Merge branch 'master' into 1527_traunc_fw

Author: nissessenap

.github/renovate.json

@@ -16,6 +16,9 @@
  "stabilityDays":0
  },
  "separateMajorMinor":false,
+ "constraints": {
+ "go": "1.18"
+ },
  "packageRules": [
  {
  "matchPaths": ["examples/**", "test/**", ".github/**"],
@@ -35,7 +38,8 @@
  "postUpdateOptions": ["gomodTidy"]
  },
  {
- "matchPackageNames": ["go"],
+ "matchDatasources": ["golang-version"],
+ "rangeStrategy": "bump",
  "allowedVersions": "<1.19.0",
  "postUpdateOptions": ["gomodTidy"]
  },

.github/workflows/lint.yaml

@@ -35,7 +35,7 @@ jobs:
  - id: variables
  run: |
  MAKEFILE=$(find . -name Makefile -print -quit)
- if [ ! -z "$MAKEFILE" ]; then
+ if [ -z "$MAKEFILE" ]; then
  echo dev-tools=gcr.io/cloud-foundation-cicd/cft/developer-tools:1 >> "$GITHUB_OUTPUT"
  else
  VERSION=$(grep "DOCKER_TAG_VERSION_DEVELOPER_TOOLS := " $MAKEFILE | cut -d\ -f3)

autogen/main/cluster.tf.tmpl

@@ -83,7 +83,7 @@ resource "google_container_cluster" "primary" {
  disabled = var.disable_default_snat
  }
 
- min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null
+ min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version
 
 {% if beta_cluster and autopilot_cluster != true %}
  dynamic "cluster_telemetry" {

cluster.tf

@@ -69,7 +69,7 @@ resource "google_container_cluster" "primary" {
  disabled = var.disable_default_snat
  }
 
- min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null
+ min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version
 
  # only one of logging/monitoring_service or logging/monitoring_config can be specified
  logging_service = local.logmon_config_is_set ? null : var.logging_service

examples/acm-terraform-blog-part1/terraform/gke.tf

@@ -31,7 +31,7 @@ module "enabled_google_apis" {
 
 module "gke" {
  source = "terraform-google-modules/kubernetes-engine/google"
- version = "~> 25.0"
+ version = "~> 26.0"
  project_id = module.enabled_google_apis.project_id
  name = "sfl-acm-part1"
  region = var.region

examples/acm-terraform-blog-part2/terraform/gke.tf

@@ -31,7 +31,7 @@ module "enabled_google_apis" {
 
 module "gke" {
  source = "terraform-google-modules/kubernetes-engine/google"
- version = "~> 25.0"
+ version = "~> 26.0"
  project_id = module.enabled_google_apis.project_id
  name = "sfl-acm-part2"
  region = var.region

examples/acm-terraform-blog-part3/terraform/gke.tf

@@ -33,7 +33,7 @@ module "enabled_google_apis" {
 
 module "gke" {
  source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster"
- version = "~> 25.0"
+ version = "~> 26.0"
  project_id = module.enabled_google_apis.project_id
  name = "sfl-acm-part3"
  region = var.region
@@ -48,7 +48,7 @@ module "gke" {
 
 module "wi" {
  source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 25.0"
+ version = "~> 26.0"
  gcp_sa_name = "cnrmsa"
  cluster_name = module.gke.name
  name = "cnrm-controller-manager"

examples/safer_cluster_iap_bastion/network.tf

@@ -49,7 +49,7 @@ module "vpc" {
 
 module "cloud-nat" {
  source = "terraform-google-modules/cloud-nat/google"
- version = "~> 2.0"
+ version = "~> 3.0"
  project_id = module.enabled_google_apis.project_id
  region = var.region
  router = "safer-router"

examples/simple_regional_private_with_cluster_version/README.md

@@ -0,0 +1,49 @@
+# Simple Regional Cluster
+
+This example illustrates how to create a simple private cluster with beta features.
+
+[^]: (autogen_docs_start)
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| cloudrun | Boolean to enable / disable CloudRun | string | `"true"` | no |
+| cluster\_name\_suffix | A suffix to append to the default cluster name | string | `""` | no |
+| compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | string | n/a | yes |
+| credentials\_path | The path to the GCP credentials JSON file | string | n/a | yes |
+| ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes |
+| ip\_range\_services | The secondary ip range to use for pods | string | n/a | yes |
+| istio | Boolean to enable / disable Istio | string | `"true"` | no |
+| network | The VPC network to host the cluster in | string | n/a | yes |
+| project\_id | The project ID to host the cluster in | string | n/a | yes |
+| region | The region to host the cluster in | string | n/a | yes |
+| subnetwork | The subnetwork to host the cluster in | string | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| ca\_certificate | |
+| client\_token | |
+| cluster\_name | Cluster name |
+| credentials\_path | |
+| ip\_range\_pods | The secondary IP range used for pods |
+| ip\_range\_services | The secondary IP range used for services |
+| kubernetes\_endpoint | |
+| location | |
+| master\_kubernetes\_version | The master Kubernetes version |
+| network | |
+| project\_id | |
+| region | |
+| service\_account | The service account to default running nodes as if not overridden in `node_pools`. |
+| subnetwork | |
+| zones | List of zones in which the cluster resides |
+
+[^]: (autogen_docs_end)
+
+To provision this example, run the following from within this directory:
+- `terraform init` to get the plugins
+- `terraform plan` to see the infrastructure plan
+- `terraform apply` to apply the infrastructure build
+- `terraform destroy` to destroy the built infrastructure

examples/simple_regional_private_with_cluster_version/main.tf

@@ -0,0 +1,76 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+ cluster_type = "simple-regional-private"
+}
+
+data "google_client_config" "default" {}
+
+provider "kubernetes" {
+ host = "https://${module.gke.endpoint}"
+ token = data.google_client_config.default.access_token
+ cluster_ca_certificate = base64decode(module.gke.ca_certificate)
+}
+
+data "google_compute_subnetwork" "subnetwork" {
+ name = var.subnetwork
+ project = var.project_id
+ region = var.region
+}
+
+module "gke" {
+ source = "../../modules/private-cluster/"
+ project_id = var.project_id
+ name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
+ regional = true
+ region = var.region
+ network = var.network
+ kubernetes_version = var.kubernetes_version
+ subnetwork = var.subnetwork
+ ip_range_pods = var.ip_range_pods
+ ip_range_services = var.ip_range_services
+ create_service_account = false
+ service_account = var.compute_engine_service_account
+ enable_private_endpoint = true
+ enable_private_nodes = true
+ master_ipv4_cidr_block = "172.16.0.0/28"
+ default_max_pods_per_node = 20
+ remove_default_node_pool = true
+
+ node_pools = [
+ {
+ name = "pool-01"
+ min_count = 1
+ max_count = 100
+ local_ssd_count = 0
+ disk_size_gb = 100
+ disk_type = "pd-standard"
+ auto_repair = true
+ auto_upgrade = true
+ service_account = var.compute_engine_service_account
+ preemptible = false
+ max_pods_per_node = 12
+ },
+ ]
+
+ master_authorized_networks = [
+ {
+ cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+ display_name = "VPC"
+ },
+ ]
+}