From 6c00b7f04f620a57a6653d779156f98b23bb4f56 Mon Sep 17 00:00:00 2001 From: Filippo Merante Date: Thu, 20 Jul 2023 10:40:52 +0200 Subject: [PATCH] fix required provider Signed-off-by: Filippo Merante --- README.md | 29 ++++++++++++++++------------- main.tf | 3 +++ network.tf | 4 ++-- variables.tf | 20 +++++++++++++++++++- versions.tf | 12 ++++++------ 5 files changed, 46 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 6ecf48b..701aa78 100644 --- a/README.md +++ b/README.md @@ -46,23 +46,23 @@ For a total of: | Name | Version | |------|---------| -| [google](#provider\_google) | ~> 4.73.0 | -| [google-beta](#provider\_google-beta) | ~> 4.73.0 | -| [helm](#provider\_helm) | ~> 2.10.1 | -| [kubectl](#provider\_kubectl) | ~> 1.14.0 | -| [kubernetes](#provider\_kubernetes) | ~> 2.22.0 | -| [random](#provider\_random) | ~> 3.5.1 | +| [google](#provider\_google) | >= 4.51.0, < 5.0, !=4.65.0, !=4.65.1 | +| [google-beta](#provider\_google-beta) | >= 4.51.0, < 5.0, !=4.65.0, !=4.65.1 | +| [helm](#provider\_helm) | >= 2.10.1 | +| [kubectl](#provider\_kubectl) | >= 1.14.0 | +| [kubernetes](#provider\_kubernetes) | >= 2.22 | +| [random](#provider\_random) | >= 3.5.1 | ## Requirements | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3 | -| [google](#requirement\_google) | ~> 4.73.0 | -| [google-beta](#requirement\_google-beta) | ~> 4.73.0 | -| [helm](#requirement\_helm) | ~> 2.10.1 | -| [kubectl](#requirement\_kubectl) | ~> 1.14.0 | -| [kubernetes](#requirement\_kubernetes) | ~> 2.22.0 | -| [random](#requirement\_random) | ~> 3.5.1 | +| [google](#requirement\_google) | >= 4.51.0, < 5.0, !=4.65.0, !=4.65.1 | +| [google-beta](#requirement\_google-beta) | >= 4.51.0, < 5.0, !=4.65.0, !=4.65.1 | +| [helm](#requirement\_helm) | >= 2.10.1 | +| [kubectl](#requirement\_kubectl) | >= 1.14.0 | +| [kubernetes](#requirement\_kubernetes) | >= 2.22 | +| [random](#requirement\_random) | >= 3.5.1 | ## Inputs | Name | Description | Type | Default | Required | @@ -96,11 +96,14 @@ For a total of: | [domain](#input\_domain) | This is the unique identifier of your server in the network. It cannot be safely changed later, as changing it will cause remote servers to confuse your existing accounts with entirely new ones. It has to be the domain name you are running the server under (without the protocol part, e.g. just example.com). | `string` | n/a | yes | | [gcp\_default\_labels](#input\_gcp\_default\_labels) | Default labels to apply to all resources | `map(string)` | `null` | no | | [gke\_authenticator\_security\_group](#input\_gke\_authenticator\_security\_group) | The security group to allow access to the cluster | `string` | n/a | yes | +| [gke\_create\_service\_account](#input\_gke\_create\_service\_account) | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | [gke\_kubernetes\_version](#input\_gke\_kubernetes\_version) | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | [gke\_maintenance\_end\_time](#input\_gke\_maintenance\_end\_time) | The end time for the maintenance window | `string` | `"1970-01-01T04:00:00Z"` | no | | [gke\_maintenance\_recurrence](#input\_gke\_maintenance\_recurrence) | The recurrence for the maintenance window | `string` | `"FREQ=WEEKLY;BYDAY=MO,TU,WE,TH,FR,SA,SU"` | no | | [gke\_maintenance\_start\_time](#input\_gke\_maintenance\_start\_time) | The start time for the maintenance window | `string` | `"1970-01-01T00:00:00Z"` | no | -| [gke\_workload\_config\_audit\_mode](#input\_gke\_workload\_config\_audit\_mode) | The mode for workload identity config audit | `string` | `"STANDARD"` | no | +| [gke\_service\_account](#input\_gke\_service\_account) | The service account to run nodes as if not overridden in node\_pools. The gke\_create\_service\_account variable default value (true) will cause a cluster-specific service account to be created. This service account should already exists and it will be used by the node pools. If you wish to only override the service account name, you can use service\_account\_name variable. | `string` | `""` | no | +| [gke\_service\_account\_name](#input\_gke\_service\_account\_name) | The name of the service account that will be created if gke\_create\_service\_account is true. If you wish to use an existing service account, use gke\_service\_account variable. | `string` | `""` | no | +| [gke\_workload\_config\_audit\_mode](#input\_gke\_workload\_config\_audit\_mode) | The mode for workload identity config audit | `string` | `""` | no | | [gke\_workload\_vulnerability\_mode](#input\_gke\_workload\_vulnerability\_mode) | The mode for workload identity vulnerability | `string` | `""` | no | | [gke\_zone](#input\_gke\_zone) | gke\_zone within the region to use this cluster | `list(any)` | 
[
  "europe-west1-b"
]
| no | | [helm\_chart\_version](#input\_helm\_chart\_version) | The version of the helm chart to use | `string` | `"3.0.0"` | no | diff --git a/main.tf b/main.tf index 3f2bd1d..d9afce6 100644 --- a/main.tf +++ b/main.tf @@ -29,6 +29,9 @@ module "gke" { kubernetes_version = var.gke_kubernetes_version workload_config_audit_mode = var.gke_workload_config_audit_mode workload_vulnerability_mode = var.gke_workload_vulnerability_mode + create_service_account = var.gke_create_service_account + service_account_name = var.gke_service_account_name + service_account = var.gke_service_account horizontal_pod_autoscaling = true enable_private_endpoint = false enable_private_nodes = true diff --git a/network.tf b/network.tf index 1cd2f0e..ab3b468 100644 --- a/network.tf +++ b/network.tf @@ -1,6 +1,6 @@ module "vpc" { source = "terraform-google-modules/network/google" - version = "6.0.1" + version = "~> 6.0.1" network_name = "${var.name}-vpc" project_id = module.enabled_google_apis.project_id routing_mode = "GLOBAL" @@ -34,7 +34,7 @@ resource "google_compute_address" "cloud_nat_ip" { module "cloud_nat" { source = "terraform-google-modules/cloud-nat/google" - version = "2.2.1" + version = "~> 2.2.1" name = "${var.name}-cloud-nat" project_id = module.enabled_google_apis.project_id region = var.region diff --git a/variables.tf b/variables.tf index 419f0ac..e0ba2b6 100644 --- a/variables.tf +++ b/variables.tf @@ -72,7 +72,7 @@ variable "gke_kubernetes_version" { variable "gke_workload_config_audit_mode" { type = string description = "The mode for workload identity config audit" - default = "STANDARD" + default = "" } variable "gke_workload_vulnerability_mode" { @@ -81,6 +81,24 @@ variable "gke_workload_vulnerability_mode" { default = "" } +variable "gke_create_service_account" { + type = bool + description = "Defines if service account specified to run nodes should be created." + default = true +} + +variable "gke_service_account" { + type = string + description = "The service account to run nodes as if not overridden in node_pools. The gke_create_service_account variable default value (true) will cause a cluster-specific service account to be created. This service account should already exists and it will be used by the node pools. If you wish to only override the service account name, you can use service_account_name variable." + default = "" +} + +variable "gke_service_account_name" { + type = string + description = "The name of the service account that will be created if gke_create_service_account is true. If you wish to use an existing service account, use gke_service_account variable." + default = "" +} + variable "kubernetes_namespace" { type = string description = "The name of the namespace to deploy the application in" diff --git a/versions.tf b/versions.tf index 2b3a7ff..f8a151e 100644 --- a/versions.tf +++ b/versions.tf @@ -3,27 +3,27 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "~> 4.73.0" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = "~> 4.73.0" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" - version = "~> 2.22.0" + version = ">= 2.22" } random = { source = "hashicorp/random" - version = "~> 3.5.1" + version = ">= 3.5.1" } helm = { source = "hashicorp/helm" - version = "~> 2.10.1" + version = ">= 2.10.1" } kubectl = { source = "gavinbunney/kubectl" - version = "~> 1.14.0" + version = ">= 1.14.0" } } }