From 5791ac1f64cbd9355a9e2ee96f29d1c5b8686d60 Mon Sep 17 00:00:00 2001 From: Gabriel Totusek Date: Mon, 20 Apr 2020 21:43:08 -0700 Subject: [PATCH] feat: [safer-cluster] Replace "kubernetes_version" with "release_channel" (#487) BREAKING CHANGE: For the safer cluster module, you must now specify `release_channel` instead of `kubernetes_version`. --- README.md | 1 - autogen/main/main.tf.tmpl | 3 --- autogen/main/variables.tf.tmpl | 8 +------- autogen/safer-cluster/main.tf.tmpl | 4 ++-- autogen/safer-cluster/variables.tf.tmpl | 10 +++++----- main.tf | 3 --- modules/beta-private-cluster-update-variant/README.md | 3 +-- modules/beta-private-cluster-update-variant/main.tf | 3 --- .../beta-private-cluster-update-variant/variables.tf | 8 +------- modules/beta-private-cluster/README.md | 3 +-- modules/beta-private-cluster/main.tf | 3 --- modules/beta-private-cluster/variables.tf | 8 +------- modules/beta-public-cluster/README.md | 3 +-- modules/beta-public-cluster/main.tf | 3 --- modules/beta-public-cluster/variables.tf | 8 +------- modules/private-cluster-update-variant/README.md | 1 - modules/private-cluster-update-variant/main.tf | 3 --- modules/private-cluster-update-variant/variables.tf | 6 ------ modules/private-cluster/README.md | 1 - modules/private-cluster/main.tf | 3 --- modules/private-cluster/variables.tf | 6 ------ modules/safer-cluster-update-variant/README.md | 6 +++--- modules/safer-cluster-update-variant/main.tf | 4 ++-- modules/safer-cluster-update-variant/variables.tf | 10 +++++----- modules/safer-cluster/README.md | 6 +++--- modules/safer-cluster/main.tf | 4 ++-- modules/safer-cluster/variables.tf | 10 +++++----- variables.tf | 6 ------ 28 files changed, 34 insertions(+), 103 deletions(-) diff --git a/README.md b/README.md index 250c197c97..6c4ef7f5a5 100644 --- a/README.md +++ b/README.md @@ -133,7 +133,6 @@ Then perform the following commands on the root folder: | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `` | no | | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | -| node\_version | The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation. | string | `""` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `` | no | | project\_id | The project ID to host the cluster in (required) | string | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | string | `"null"` | no | diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index b840e4beac..04773f1877 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -44,10 +44,7 @@ locals { // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version - node_version_regional = var.node_version != "" && var.regional ? var.node_version : local.master_version_regional - node_version_zonal = var.node_version != "" && ! var.regional ? var.node_version : local.master_version_zonal master_version = var.regional ? local.master_version_regional : local.master_version_zonal - node_version = var.regional ? local.node_version_regional : local.node_version_zonal // Build a map of maps of node pools from a list of objects node_pool_names = [for np in toset(var.node_pools) : np.name] diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index b8b2afcb3b..d36d063daa 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -72,12 +72,6 @@ variable "kubernetes_version" { default = "latest" } -variable "node_version" { - type = string - description = "The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation." - default = "" -} - variable "master_authorized_networks" { type = list(object({ cidr_block = string, display_name = string })) description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)." @@ -448,7 +442,7 @@ variable "node_metadata" { variable "sandbox_enabled" { type = bool - description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it)." + description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it)." default = false } diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl index 7cfd0e97e0..507b637f44 100644 --- a/autogen/safer-cluster/main.tf.tmpl +++ b/autogen/safer-cluster/main.tf.tmpl @@ -34,14 +34,14 @@ module "gke" { // We need to enforce a minimum Kubernetes Version to ensure // that the necessary security features are enabled. - kubernetes_version = "latest" + kubernetes_version = var.kubernetes_version // Nodes are created with a default version. The nodepool enables // auto_upgrade so that the node versions can be kept up to date with // the master upgrades. // // https://cloud.google.com/kubernetes-engine/versioning-and-upgrades - node_version = "" + release_channel = var.release_channel master_authorized_networks = var.master_authorized_networks diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl index 79ed0fc7b7..9e1a54dbc2 100644 --- a/autogen/safer-cluster/variables.tf.tmpl +++ b/autogen/safer-cluster/variables.tf.tmpl @@ -68,13 +68,13 @@ variable "subnetwork" { variable "kubernetes_version" { type = string description = "The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. The module enforces certain minimum versions to ensure that specific features are available. " - default = "latest" + default = null } -variable "node_version" { +variable "release_channel" { type = string - description = "The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation." - default = "" + description = "(Beta) The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`." + default = "REGULAR" } variable "master_authorized_networks" { @@ -270,7 +270,7 @@ variable "resource_usage_export_dataset_id" { variable "sandbox_enabled" { type = bool - description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it)." + description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it)." default = false } diff --git a/main.tf b/main.tf index c2aac9941a..579e2837ed 100644 --- a/main.tf +++ b/main.tf @@ -40,10 +40,7 @@ locals { // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version - node_version_regional = var.node_version != "" && var.regional ? var.node_version : local.master_version_regional - node_version_zonal = var.node_version != "" && ! var.regional ? var.node_version : local.master_version_zonal master_version = var.regional ? local.master_version_regional : local.master_version_zonal - node_version = var.regional ? local.node_version_regional : local.node_version_zonal // Build a map of maps of node pools from a list of objects node_pool_names = [for np in toset(var.node_pools) : np.name] diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 25c316aaa9..e9fa0122cf 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -210,7 +210,6 @@ Then perform the following commands on the root folder: | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | | node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `` | no | -| node\_version | The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation. | string | `""` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `` | no | | pod\_security\_policy\_config | enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created. | object | `` | no | | project\_id | The project ID to host the cluster in (required) | string | n/a | yes | @@ -220,7 +219,7 @@ Then perform the following commands on the root folder: | release\_channel | (Beta) The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `UNSPECIFIED`. | string | `"null"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no | | resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no | -| sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it). | bool | `"false"` | no | +| sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | bool | `"false"` | no | | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no | | skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | bool | `"false"` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `` | no | diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index ebac61e7cd..8fd0633f37 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -40,10 +40,7 @@ locals { // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version - node_version_regional = var.node_version != "" && var.regional ? var.node_version : local.master_version_regional - node_version_zonal = var.node_version != "" && ! var.regional ? var.node_version : local.master_version_zonal master_version = var.regional ? local.master_version_regional : local.master_version_zonal - node_version = var.regional ? local.node_version_regional : local.node_version_zonal // Build a map of maps of node pools from a list of objects node_pool_names = [for np in toset(var.node_pools) : np.name] diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 1104c0ca6e..ade9eb2080 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -72,12 +72,6 @@ variable "kubernetes_version" { default = "latest" } -variable "node_version" { - type = string - description = "The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation." - default = "" -} - variable "master_authorized_networks" { type = list(object({ cidr_block = string, display_name = string })) description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)." @@ -441,7 +435,7 @@ variable "node_metadata" { variable "sandbox_enabled" { type = bool - description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it)." + description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it)." default = false } diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 7453470069..0b9d9b1dc6 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -188,7 +188,6 @@ Then perform the following commands on the root folder: | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | | node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `` | no | -| node\_version | The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation. | string | `""` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `` | no | | pod\_security\_policy\_config | enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created. | object | `` | no | | project\_id | The project ID to host the cluster in (required) | string | n/a | yes | @@ -198,7 +197,7 @@ Then perform the following commands on the root folder: | release\_channel | (Beta) The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `UNSPECIFIED`. | string | `"null"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no | | resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no | -| sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it). | bool | `"false"` | no | +| sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | bool | `"false"` | no | | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no | | skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | bool | `"false"` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `` | no | diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index ebac61e7cd..8fd0633f37 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -40,10 +40,7 @@ locals { // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version - node_version_regional = var.node_version != "" && var.regional ? var.node_version : local.master_version_regional - node_version_zonal = var.node_version != "" && ! var.regional ? var.node_version : local.master_version_zonal master_version = var.regional ? local.master_version_regional : local.master_version_zonal - node_version = var.regional ? local.node_version_regional : local.node_version_zonal // Build a map of maps of node pools from a list of objects node_pool_names = [for np in toset(var.node_pools) : np.name] diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 1104c0ca6e..ade9eb2080 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -72,12 +72,6 @@ variable "kubernetes_version" { default = "latest" } -variable "node_version" { - type = string - description = "The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation." - default = "" -} - variable "master_authorized_networks" { type = list(object({ cidr_block = string, display_name = string })) description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)." @@ -441,7 +435,7 @@ variable "node_metadata" { variable "sandbox_enabled" { type = bool - description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it)." + description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it)." default = false } diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 07c5e4b47b..8eabf99816 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -166,7 +166,6 @@ Then perform the following commands on the root folder: | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | | node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `` | no | -| node\_version | The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation. | string | `""` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `` | no | | pod\_security\_policy\_config | enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created. | object | `` | no | | project\_id | The project ID to host the cluster in (required) | string | n/a | yes | @@ -176,7 +175,7 @@ Then perform the following commands on the root folder: | release\_channel | (Beta) The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `UNSPECIFIED`. | string | `"null"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no | | resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no | -| sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it). | bool | `"false"` | no | +| sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | bool | `"false"` | no | | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no | | skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | bool | `"false"` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `` | no | diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index 208d44520d..2512552bdb 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -40,10 +40,7 @@ locals { // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version - node_version_regional = var.node_version != "" && var.regional ? var.node_version : local.master_version_regional - node_version_zonal = var.node_version != "" && ! var.regional ? var.node_version : local.master_version_zonal master_version = var.regional ? local.master_version_regional : local.master_version_zonal - node_version = var.regional ? local.node_version_regional : local.node_version_zonal // Build a map of maps of node pools from a list of objects node_pool_names = [for np in toset(var.node_pools) : np.name] diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 6f9c063cd5..df9dbf31a7 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -72,12 +72,6 @@ variable "kubernetes_version" { default = "latest" } -variable "node_version" { - type = string - description = "The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation." - default = "" -} - variable "master_authorized_networks" { type = list(object({ cidr_block = string, display_name = string })) description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)." @@ -417,7 +411,7 @@ variable "node_metadata" { variable "sandbox_enabled" { type = bool - description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it)." + description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it)." default = false } diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index d491931543..b56d8dff76 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -177,7 +177,6 @@ Then perform the following commands on the root folder: | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `` | no | | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | -| node\_version | The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation. | string | `""` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `` | no | | project\_id | The project ID to host the cluster in (required) | string | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | string | `"null"` | no | diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index 5cd4ca2513..f9b57ff9b2 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -40,10 +40,7 @@ locals { // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version - node_version_regional = var.node_version != "" && var.regional ? var.node_version : local.master_version_regional - node_version_zonal = var.node_version != "" && ! var.regional ? var.node_version : local.master_version_zonal master_version = var.regional ? local.master_version_regional : local.master_version_zonal - node_version = var.regional ? local.node_version_regional : local.node_version_zonal // Build a map of maps of node pools from a list of objects node_pool_names = [for np in toset(var.node_pools) : np.name] diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index a5986705e9..fc5bf996d6 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -72,12 +72,6 @@ variable "kubernetes_version" { default = "latest" } -variable "node_version" { - type = string - description = "The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation." - default = "" -} - variable "master_authorized_networks" { type = list(object({ cidr_block = string, display_name = string })) description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)." diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index ec17aaaea5..087ca5e19e 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -155,7 +155,6 @@ Then perform the following commands on the root folder: | node\_pools\_metadata | Map of maps containing node metadata by node-pool name | map(map(string)) | `` | no | | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | -| node\_version | The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation. | string | `""` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | list(string) | `` | no | | project\_id | The project ID to host the cluster in (required) | string | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | string | `"null"` | no | diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index 5cd4ca2513..f9b57ff9b2 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -40,10 +40,7 @@ locals { // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version - node_version_regional = var.node_version != "" && var.regional ? var.node_version : local.master_version_regional - node_version_zonal = var.node_version != "" && ! var.regional ? var.node_version : local.master_version_zonal master_version = var.regional ? local.master_version_regional : local.master_version_zonal - node_version = var.regional ? local.node_version_regional : local.node_version_zonal // Build a map of maps of node pools from a list of objects node_pool_names = [for np in toset(var.node_pools) : np.name] diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index a5986705e9..fc5bf996d6 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -72,12 +72,6 @@ variable "kubernetes_version" { default = "latest" } -variable "node_version" { - type = string - description = "The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation." - default = "" -} - variable "master_authorized_networks" { type = list(object({ cidr_block = string, display_name = string })) description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)." diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md index cdf3426e9a..7853a18eb3 100644 --- a/modules/safer-cluster-update-variant/README.md +++ b/modules/safer-cluster-update-variant/README.md @@ -220,7 +220,7 @@ For simplicity, we suggest using `roles/container.admin` and | ip\_range\_services | The _name_ of the secondary subnet range to use for services | string | n/a | yes | | istio | (Beta) Enable Istio addon | string | `"false"` | no | | istio\_auth | (Beta) The authentication type between services in Istio. | string | `"AUTH_MUTUAL_TLS"` | no | -| kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. The module enforces certain minimum versions to ensure that specific features are available. | string | `"latest"` | no | +| kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. The module enforces certain minimum versions to ensure that specific features are available. | string | `"null"` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | string | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_start\_time | Time window specified for daily maintenance operations in RFC3339 format | string | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | object | `` | no | @@ -235,14 +235,14 @@ For simplicity, we suggest using `roles/container.admin` and | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | | node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `` | no | -| node\_version | The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation. | string | `""` | no | | pod\_security\_policy\_config | enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created. | object | `` | no | | project\_id | The project ID to host the cluster in | string | n/a | yes | | region | The region to host the cluster in | string | n/a | yes | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool | `"true"` | no | | registry\_project\_id | Project holding the Google Container Registry. If empty, we use the cluster project. If grant_registry_access is true, storage.objectViewer role is assigned on this project. | string | `""` | no | +| release\_channel | (Beta) The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | string | `"REGULAR"` | no | | resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no | -| sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it). | bool | `"false"` | no | +| sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | bool | `"false"` | no | | skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | bool | `"false"` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `` | no | | subnetwork | The subnetwork to host the cluster in | string | n/a | yes | diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf index 59b4ac84c4..57bba6ba05 100644 --- a/modules/safer-cluster-update-variant/main.tf +++ b/modules/safer-cluster-update-variant/main.tf @@ -30,14 +30,14 @@ module "gke" { // We need to enforce a minimum Kubernetes Version to ensure // that the necessary security features are enabled. - kubernetes_version = "latest" + kubernetes_version = var.kubernetes_version // Nodes are created with a default version. The nodepool enables // auto_upgrade so that the node versions can be kept up to date with // the master upgrades. // // https://cloud.google.com/kubernetes-engine/versioning-and-upgrades - node_version = "" + release_channel = var.release_channel master_authorized_networks = var.master_authorized_networks diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf index b6f62e2d6e..848b768309 100644 --- a/modules/safer-cluster-update-variant/variables.tf +++ b/modules/safer-cluster-update-variant/variables.tf @@ -68,13 +68,13 @@ variable "subnetwork" { variable "kubernetes_version" { type = string description = "The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. The module enforces certain minimum versions to ensure that specific features are available. " - default = "latest" + default = null } -variable "node_version" { +variable "release_channel" { type = string - description = "The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation." - default = "" + description = "(Beta) The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`." + default = "REGULAR" } variable "master_authorized_networks" { @@ -270,7 +270,7 @@ variable "resource_usage_export_dataset_id" { variable "sandbox_enabled" { type = bool - description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it)." + description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it)." default = false } diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md index cdf3426e9a..7853a18eb3 100644 --- a/modules/safer-cluster/README.md +++ b/modules/safer-cluster/README.md @@ -220,7 +220,7 @@ For simplicity, we suggest using `roles/container.admin` and | ip\_range\_services | The _name_ of the secondary subnet range to use for services | string | n/a | yes | | istio | (Beta) Enable Istio addon | string | `"false"` | no | | istio\_auth | (Beta) The authentication type between services in Istio. | string | `"AUTH_MUTUAL_TLS"` | no | -| kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. The module enforces certain minimum versions to ensure that specific features are available. | string | `"latest"` | no | +| kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. The module enforces certain minimum versions to ensure that specific features are available. | string | `"null"` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | string | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_start\_time | Time window specified for daily maintenance operations in RFC3339 format | string | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | object | `` | no | @@ -235,14 +235,14 @@ For simplicity, we suggest using `roles/container.admin` and | node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | map(list(string)) | `` | no | | node\_pools\_tags | Map of lists containing node network tags by node-pool name | map(list(string)) | `` | no | | node\_pools\_taints | Map of lists containing node taints by node-pool name | object | `` | no | -| node\_version | The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation. | string | `""` | no | | pod\_security\_policy\_config | enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created. | object | `` | no | | project\_id | The project ID to host the cluster in | string | n/a | yes | | region | The region to host the cluster in | string | n/a | yes | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool | `"true"` | no | | registry\_project\_id | Project holding the Google Container Registry. If empty, we use the cluster project. If grant_registry_access is true, storage.objectViewer role is assigned on this project. | string | `""` | no | +| release\_channel | (Beta) The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | string | `"REGULAR"` | no | | resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no | -| sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it). | bool | `"false"` | no | +| sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | bool | `"false"` | no | | skip\_provisioners | Flag to skip all local-exec provisioners. It breaks `stub_domains` and `upstream_nameservers` variables functionality. | bool | `"false"` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `` | no | | subnetwork | The subnetwork to host the cluster in | string | n/a | yes | diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf index 746da10fbf..dc2d6657d5 100644 --- a/modules/safer-cluster/main.tf +++ b/modules/safer-cluster/main.tf @@ -30,14 +30,14 @@ module "gke" { // We need to enforce a minimum Kubernetes Version to ensure // that the necessary security features are enabled. - kubernetes_version = "latest" + kubernetes_version = var.kubernetes_version // Nodes are created with a default version. The nodepool enables // auto_upgrade so that the node versions can be kept up to date with // the master upgrades. // // https://cloud.google.com/kubernetes-engine/versioning-and-upgrades - node_version = "" + release_channel = var.release_channel master_authorized_networks = var.master_authorized_networks diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf index b6f62e2d6e..848b768309 100644 --- a/modules/safer-cluster/variables.tf +++ b/modules/safer-cluster/variables.tf @@ -68,13 +68,13 @@ variable "subnetwork" { variable "kubernetes_version" { type = string description = "The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. The module enforces certain minimum versions to ensure that specific features are available. " - default = "latest" + default = null } -variable "node_version" { +variable "release_channel" { type = string - description = "The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation." - default = "" + description = "(Beta) The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`." + default = "REGULAR" } variable "master_authorized_networks" { @@ -270,7 +270,7 @@ variable "resource_usage_export_dataset_id" { variable "sandbox_enabled" { type = bool - description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it)." + description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it)." default = false } diff --git a/variables.tf b/variables.tf index 1de98c0ace..fd039cc94b 100644 --- a/variables.tf +++ b/variables.tf @@ -72,12 +72,6 @@ variable "kubernetes_version" { default = "latest" } -variable "node_version" { - type = string - description = "The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation." - default = "" -} - variable "master_authorized_networks" { type = list(object({ cidr_block = string, display_name = string })) description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)."