `"true"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no | +| resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no | | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `` | no | | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index c26d85ff50..228722017c 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -61,7 +61,15 @@ resource "google_container_cluster" "primary" { enabled = pod_security_policy_config.value.enabled } } - + dynamic "resource_usage_export_config" { + for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : [] + content { + enable_network_egress_metering = true + bigquery_destination { + dataset_id = resource_usage_export_dataset_id.value + } + } + } dynamic "master_authorized_networks_config" { for_each = var.master_authorized_networks_config content { diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index db5138e99f..ed7c1864b5 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -91,10 +91,10 @@ locals { cluster_output_kubernetes_dashboard_enabled = google_container_cluster.primary.addons_config.0.kubernetes_dashboard.0.disabled # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config.0.enabled + cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true" + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false" cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false" # /BETA features diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index d8b68de69b..e48b57b14c 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -339,6 +339,11 @@ variable "pod_security_policy_config" { }] } +variable "resource_usage_export_dataset_id" { + description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic." + default = "" +} + variable "node_metadata" { description = "Specifies how node metadata is exposed to the workload running on the node" default = "UNSPECIFIED" From 99d8e374abb11a6681fe8a5f398ed8cdbd51d12c Mon Sep 17 00:00:00 2001 From: pp Date: Mon, 19 Aug 2019 18:21:16 +0300 Subject: [PATCH 2/2] Added support for resource usage export config * Based on PR https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/230 * Add support for beta feature resource_usage_export_config (Fixes #232) --- CHANGELOG.md | 2 ++ autogen/cluster.tf | 3 ++- autogen/main.tf | 6 +++--- autogen/variables.tf | 1 + modules/beta-private-cluster/cluster.tf | 3 ++- modules/beta-private-cluster/main.tf | 6 +++--- modules/beta-private-cluster/variables.tf | 1 + modules/beta-public-cluster/cluster.tf | 3 ++- modules/beta-public-cluster/main.tf | 6 +++--- modules/beta-public-cluster/variables.tf | 1 + 10 files changed, 20 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 706682fbf1..55fe78f7c1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ Extending the adopted spec, each change should have a link to its corresponding ## [Unreleased] ### Added +* Added support for resource usage export config [#238] * Added `grant_registry_access` variable to grant Container Registry access to created SA [#236] * Support for Intranode Visbiility (IV) and Veritical Pod Autoscaling (VPA) beta features [#216] * Support for Workload Identity beta feature [#234] @@ -170,6 +171,7 @@ Extending the adopted spec, each change should have a link to its corresponding [v0.3.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.2.0...v0.3.0 [v0.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.1.0...v0.2.0 +[#238]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/238 [#236]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/236 [#217]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/217 [#234]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/234 diff --git a/autogen/cluster.tf b/autogen/cluster.tf index 8f169c1f16..94621de2eb 100644 --- a/autogen/cluster.tf +++ b/autogen/cluster.tf @@ -66,12 +66,13 @@ resource "google_container_cluster" "primary" { enabled = pod_security_policy_config.value.enabled } } + dynamic "resource_usage_export_config" { for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : [] content { enable_network_egress_metering = true bigquery_destination { - dataset_id = resource_usage_export_dataset_id.value + dataset_id = resource_usage_export_config.value } } } diff --git a/autogen/main.tf b/autogen/main.tf index 9988aa7b4b..9d6476b916 100644 --- a/autogen/main.tf +++ b/autogen/main.tf @@ -102,10 +102,10 @@ locals { {% if beta_cluster %} # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true" - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false" + cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config.0.enabled cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false" + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled # /BETA features {% endif %} diff --git a/autogen/variables.tf b/autogen/variables.tf index 04b55cb5b3..04712c35a9 100644 --- a/autogen/variables.tf +++ b/autogen/variables.tf @@ -367,6 +367,7 @@ variable "pod_security_policy_config" { } variable "resource_usage_export_dataset_id" { + type = string description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic." default = "" } diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 00b751c440..6af7a005d8 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -61,12 +61,13 @@ resource "google_container_cluster" "primary" { enabled = pod_security_policy_config.value.enabled } } + dynamic "resource_usage_export_config" { for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : [] content { enable_network_egress_metering = true bigquery_destination { - dataset_id = resource_usage_export_dataset_id.value + dataset_id = resource_usage_export_config.value } } } diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 4ed2381da2..43fea3b6dc 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -91,10 +91,10 @@ locals { cluster_output_kubernetes_dashboard_enabled = google_container_cluster.primary.addons_config.0.kubernetes_dashboard.0.disabled # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true" - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false" + cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config.0.enabled cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false" + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled # /BETA features diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index f2ac656def..5d505f6d1f 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -364,6 +364,7 @@ variable "pod_security_policy_config" { } variable "resource_usage_export_dataset_id" { + type = string description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic." default = "" } diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 228722017c..6d2a7c975e 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -61,12 +61,13 @@ resource "google_container_cluster" "primary" { enabled = pod_security_policy_config.value.enabled } } + dynamic "resource_usage_export_config" { for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : [] content { enable_network_egress_metering = true bigquery_destination { - dataset_id = resource_usage_export_dataset_id.value + dataset_id = resource_usage_export_config.value } } } diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index ed7c1864b5..db5138e99f 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -91,10 +91,10 @@ locals { cluster_output_kubernetes_dashboard_enabled = google_container_cluster.primary.addons_config.0.kubernetes_dashboard.0.disabled # BETA features - cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true" - cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false" + cluster_output_istio_enabled = google_container_cluster.primary.addons_config.0.istio_config.0.disabled + cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config.0.enabled cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility - cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false" + cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled # /BETA features diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index e48b57b14c..040dab3b99 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -340,6 +340,7 @@ variable "pod_security_policy_config" { } variable "resource_usage_export_dataset_id" { + type = string description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic." default = "" }