Merge pull request terraform-google-modules#216 from Dev25/beta-v1

Add IntraNode Visibility/VerticalPodAutoscaling

Author: morgante

CHANGELOG.md

@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 Extending the adopted spec, each change should have a link to its corresponding pull request appended.
 
 ## [Unreleased]
+### Added
+
+* Support for Intranode Visbiility (IV) and Veritical Pod Autoscaling (VPA) beta features [#216]
 
 ## [v4.1.0] 2019-07-24
 
@@ -164,6 +167,7 @@ Extending the adopted spec, each change should have a link to its corresponding
 [v0.3.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.2.0...v0.3.0
 [v0.2.0]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v0.1.0...v0.2.0
 
+[#216]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/216
 [#214]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/214
 [#210]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/210
 [#207]: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/207

autogen/cluster_regional.tf

@@ -58,6 +58,11 @@ resource "google_container_cluster" "primary" {
 
 {% if beta_cluster %}
   enable_binary_authorization = var.enable_binary_authorization
+  enable_intranode_visibility = var.enable_intranode_visibility
+
+  vertical_pod_autoscaling {
+    enabled = var.enable_vertical_pod_autoscaling
+  }
 
   dynamic "pod_security_policy_config" {
     for_each = var.pod_security_policy_config

autogen/cluster_zonal.tf

@@ -54,6 +54,11 @@ resource "google_container_cluster" "zonal_primary" {
 
 {% if beta_cluster %}
   enable_binary_authorization = var.enable_binary_authorization
+  enable_intranode_visibility = var.enable_intranode_visibility
+
+  vertical_pod_autoscaling {
+    enabled = var.enable_vertical_pod_autoscaling
+  }
 
   dynamic "pod_security_policy_config" {
     for_each = var.pod_security_policy_config

autogen/main.tf

@@ -251,6 +251,16 @@ locals {
     regional = element(concat(google_container_cluster.primary.*.pod_security_policy_config.0.enabled, [""]), 0)
     zonal    = element(concat(google_container_cluster.zonal_primary.*.pod_security_policy_config.0.enabled, [""]), 0)
   }
+
+  cluster_type_output_intranode_visbility_enabled = {
+    regional = element(concat(google_container_cluster.primary.*.enable_intranode_visibility, [""]), 0)
+    zonal    = element(concat(google_container_cluster.zonal_primary.*.enable_intranode_visibility, [""]), 0)
+  }
+
+  cluster_type_output_vertical_pod_autoscaling_enabled = {
+    regional = element(concat(google_container_cluster.primary.*.vertical_pod_autoscaling.0.enabled, [""]), 0)
+    zonal    = element(concat(google_container_cluster.zonal_primary.*.vertical_pod_autoscaling.0.enabled, [""]), 0)
+  }
   # /BETA features
   {% endif %}
 
@@ -286,9 +296,11 @@ locals {
   cluster_kubernetes_dashboard_enabled       = !local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
 {% if beta_cluster %}
   # BETA features
-  cluster_istio_enabled               = !local.cluster_type_output_istio_enabled[local.cluster_type]
-  cluster_cloudrun_enabled            = var.cloudrun
-  cluster_pod_security_policy_enabled = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type]
+  cluster_istio_enabled                     = !local.cluster_type_output_istio_enabled[local.cluster_type]
+  cluster_cloudrun_enabled                  = var.cloudrun
+  cluster_pod_security_policy_enabled       = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type]
+  cluster_intranode_visibility_enabled      = local.cluster_type_output_intranode_visbility_enabled[local.cluster_type]
+  cluster_vertical_pod_autoscaling_enabled  = local.cluster_type_output_vertical_pod_autoscaling_enabled[local.cluster_type]
   # /BETA features
 {% endif %}
 }

autogen/outputs.tf

@@ -51,7 +51,7 @@ output "endpoint" {
     * resources dependent on the cluster being up will fail to deploy.  With
     * this explicit dependency, dependent resources can wait for the cluster
     * to be up.
-    */ 
+    */
     google_container_cluster.primary,
     google_container_node_pool.pools,
     google_container_cluster.zonal_primary,
@@ -142,4 +142,14 @@ output "pod_security_policy_enabled" {
   value       = local.cluster_pod_security_policy_enabled
 }
 
+output "intranode_visibility_enabled" {
+  description = "Whether intra-node visibility is enabled"
+  value       = local.cluster_intranode_visibility_enabled
+}
+
+output "vertical_pod_autoscaling_enabled" {
+  description = "Whether veritical pod autoscaling is enabled"
+  value       = local.cluster_vertical_pod_autoscaling_enabled
+}
+
 {% endif %}

autogen/variables.tf

@@ -353,4 +353,16 @@ variable "node_metadata" {
   description = "Specifies how node metadata is exposed to the workload running on the node"
   default     = "UNSPECIFIED"
 }
+
+variable "enable_intranode_visibility" {
+  type        = bool
+  description = "Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network"
+  default     = false
+}
+
+ variable "enable_vertical_pod_autoscaling" {
+  type        = bool
+  description = "Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it"
+  default     = false
+}
 {% endif %}

modules/beta-private-cluster/README.md

@@ -144,8 +144,10 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | description | The description of the cluster | string | `""` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | bool | `"true"` | no |
 | enable\_binary\_authorization | Enable BinAuthZ Admission controller | string | `"false"` | no |
+| enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | bool | `"false"` | no |
 | enable\_private\_endpoint | (Beta) Whether the master's internal IP address is used as the cluster endpoint | bool | `"false"` | no |
 | enable\_private\_nodes | (Beta) Whether nodes have internal IP addresses only | bool | `"false"` | no |
+| enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | bool | `"false"` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | bool | `"true"` | no |
 | http\_load\_balancing | Enable httpload balancer addon | bool | `"true"` | no |
 | initial\_node\_count | The number of nodes to create in this cluster's default node pool. | number | `"0"` | no |
@@ -196,6 +198,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | endpoint | Cluster endpoint |
 | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled |
 | http\_load\_balancing\_enabled | Whether http load balancing enabled |
+| intranode\_visibility\_enabled | Whether intra-node visibility is enabled |
 | istio\_enabled | Whether Istio is enabled |
 | kubernetes\_dashboard\_enabled | Whether kubernetes dashboard enabled |
 | location | Cluster location (region if regional cluster, zone if zonal cluster) |
@@ -212,6 +215,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | region | Cluster region |
 | service\_account | The service account to default running nodes as if not overridden in `node_pools`. |
 | type | Cluster type (regional / zonal) |
+| vertical\_pod\_autoscaling\_enabled | Whether veritical pod autoscaling is enabled |
 | zones | List of zones in which the cluster resides |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/beta-private-cluster/cluster_regional.tf

@@ -53,6 +53,11 @@ resource "google_container_cluster" "primary" {
   monitoring_service = var.monitoring_service
 
   enable_binary_authorization = var.enable_binary_authorization
+  enable_intranode_visibility = var.enable_intranode_visibility
+
+  vertical_pod_autoscaling {
+    enabled = var.enable_vertical_pod_autoscaling
+  }
 
   dynamic "pod_security_policy_config" {
     for_each = var.pod_security_policy_config

modules/beta-private-cluster/cluster_zonal.tf

@@ -49,6 +49,11 @@ resource "google_container_cluster" "zonal_primary" {
   monitoring_service = var.monitoring_service
 
   enable_binary_authorization = var.enable_binary_authorization
+  enable_intranode_visibility = var.enable_intranode_visibility
+
+  vertical_pod_autoscaling {
+    enabled = var.enable_vertical_pod_autoscaling
+  }
 
   dynamic "pod_security_policy_config" {
     for_each = var.pod_security_policy_config

modules/beta-private-cluster/main.tf

@@ -234,6 +234,16 @@ locals {
     regional = element(concat(google_container_cluster.primary.*.pod_security_policy_config.0.enabled, [""]), 0)
     zonal    = element(concat(google_container_cluster.zonal_primary.*.pod_security_policy_config.0.enabled, [""]), 0)
   }
+
+  cluster_type_output_intranode_visbility_enabled = {
+    regional = element(concat(google_container_cluster.primary.*.enable_intranode_visibility, [""]), 0)
+    zonal    = element(concat(google_container_cluster.zonal_primary.*.enable_intranode_visibility, [""]), 0)
+  }
+
+  cluster_type_output_vertical_pod_autoscaling_enabled = {
+    regional = element(concat(google_container_cluster.primary.*.vertical_pod_autoscaling.0.enabled, [""]), 0)
+    zonal    = element(concat(google_container_cluster.zonal_primary.*.vertical_pod_autoscaling.0.enabled, [""]), 0)
+  }
   # /BETA features
 
   cluster_type_output_node_pools_names = {
@@ -267,9 +277,11 @@ locals {
   cluster_horizontal_pod_autoscaling_enabled = ! local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
   cluster_kubernetes_dashboard_enabled       = ! local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
   # BETA features
-  cluster_istio_enabled               = ! local.cluster_type_output_istio_enabled[local.cluster_type]
-  cluster_cloudrun_enabled            = var.cloudrun
-  cluster_pod_security_policy_enabled = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type]
+  cluster_istio_enabled                    = ! local.cluster_type_output_istio_enabled[local.cluster_type]
+  cluster_cloudrun_enabled                 = var.cloudrun
+  cluster_pod_security_policy_enabled      = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type]
+  cluster_intranode_visibility_enabled     = local.cluster_type_output_intranode_visbility_enabled[local.cluster_type]
+  cluster_vertical_pod_autoscaling_enabled = local.cluster_type_output_vertical_pod_autoscaling_enabled[local.cluster_type]
   # /BETA features
 }
 

modules/beta-private-cluster/outputs.tf

@@ -51,7 +51,7 @@ output "endpoint" {
     * resources dependent on the cluster being up will fail to deploy.  With
     * this explicit dependency, dependent resources can wait for the cluster
     * to be up.
-    */ 
+    */
     google_container_cluster.primary,
     google_container_node_pool.pools,
     google_container_cluster.zonal_primary,
@@ -141,3 +141,13 @@ output "pod_security_policy_enabled" {
   value       = local.cluster_pod_security_policy_enabled
 }
 
+output "intranode_visibility_enabled" {
+  description = "Whether intra-node visibility is enabled"
+  value       = local.cluster_intranode_visibility_enabled
+}
+
+output "vertical_pod_autoscaling_enabled" {
+  description = "Whether veritical pod autoscaling is enabled"
+  value       = local.cluster_vertical_pod_autoscaling_enabled
+}
+

modules/beta-private-cluster/variables.tf

@@ -350,3 +350,15 @@ variable "node_metadata" {
   description = "Specifies how node metadata is exposed to the workload running on the node"
   default     = "UNSPECIFIED"
 }
+
+variable "enable_intranode_visibility" {
+  type        = bool
+  description = "Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network"
+  default     = false
+}
+
+variable "enable_vertical_pod_autoscaling" {
+  type        = bool
+  description = "Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it"
+  default     = false
+}

modules/beta-public-cluster/README.md

@@ -138,6 +138,8 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | description | The description of the cluster | string | `""` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | bool | `"true"` | no |
 | enable\_binary\_authorization | Enable BinAuthZ Admission controller | string | `"false"` | no |
+| enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | bool | `"false"` | no |
+| enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | bool | `"false"` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | bool | `"true"` | no |
 | http\_load\_balancing | Enable httpload balancer addon | bool | `"true"` | no |
 | initial\_node\_count | The number of nodes to create in this cluster's default node pool. | number | `"0"` | no |
@@ -187,6 +189,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | endpoint | Cluster endpoint |
 | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled |
 | http\_load\_balancing\_enabled | Whether http load balancing enabled |
+| intranode\_visibility\_enabled | Whether intra-node visibility is enabled |
 | istio\_enabled | Whether Istio is enabled |
 | kubernetes\_dashboard\_enabled | Whether kubernetes dashboard enabled |
 | location | Cluster location (region if regional cluster, zone if zonal cluster) |
@@ -203,6 +206,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | region | Cluster region |
 | service\_account | The service account to default running nodes as if not overridden in `node_pools`. |
 | type | Cluster type (regional / zonal) |
+| vertical\_pod\_autoscaling\_enabled | Whether veritical pod autoscaling is enabled |
 | zones | List of zones in which the cluster resides |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/beta-public-cluster/cluster_regional.tf

@@ -53,6 +53,11 @@ resource "google_container_cluster" "primary" {
   monitoring_service = var.monitoring_service
 
   enable_binary_authorization = var.enable_binary_authorization
+  enable_intranode_visibility = var.enable_intranode_visibility
+
+  vertical_pod_autoscaling {
+    enabled = var.enable_vertical_pod_autoscaling
+  }
 
   dynamic "pod_security_policy_config" {
     for_each = var.pod_security_policy_config

modules/beta-public-cluster/cluster_zonal.tf

@@ -49,6 +49,11 @@ resource "google_container_cluster" "zonal_primary" {
   monitoring_service = var.monitoring_service
 
   enable_binary_authorization = var.enable_binary_authorization
+  enable_intranode_visibility = var.enable_intranode_visibility
+
+  vertical_pod_autoscaling {
+    enabled = var.enable_vertical_pod_autoscaling
+  }
 
   dynamic "pod_security_policy_config" {
     for_each = var.pod_security_policy_config

modules/beta-public-cluster/main.tf

@@ -236,6 +236,16 @@ locals {
     regional = element(concat(google_container_cluster.primary.*.pod_security_policy_config.0.enabled, [""]), 0)
     zonal    = element(concat(google_container_cluster.zonal_primary.*.pod_security_policy_config.0.enabled, [""]), 0)
   }
+
+  cluster_type_output_intranode_visbility_enabled = {
+    regional = element(concat(google_container_cluster.primary.*.enable_intranode_visibility, [""]), 0)
+    zonal    = element(concat(google_container_cluster.zonal_primary.*.enable_intranode_visibility, [""]), 0)
+  }
+
+  cluster_type_output_vertical_pod_autoscaling_enabled = {
+    regional = element(concat(google_container_cluster.primary.*.vertical_pod_autoscaling.0.enabled, [""]), 0)
+    zonal    = element(concat(google_container_cluster.zonal_primary.*.vertical_pod_autoscaling.0.enabled, [""]), 0)
+  }
   # /BETA features
 
   cluster_type_output_node_pools_names = {
@@ -269,9 +279,11 @@ locals {
   cluster_horizontal_pod_autoscaling_enabled = ! local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type]
   cluster_kubernetes_dashboard_enabled       = ! local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type]
   # BETA features
-  cluster_istio_enabled               = ! local.cluster_type_output_istio_enabled[local.cluster_type]
-  cluster_cloudrun_enabled            = var.cloudrun
-  cluster_pod_security_policy_enabled = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type]
+  cluster_istio_enabled                    = ! local.cluster_type_output_istio_enabled[local.cluster_type]
+  cluster_cloudrun_enabled                 = var.cloudrun
+  cluster_pod_security_policy_enabled      = local.cluster_type_output_pod_security_policy_enabled[local.cluster_type]
+  cluster_intranode_visibility_enabled     = local.cluster_type_output_intranode_visbility_enabled[local.cluster_type]
+  cluster_vertical_pod_autoscaling_enabled = local.cluster_type_output_vertical_pod_autoscaling_enabled[local.cluster_type]
   # /BETA features
 }
 

modules/beta-public-cluster/outputs.tf

@@ -51,7 +51,7 @@ output "endpoint" {
     * resources dependent on the cluster being up will fail to deploy.  With
     * this explicit dependency, dependent resources can wait for the cluster
     * to be up.
-    */ 
+    */
     google_container_cluster.primary,
     google_container_node_pool.pools,
     google_container_cluster.zonal_primary,
@@ -141,3 +141,13 @@ output "pod_security_policy_enabled" {
   value       = local.cluster_pod_security_policy_enabled
 }
 
+output "intranode_visibility_enabled" {
+  description = "Whether intra-node visibility is enabled"
+  value       = local.cluster_intranode_visibility_enabled
+}
+
+output "vertical_pod_autoscaling_enabled" {
+  description = "Whether veritical pod autoscaling is enabled"
+  value       = local.cluster_vertical_pod_autoscaling_enabled
+}
+

modules/beta-public-cluster/variables.tf

@@ -326,3 +326,15 @@ variable "node_metadata" {
   description = "Specifies how node metadata is exposed to the workload running on the node"
   default     = "UNSPECIFIED"
 }
+
+variable "enable_intranode_visibility" {
+  type        = bool
+  description = "Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network"
+  default     = false
+}
+
+variable "enable_vertical_pod_autoscaling" {
+  type        = bool
+  description = "Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it"
+  default     = false
+}

modules/private-cluster/outputs.tf

@@ -51,7 +51,7 @@ output "endpoint" {
     * resources dependent on the cluster being up will fail to deploy.  With
     * this explicit dependency, dependent resources can wait for the cluster
     * to be up.
-    */ 
+    */
     google_container_cluster.primary,
     google_container_node_pool.pools,
     google_container_cluster.zonal_primary,

outputs.tf

@@ -51,7 +51,7 @@ output "endpoint" {
     * resources dependent on the cluster being up will fail to deploy.  With
     * this explicit dependency, dependent resources can wait for the cluster
     * to be up.
-    */ 
+    */
     google_container_cluster.primary,
     google_container_node_pool.pools,
     google_container_cluster.zonal_primary,