Skip to content

Commit

Permalink
Merge pull request #3021 from ameukam/tf-prepare-provide-upgrade
Browse files Browse the repository at this point in the history
terraform: Prepare upgrade terraform to 4.0.0
  • Loading branch information
k8s-ci-robot authored Nov 3, 2021
2 parents 7124660 + 4043b0b commit 667feb9
Show file tree
Hide file tree
Showing 17 changed files with 51 additions and 74 deletions.
4 changes: 2 additions & 2 deletions infra/gcp/terraform/k8s-infra-ii-sandbox/provider.tf
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
google-beta = {
source = "hashicorp/google-beta"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
}
}
4 changes: 2 additions & 2 deletions infra/gcp/terraform/k8s-infra-kubernetes-io/provider.tf
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
google-beta = {
source = "hashicorp/google-beta"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
}
}
Expand Down
4 changes: 2 additions & 2 deletions infra/gcp/terraform/k8s-infra-monitoring/provider.tf
Original file line number Diff line number Diff line change
Expand Up @@ -25,11 +25,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
google-beta = {
source = "hashicorp/google-beta"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
google-beta = {
source = "hashicorp/google-beta"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
}
}
4 changes: 2 additions & 2 deletions infra/gcp/terraform/k8s-infra-prow-build/00-provider.tf
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
google-beta = {
source = "hashicorp/google-beta"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
}
}
4 changes: 2 additions & 2 deletions infra/gcp/terraform/k8s-infra-public-pii/provider.tf
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
google-beta = {
source = "hashicorp/google-beta"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
}
}
4 changes: 2 additions & 2 deletions infra/gcp/terraform/k8s-infra-sandbox-capg/provider.tf
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
google-beta = {
source = "hashicorp/google-beta"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
}
}
4 changes: 2 additions & 2 deletions infra/gcp/terraform/kubernetes-public/00-inputs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,10 @@ terraform {

required_providers {
google = {
version = "~> 3.90.0"
version = "~> 3.90.1"
}
google-beta = {
version = "~> 3.90.0"
version = "~> 3.90.1"
}
}
}
Expand Down
20 changes: 4 additions & 16 deletions infra/gcp/terraform/kubernetes-public/10-cluster-configuration.tf
Original file line number Diff line number Diff line change
Expand Up @@ -102,16 +102,6 @@ resource "google_container_cluster" "cluster" {
// objects
remove_default_node_pool = true

// Disable local and certificate auth
master_auth {
username = ""
password = ""

client_certificate_config {
issue_client_certificate = false
}
}

// Release Channel subscriptions. See https://cloud.google.com/kubernetes-engine/docs/concepts/release-channels
release_channel {
channel = "REGULAR"
Expand All @@ -124,7 +114,7 @@ resource "google_container_cluster" "cluster" {

// Enable workload identity for GCP IAM
workload_identity_config {
identity_namespace = "${data.google_project.project.project_id}.svc.id.goog"
workload_pool = "${data.google_project.project.project_id}.svc.id.goog"
}

// Enable Stackdriver Kubernetes Monitoring
Expand Down Expand Up @@ -169,6 +159,9 @@ resource "google_container_cluster" "cluster" {
}
}

// Enable Shielded nodes
enable_shielded_nodes = false

// Enable NAP
cluster_autoscaling {
enabled = true
Expand All @@ -183,11 +176,6 @@ resource "google_container_cluster" "cluster" {
}
}

// Enable PodSecurityPolicy enforcement
pod_security_policy_config {
enabled = false // TODO: we should turn this on
}

// Enable VPA
vertical_pod_autoscaling {
enabled = true
Expand Down
18 changes: 9 additions & 9 deletions infra/gcp/terraform/kubernetes-public/prowjob-buckets.tf
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,9 @@ locals {

// Bucket for scalability tests results
resource "google_storage_bucket" "scalability_tests_logs" {
project = data.google_project.project.project_id
name = local.scalability_tests_logs_bucket_name

project = data.google_project.project.project_id
name = local.scalability_tests_logs_bucket_name
location = "US"
uniform_bucket_level_access = true

lifecycle_rule {
Expand Down Expand Up @@ -88,9 +88,9 @@ resource "google_storage_bucket_iam_policy" "scalability_tests_logs_policy" {

// Bucket used for Golang Scalability builds
resource "google_storage_bucket" "scalability_golang_builds" {
project = data.google_project.project.project_id
name = local.scalability_golang_builds_bucket_name

project = data.google_project.project.project_id
name = local.scalability_golang_builds_bucket_name
location = "US"
uniform_bucket_level_access = true
}

Expand Down Expand Up @@ -141,9 +141,9 @@ resource "google_storage_bucket_iam_policy" "scalability_golang_builds_policy" {

// Bucket for kops CI jobs results
resource "google_storage_bucket" "kops_ci_bucket" {
project = data.google_project.project.project_id
name = local.kops_ci_bucket_name

project = data.google_project.project.project_id
name = local.kops_ci_bucket_name
location = "US"
uniform_bucket_level_access = true
}

Expand Down
Binary file not shown.
31 changes: 7 additions & 24 deletions infra/gcp/terraform/modules/gke-cluster/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ resource "google_bigquery_dataset" "test_usage_metering" {
// IMPORTANT: The prod_ and test_ forms of this resource MUST be kept in sync.
// Any changes in one MUST be reflected in the other.
resource "google_container_cluster" "prod_cluster" {
count = var.is_prod_cluster == "true" ? 1 : 0
count = var.is_prod_cluster == "true" ? 1 : 0

name = var.cluster_name
location = var.cluster_location
Expand All @@ -117,24 +117,14 @@ resource "google_container_cluster" "prod_cluster" {
// objects
remove_default_node_pool = true

// Disable local and certificate auth
master_auth {
username = ""
password = ""

client_certificate_config {
issue_client_certificate = false
}
}

// Enable google-groups for RBAC
authenticator_groups_config {
security_group = "[email protected]"
}

// Enable workload identity for GCP IAM
workload_identity_config {
identity_namespace = "${var.project_name}.svc.id.goog"
workload_pool = "${var.project_name}.svc.id.goog"
}

// Enable Stackdriver Kubernetes Monitoring
Expand Down Expand Up @@ -185,6 +175,9 @@ resource "google_container_cluster" "prod_cluster" {
}
}

// Enable Shielded Nodes feature
enable_shielded_nodes = var.enable_shielded_nodes

release_channel {
channel = var.release_channel
}
Expand All @@ -195,7 +188,7 @@ resource "google_container_cluster" "prod_cluster" {
}
}
resource "google_container_cluster" "test_cluster" {
count = var.is_prod_cluster == "true" ? 0 : 1
count = var.is_prod_cluster == "true" ? 0 : 1

name = var.cluster_name
location = var.cluster_location
Expand All @@ -218,24 +211,14 @@ resource "google_container_cluster" "test_cluster" {
// objects
remove_default_node_pool = true

// Disable local and certificate auth
master_auth {
username = ""
password = ""

client_certificate_config {
issue_client_certificate = false
}
}

// Enable google-groups for RBAC
authenticator_groups_config {
security_group = "[email protected]"
}

// Enable workload identity for GCP IAM
workload_identity_config {
identity_namespace = "${var.project_name}.svc.id.goog"
workload_pool = "${var.project_name}.svc.id.goog"
}

// Enable Stackdriver Kubernetes Monitoring
Expand Down
8 changes: 7 additions & 1 deletion infra/gcp/terraform/modules/gke-cluster/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,12 @@ variable "cluster_location" {
type = string
}

variable "enable_shielded_nodes" {
type = bool
default = false
description = "Enable Shielded Nodes on all nodes in this cluster."
}

variable "bigquery_location" {
description = "The bigquery specific location where the dataset should be created"
type = string
Expand Down Expand Up @@ -62,7 +68,7 @@ variable "dns_cache_enabled" {
EOF
type = string
// TODO: default this true (and/or remove this option) once kubernetes-public/aaa uses this module
default = "false"
default = "false"
}

variable "cloud_shell_access" {
Expand Down
4 changes: 2 additions & 2 deletions infra/gcp/terraform/modules/gke-cluster/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
google-beta = {
source = "hashicorp/google-beta"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
}
}
4 changes: 2 additions & 2 deletions infra/gcp/terraform/modules/gke-nodepool/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
google-beta = {
source = "hashicorp/google-beta"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
}
}
4 changes: 2 additions & 2 deletions infra/gcp/terraform/modules/gke-project/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
google-beta = {
source = "hashicorp/google-beta"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
google-beta = {
source = "hashicorp/google-beta"
version = "~> 3.90.0"
version = "~> 3.90.1"
}
}
}

0 comments on commit 667feb9

Please sign in to comment.