Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add support for configuring allow_net_admin in autopilot clusters #1768

Merged
merged 11 commits into from Nov 15, 2023
Merged

feat: Add support for configuring allow_net_admin in autopilot clusters #1768

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
f824f8e
Add support for configuring allow_net_admin in autopilot clusters
rossbannerman Oct 11, 2023
449c024
Merge branch 'master' into master
rossbannerman Nov 3, 2023
fb9e6d4
Merge branch 'master' into master
apeabody Nov 13, 2023
4d6a4ab
Default to null instead of false
rossbannerman Nov 14, 2023
9ccfd4e
Merge branch 'terraform-google-modules:master' into master
rossbannerman Nov 14, 2023
7d37cab
Feedback: move new line into if block
rossbannerman Nov 14, 2023
c12ad0e
Feedback: fighting new lines
rossbannerman Nov 14, 2023
d3758ec
Feedback: fighting new lines
rossbannerman Nov 14, 2023
a4b2a32
Feedback: fighting new lines
rossbannerman Nov 14, 2023
35c80b9
Feedback: fighting new lines
rossbannerman Nov 14, 2023
f69c47a
Merge branch 'master' into master
apeabody Nov 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 5 additions & 0 deletions autogen/main/cluster.tf.tmpl
View file
Open in desktop
Expand Up @@ -326,6 +326,11 @@ resource "google_container_cluster" "primary" {
}
{% endif %}
}

rossbannerman marked this conversation as resolved.
Show resolved Hide resolved
{% if autopilot_cluster %}
allow_net_admin = var.allow_net_admin
{% endif %}

{% if autopilot_cluster != true %}

datapath_provider = var.datapath_provider
Expand Down
8 changes: 8 additions & 0 deletions autogen/main/variables.tf.tmpl
View file
Open in desktop
Expand Up @@ -849,3 +849,11 @@ variable "enable_gcfs" {
}
{% endif %}
{% endif %}

apeabody marked this conversation as resolved.
Show resolved Hide resolved
{% if autopilot_cluster %}
variable "allow_net_admin" {
description = "(Optional) Enable NET_ADMIN for the cluster."
type = bool
default = null
}
{% endif %}
2 changes: 2 additions & 0 deletions cluster.tf
View file
Open in desktop
Expand Up @@ -215,6 +215,8 @@ resource "google_container_cluster" "primary" {
}
}


rossbannerman marked this conversation as resolved.
Show resolved Hide resolved

datapath_provider = var.datapath_provider


Expand Down
1 change: 1 addition & 0 deletions modules/beta-autopilot-private-cluster/README.md
View file
Open in desktop
Expand Up @@ -75,6 +75,7 @@ Then perform the following commands on the root folder:
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| allow\_net\_admin | (Optional) Enable NET\_ADMIN for the cluster. | `bool` | `false` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no |
| cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no |
Expand Down
3 changes: 3 additions & 0 deletions modules/beta-autopilot-private-cluster/cluster.tf
View file
Open in desktop
Expand Up @@ -130,6 +130,9 @@ resource "google_container_cluster" "primary" {

}

allow_net_admin = var.allow_net_admin


networking_mode = "VPC_NATIVE"

protect_config {
Expand Down
6 changes: 6 additions & 0 deletions modules/beta-autopilot-private-cluster/variables.tf
View file
Open in desktop
Expand Up @@ -448,3 +448,9 @@ variable "timeouts" {
}
}


variable "allow_net_admin" {
description = "(Optional) Enable NET_ADMIN for the cluster."
type = bool
default = false
}
1 change: 1 addition & 0 deletions modules/beta-autopilot-public-cluster/README.md
View file
Open in desktop
Expand Up @@ -69,6 +69,7 @@ Then perform the following commands on the root folder:
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| allow\_net\_admin | (Optional) Enable NET\_ADMIN for the cluster. | `bool` | `false` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no |
| cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no |
Expand Down
3 changes: 3 additions & 0 deletions modules/beta-autopilot-public-cluster/cluster.tf
View file
Open in desktop
Expand Up @@ -130,6 +130,9 @@ resource "google_container_cluster" "primary" {

}

allow_net_admin = var.allow_net_admin


networking_mode = "VPC_NATIVE"

protect_config {
Expand Down
6 changes: 6 additions & 0 deletions modules/beta-autopilot-public-cluster/variables.tf
View file
Open in desktop
Expand Up @@ -418,3 +418,9 @@ variable "timeouts" {
}
}


variable "allow_net_admin" {
description = "(Optional) Enable NET_ADMIN for the cluster."
type = bool
default = false
}
2 changes: 2 additions & 0 deletions modules/beta-private-cluster-update-variant/cluster.tf
View file
Open in desktop
Expand Up @@ -265,6 +265,8 @@ resource "google_container_cluster" "primary" {
}
}



datapath_provider = var.datapath_provider

networking_mode = "VPC_NATIVE"
Expand Down
1 change: 1 addition & 0 deletions modules/beta-private-cluster-update-variant/variables.tf
View file
Open in desktop
Expand Up @@ -804,3 +804,4 @@ variable "enable_gcfs" {
description = "Enable image streaming on cluster level."
default = false
}

2 changes: 2 additions & 0 deletions modules/beta-private-cluster/cluster.tf
View file
Open in desktop
Expand Up @@ -265,6 +265,8 @@ resource "google_container_cluster" "primary" {
}
}



datapath_provider = var.datapath_provider

networking_mode = "VPC_NATIVE"
Expand Down
1 change: 1 addition & 0 deletions modules/beta-private-cluster/variables.tf
View file
Open in desktop
Expand Up @@ -804,3 +804,4 @@ variable "enable_gcfs" {
description = "Enable image streaming on cluster level."
default = false
}

2 changes: 2 additions & 0 deletions modules/beta-public-cluster-update-variant/cluster.tf
View file
Open in desktop
Expand Up @@ -265,6 +265,8 @@ resource "google_container_cluster" "primary" {
}
}



datapath_provider = var.datapath_provider

networking_mode = "VPC_NATIVE"
Expand Down
1 change: 1 addition & 0 deletions modules/beta-public-cluster-update-variant/variables.tf
View file
Open in desktop
Expand Up @@ -774,3 +774,4 @@ variable "enable_gcfs" {
description = "Enable image streaming on cluster level."
default = false
}

2 changes: 2 additions & 0 deletions modules/beta-public-cluster/cluster.tf
View file
Open in desktop
Expand Up @@ -265,6 +265,8 @@ resource "google_container_cluster" "primary" {
}
}



datapath_provider = var.datapath_provider

networking_mode = "VPC_NATIVE"
Expand Down
1 change: 1 addition & 0 deletions modules/beta-public-cluster/variables.tf
View file
Open in desktop
Expand Up @@ -774,3 +774,4 @@ variable "enable_gcfs" {
description = "Enable image streaming on cluster level."
default = false
}

2 changes: 2 additions & 0 deletions modules/private-cluster-update-variant/cluster.tf
View file
Open in desktop
Expand Up @@ -215,6 +215,8 @@ resource "google_container_cluster" "primary" {
}
}



datapath_provider = var.datapath_provider


Expand Down
1 change: 1 addition & 0 deletions modules/private-cluster-update-variant/variables.tf
View file
Open in desktop
Expand Up @@ -702,3 +702,4 @@ variable "config_connector" {
description = "Whether ConfigConnector is enabled for this cluster."
default = false
}

2 changes: 2 additions & 0 deletions modules/private-cluster/cluster.tf
View file
Open in desktop
Expand Up @@ -215,6 +215,8 @@ resource "google_container_cluster" "primary" {
}
}



datapath_provider = var.datapath_provider


Expand Down
1 change: 1 addition & 0 deletions modules/private-cluster/variables.tf
View file
Open in desktop
Expand Up @@ -702,3 +702,4 @@ variable "config_connector" {
description = "Whether ConfigConnector is enabled for this cluster."
default = false
}

1 change: 1 addition & 0 deletions variables.tf
View file
Open in desktop
Expand Up @@ -672,3 +672,4 @@ variable "config_connector" {
description = "Whether ConfigConnector is enabled for this cluster."
default = false
}