From 6b5164180b415cd036e4e348e119a4720c69df9a Mon Sep 17 00:00:00 2001
From: bibek4699 <121928896+bibek4699@users.noreply.github.com>
Date: Thu, 27 Jun 2024 11:35:19 +0545
Subject: [PATCH] feat: Enable enable_l4_ilb_subsetting Feature and Cost
Allocation in GKE Module | DEVOP-4599 (#123)
* feat: Enable enable_l4_ilb_subsetting feature
* fix: update workflow name
---
.github/workflows/semantic-pr.yaml | 6 +++---
.pre-commit-config.yaml | 4 ++--
README.md | 4 +++-
inputs.tf | 12 ++++++++++++
main.tf | 2 ++
modules/gcp-gke/README.md | 18 ++++++++++--------
modules/gcp-gke/inputs.tf | 12 ++++++++++++
modules/gcp-gke/main.tf | 14 ++++++++++----
test/gcp_gke_providers.tf | 22 ----------------------
test/wrapper.auto.tfvars | 23 ++++++-----------------
10 files changed, 60 insertions(+), 57 deletions(-)
diff --git a/.github/workflows/semantic-pr.yaml b/.github/workflows/semantic-pr.yaml
index 8b16bae..8d7887b 100644
--- a/.github/workflows/semantic-pr.yaml
+++ b/.github/workflows/semantic-pr.yaml
@@ -1,4 +1,4 @@
-name: "Semantic Pull Request"
+name: "semantic-pull-request"
permissions: read-all
on:
@@ -10,10 +10,10 @@ on:
jobs:
main:
- name: Semantic Pull Request
+ name: semantic-pull-request
runs-on: ubuntu-latest
steps:
- - uses: amannn/action-semantic-pull-request@v4
+ - uses: amannn/action-semantic-pull-request@v5
name: Semantic Pull Request
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 3693199..dc86db4 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -2,14 +2,14 @@
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.4.0 # Get the latest version from: https://github.com/pre-commit/pre-commit-hooks/releases
+ rev: v4.6.0 # Get the latest version from: https://github.com/pre-commit/pre-commit-hooks/releases
hooks:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
- id: check-added-large-files
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.77.1 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+ rev: v1.92.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
hooks:
- id: terraform_fmt
- id: terraform_docs
diff --git a/README.md b/README.md
index 2dab1b1..c44ec6e 100644
--- a/README.md
+++ b/README.md
@@ -50,7 +50,7 @@ role in the shared VPC host project.
| Name | Version |
|------|---------|
-| [random](#provider\_random) | 3.5.1 |
+| [random](#provider\_random) | 3.6.2 |
## Modules
@@ -71,6 +71,8 @@ role in the shared VPC host project.
| [create\_gcp\_nat](#input\_create\_gcp\_nat) | Set to `true` to create an Internet NAT for ALL\_SUBNETWORKS\_ALL\_IP\_RANGES in the VPC network. | `bool` | n/a | yes |
| [create\_gcp\_router](#input\_create\_gcp\_router) | Set to `true` to create a router in the VPC network. | `bool` | n/a | yes |
| [create\_public\_https\_firewall\_rule](#input\_create\_public\_https\_firewall\_rule) | Set to `true` to create a firewall rule allowing 0.0.0.0/0:443 on TCP to all worker nodes. | `bool` | n/a | yes |
+| [enable\_cost\_allocation\_feature](#input\_enable\_cost\_allocation\_feature) | Whether to enable the cost allocation feature. | `bool` | `false` | no |
+| [enable\_l4\_ilb\_subsetting](#input\_enable\_l4\_ilb\_subsetting) | Enable L4 ILB Subsetting | `bool` | `false` | no |
| [enable\_network\_policy](#input\_enable\_network\_policy) | This value is passed to network\_policy.enabled and the negative is passed to addons\_config.network\_policy\_config.disabled. This might conflict with Workload Identity - make sure to read https://cloud.google.com/kubernetes-engine/docs/how-to/network-policy#limitations_and_requirements. | `bool` | n/a | yes |
| [gke\_authenticator\_groups\_config\_domain](#input\_gke\_authenticator\_groups\_config\_domain) | Domain to append to `gke-security-groups` to pass to authenticator\_groups\_config so members of that Google Group can authenticate to the cluster. Pass an empty string to disable. Domain passed here should be in the format of TLD.EXTENSION. | `string` | n/a | yes |
| [google\_credentials](#input\_google\_credentials) | Contents of a JSON keyfile of an account with write access to the project | `any` | n/a | yes |
diff --git a/inputs.tf b/inputs.tf
index 25743f0..033a8bd 100644
--- a/inputs.tf
+++ b/inputs.tf
@@ -127,3 +127,15 @@ variable "subnetwork_self_link" {
type = string
description = "self_link of the google_compute_subnetwork to place the GKE cluster in."
}
+
+variable "enable_l4_ilb_subsetting" {
+ type = bool
+ description = "Enable L4 ILB Subsetting"
+ default = false
+}
+
+variable "enable_cost_allocation_feature" {
+ type = bool
+ description = "Whether to enable the cost allocation feature."
+ default = false
+}
diff --git a/main.tf b/main.tf
index 93a56ef..68af4c0 100644
--- a/main.tf
+++ b/main.tf
@@ -41,6 +41,8 @@ module "gke" {
subnetwork_self_link = var.subnetwork_self_link
pods_ip_range_name = var.pods_ip_range_name
services_ip_range_name = var.services_ip_range_name
+ enable_cost_allocation_feature = var.enable_cost_allocation_feature
+ enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
skip_create_built_in_node_pool = true
additional_node_pools = [
diff --git a/modules/gcp-gke/README.md b/modules/gcp-gke/README.md
index 4067447..a7c2e64 100644
--- a/modules/gcp-gke/README.md
+++ b/modules/gcp-gke/README.md
@@ -15,19 +15,19 @@ To run E2E tests, navigate to the [test folder](../test) and run `go test -v -ti
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.2.9 |
-| [google](#requirement\_google) | >= 4.0 |
-| [google-beta](#requirement\_google-beta) | >= 4.0 |
-| [random](#requirement\_random) | ~> 3.0 |
+| [terraform](#requirement\_terraform) | >= 1.8, < 2 |
+| [google](#requirement\_google) | >= 4.0, < 6.0 |
+| [google-beta](#requirement\_google-beta) | >= 4.0, < 6.0 |
+| [random](#requirement\_random) | >= 3.0, < 4.0 |
## Providers
| Name | Version |
|------|---------|
-| [google.compute](#provider\_google.compute) | >= 4.0 |
-| [google.vpc](#provider\_google.vpc) | >= 4.0 |
-| [google-beta.compute-beta](#provider\_google-beta.compute-beta) | >= 4.0 |
-| [random](#provider\_random) | ~> 3.0 |
+| [google.compute](#provider\_google.compute) | >= 4.0, < 6.0 |
+| [google.vpc](#provider\_google.vpc) | >= 4.0, < 6.0 |
+| [google-beta.compute-beta](#provider\_google-beta.compute-beta) | >= 4.0, < 6.0 |
+| [random](#provider\_random) | >= 3.0, < 4.0 |
## Modules
@@ -66,7 +66,9 @@ To run E2E tests, navigate to the [test folder](../test) and run `go test -v -ti
| [create\_gcp\_nat](#input\_create\_gcp\_nat) | Set to `true` to create an Internet NAT for ALL\_SUBNETWORKS\_ALL\_IP\_RANGES in the VPC network. | `bool` | n/a | yes |
| [create\_gcp\_router](#input\_create\_gcp\_router) | Set to `true` to create a router in the VPC network. | `bool` | n/a | yes |
| [create\_public\_https\_firewall\_rule](#input\_create\_public\_https\_firewall\_rule) | Set to `true` to create a firewall rule allowing 0.0.0.0/0:443 on TCP to all worker nodes. | `bool` | n/a | yes |
+| [enable\_cost\_allocation\_feature](#input\_enable\_cost\_allocation\_feature) | Whether to enable the cost allocation feature. | `bool` | `false` | no |
| [enable\_dataplane\_v2](#input\_enable\_dataplane\_v2) | Enable GKE DataPlane V2 for control plane.Set this value true if need to enable this feature. | `bool` | `false` | no |
+| [enable\_l4\_ilb\_subsetting](#input\_enable\_l4\_ilb\_subsetting) | Enable L4 ILB Subsetting | `bool` | `false` | no |
| [enable\_network\_policy](#input\_enable\_network\_policy) | This value is passed to network\_policy.enabled and the negative is passed to addons\_config.network\_policy\_config.disabled. | `bool` | n/a | yes |
| [gke\_authenticator\_groups\_config\_domain](#input\_gke\_authenticator\_groups\_config\_domain) | Domain to append to `gke-security-groups` to pass to authenticator\_groups\_config so members of that Google Group can authenticate to the cluster. Pass an empty string to disable. Domain passed here should be in the format of TLD.EXTENSION. | `string` | n/a | yes |
| [google\_project](#input\_google\_project) | The GCP project to use for this run | `any` | n/a | yes |
diff --git a/modules/gcp-gke/inputs.tf b/modules/gcp-gke/inputs.tf
index 31b3ea9..16e972e 100644
--- a/modules/gcp-gke/inputs.tf
+++ b/modules/gcp-gke/inputs.tf
@@ -184,3 +184,15 @@ variable "nat_ip_address_self_links" {
description = "List of self links IP addresses to use for NAT"
default = []
}
+
+variable "enable_l4_ilb_subsetting" {
+ type = bool
+ description = "Enable L4 ILB Subsetting"
+ default = false
+}
+
+variable "enable_cost_allocation_feature" {
+ type = bool
+ description = "Whether to enable the cost allocation feature."
+ default = false
+}
diff --git a/modules/gcp-gke/main.tf b/modules/gcp-gke/main.tf
index d6af809..0e27ce8 100644
--- a/modules/gcp-gke/main.tf
+++ b/modules/gcp-gke/main.tf
@@ -1,20 +1,21 @@
terraform {
- required_version = ">= 1.2.9"
+ required_version = ">= 1.8, < 2"
required_providers {
google = {
- version = ">= 4.0"
+ version = ">= 4.0, < 6.0"
+ source = "hashicorp/google"
configuration_aliases = [google.compute, google.vpc]
}
google-beta = {
- version = ">= 4.0"
+ version = ">= 4.0, < 6.0"
source = "hashicorp/google-beta"
configuration_aliases = [google-beta.compute-beta]
}
random = {
- version = "~> 3.0"
+ version = ">= 3.0, < 4.0"
}
}
}
@@ -58,6 +59,11 @@ resource "google_container_cluster" "primary" {
initial_node_count = 1
enable_shielded_nodes = true
min_master_version = var.kubernetes_version
+ enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
+
+ cost_management_config {
+ enabled = var.enable_cost_allocation_feature
+ }
#checkov:skip=CKV_GCP_66:Property renamed from 'enable_binary_authorization' to 'binary_authorization' but Checkov not updated.
binary_authorization {
diff --git a/test/gcp_gke_providers.tf b/test/gcp_gke_providers.tf
index be06119..0b8beb8 100644
--- a/test/gcp_gke_providers.tf
+++ b/test/gcp_gke_providers.tf
@@ -11,17 +11,6 @@ provider "google" {
project = var.google_project
region = var.google_region
credentials = var.google_credentials
-
- # scopes = [
- # # Default scopes
- # "https://www.googleapis.com/auth/compute",
- # "https://www.googleapis.com/auth/cloud-platform",
- # "https://www.googleapis.com/auth/ndev.clouddns.readwrite",
- # "https://www.googleapis.com/auth/devstorage.full_control",
- #
- # # Required for google_client_openid_userinfo
- # "https://www.googleapis.com/auth/userinfo.email",
- # ]
}
provider "google" {
@@ -29,17 +18,6 @@ provider "google" {
project = var.google_project
region = var.google_region
credentials = var.google_credentials
-
- # scopes = [
- # # Default scopes
- # "https://www.googleapis.com/auth/compute",
- # "https://www.googleapis.com/auth/cloud-platform",
- # "https://www.googleapis.com/auth/ndev.clouddns.readwrite",
- # "https://www.googleapis.com/auth/devstorage.full_control",
- #
- # # Required for google_client_openid_userinfo
- # "https://www.googleapis.com/auth/userinfo.email",
- # ]
}
provider "google-beta" {
diff --git a/test/wrapper.auto.tfvars b/test/wrapper.auto.tfvars
index 0f282cd..02d3083 100644
--- a/test/wrapper.auto.tfvars
+++ b/test/wrapper.auto.tfvars
@@ -38,9 +38,12 @@ maintenance_policy_config = [
maintenance_recurrence = "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH"
}
]
+enable_cost_allocation_feature = true
+enable_l4_ilb_subsetting = true
+
+release_channel = "RAPID"
+kubernetes_version = "1.30.1-gke.1156000"
-release_channel = "REGULAR"
-kubernetes_version = "1.28.3-gke.1203001"
additional_node_pools = [
{
name = "highmem",
@@ -51,19 +54,5 @@ additional_node_pools = [
taints = []
tags = ["terratest"]
zones = ["asia-southeast2-a", "asia-southeast2-b", "asia-southeast2-c"]
- },
- {
- name = "compute",
- machine_type = "e2-highcpu-8"
- minimum_node_count = 1
- maximum_node_count = 3
- enable_secure_boot = true
- taints = [{
- key = "terratest"
- value = "true"
- effect = "NO_SCHEDULE"
- }]
- tags = ["terratest"]
- zones = ["asia-southeast2-b"]
- },
+ }
]