Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: synced file(s) with honestbank/.github #77

Merged
merged 1 commit into from
Sep 12, 2024
Merged

ci: synced file(s) with honestbank/.github #77

merged 1 commit into from
Sep 12, 2024

Conversation

honestbank-bot
Copy link
Contributor

@honestbank-bot honestbank-bot commented Jul 12, 2022
edited by maetolay
Loading

synced local file(s) with honestbank/.github.

This PR was created automatically by the repo-file-sync-action workflow run #10823257041

This change is Reviewable

@honestbank-bot honestbank-bot requested review from a team and jai as code owners July 12, 2022 04:12
@github-actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖Success! The configuration is valid.

Terraform Plan 📖success

Show Plan 
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/honestbank/terraform-gcp-gke/runs/run-4G61WchEfVAewG5m

Waiting for the plan to start...

Terraform v1.1.5
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # random_id.run_id will be created
  + resource "random_id" "run_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

  # module.gke.data.google_compute_instance.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance" "primary_node_pool"  {
      + advanced_machine_features    = (known after apply)
      + allow_stopping_for_update    = (known after apply)
      + attached_disk                = (known after apply)
      + boot_disk                    = (known after apply)
      + can_ip_forward               = (known after apply)
      + confidential_instance_config = (known after apply)
      + cpu_platform                 = (known after apply)
      + current_status               = (known after apply)
      + deletion_protection          = (known after apply)
      + description                  = (known after apply)
      + desired_status               = (known after apply)
      + enable_display               = (known after apply)
      + guest_accelerator            = (known after apply)
      + hostname                     = (known after apply)
      + id                           = (known after apply)
      + instance_id                  = (known after apply)
      + label_fingerprint            = (known after apply)
      + labels                       = (known after apply)
      + machine_type                 = (known after apply)
      + metadata                     = (known after apply)
      + metadata_fingerprint         = (known after apply)
      + metadata_startup_script      = (known after apply)
      + min_cpu_platform             = (known after apply)
      + network_interface            = (known after apply)
      + reservation_affinity         = (known after apply)
      + resource_policies            = (known after apply)
      + scheduling                   = (known after apply)
      + scratch_disk                 = (known after apply)
      + self_link                    = (known after apply)
      + service_account              = (known after apply)
      + shielded_instance_config     = (known after apply)
      + tags                         = (known after apply)
      + tags_fingerprint             = (known after apply)
    }

  # module.gke.data.google_compute_instance_group.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance_group" "primary_node_pool"  {
      + description = (known after apply)
      + id          = (known after apply)
      + instances   = (known after apply)
      + named_port  = (known after apply)
      + network     = (known after apply)
      + project     = (known after apply)
      + self_link   = (known after apply)
      + size        = (known after apply)
      + zone        = (known after apply)
    }

  # module.gke.data.google_container_cluster.current_cluster will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "current_cluster"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + cluster_telemetry                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_l4_ilb_subsetting          = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + identity_service_config           = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + pod_security_policy_config        = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_config                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.data.google_container_cluster.primary will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "primary"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.google_compute_firewall.gke_private_cluster_istio_gatekeeper_rules will be created
  + resource "google_compute_firewall" "gke_private_cluster_istio_gatekeeper_rules" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "10.40.0.0/28",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "15017",
              + "8443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_firewall.gke_private_cluster_public_https_firewall_rule[0] will be created
  + resource "google_compute_firewall" "gke_private_cluster_public_https_firewall_rule" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "0.0.0.0/0",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_router.router[0] will be created
  + resource "google_compute_router" "router" {
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + project            = (known after apply)
      + region             = "asia-southeast2"
      + self_link          = (known after apply)
    }

  # module.gke.google_compute_router_nat.nat[0] will be created
  + resource "google_compute_router_nat" "nat" {
      + enable_dynamic_port_allocation      = (known after apply)
      + enable_endpoint_independent_mapping = true
      + icmp_idle_timeout_sec               = 30
      + id                                  = (known after apply)
      + name                                = (known after apply)
      + nat_ip_allocate_option              = "AUTO_ONLY"
      + project                             = (known after apply)
      + region                              = "asia-southeast2"
      + router                              = (known after apply)
      + source_subnetwork_ip_ranges_to_nat  = "ALL_SUBNETWORKS_ALL_IP_RANGES"
      + tcp_established_idle_timeout_sec    = 1200
      + tcp_transitory_idle_timeout_sec     = 30
      + udp_idle_timeout_sec                = 30

      + log_config {
          + enable = true
          + filter = "ERRORS_ONLY"
        }
    }

  # module.gke.google_container_cluster.primary will be created
  + resource "google_container_cluster" "primary" {
      + cluster_ipv4_cidr           = (known after apply)
      + datapath_provider           = (known after apply)
      + default_max_pods_per_node   = (known after apply)
      + enable_binary_authorization = true
      + enable_intranode_visibility = true
      + enable_kubernetes_alpha     = false
      + enable_l4_ilb_subsetting    = false
      + enable_legacy_abac          = false
      + enable_shielded_nodes       = true
      + enable_tpu                  = (known after apply)
      + endpoint                    = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = 1
      + label_fingerprint           = (known after apply)
      + location                    = "asia-southeast2"
      + logging_service             = (known after apply)
      + master_version              = (known after apply)
      + min_master_version          = "1.23.5-gke.1501"
      + monitoring_service          = (known after apply)
      + name                        = (known after apply)
      + network                     = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/global/networks/vpc"
      + networking_mode             = "VPC_NATIVE"
      + node_locations              = (known after apply)
      + node_version                = (known after apply)
      + operation                   = (known after apply)
      + private_ipv6_google_access  = (known after apply)
      + project                     = (known after apply)
      + remove_default_node_pool    = true
      + resource_labels             = {
          + "terraform" = "true"
        }
      + self_link                   = (known after apply)
      + services_ipv4_cidr          = (known after apply)
      + subnetwork                  = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/regions/asia-southeast2/subnetworks/honestcard-compute-primary-subnet"
      + tpu_ipv4_cidr_block         = (known after apply)

      + addons_config {
          + cloudrun_config {
              + disabled           = (known after apply)
              + load_balancer_type = (known after apply)
            }

          + config_connector_config {
              + enabled = (known after apply)
            }

          + dns_cache_config {
              + enabled = (known after apply)
            }

          + gce_persistent_disk_csi_driver_config {
              + enabled = (known after apply)
            }

          + gcp_filestore_csi_driver_config {
              + enabled = (known after apply)
            }

          + gke_backup_agent_config {
              + enabled = (known after apply)
            }

          + horizontal_pod_autoscaling {
              + disabled = false
            }

          + http_load_balancing {
              + disabled = false
            }

          + istio_config {
              + disabled = true
            }

          + kalm_config {
              + enabled = (known after apply)
            }

          + network_policy_config {
              + disabled = false
            }
        }

      + authenticator_groups_config {
          + security_group = "[email protected]"
        }

      + cluster_autoscaling {
          + autoscaling_profile = "BALANCED"
          + enabled             = false

          + auto_provisioning_defaults {
              + image_type       = (known after apply)
              + min_cpu_platform = (known after apply)
              + oauth_scopes     = (known after apply)
              + service_account  = (known after apply)
            }
        }

      + cluster_telemetry {
          + type = (known after apply)
        }

      + confidential_nodes {
          + enabled = (known after apply)
        }

      + database_encryption {
          + key_name = (known after apply)
          + state    = (known after apply)
        }

      + default_snat_status {
          + disabled = (known after apply)
        }

      + identity_service_config {
          + enabled = (known after apply)
        }

      + ip_allocation_policy {
          + cluster_ipv4_cidr_block       = (known after apply)
          + cluster_secondary_range_name  = "honestcard-compute-pods-subnet"
          + services_ipv4_cidr_block      = (known after apply)
          + services_secondary_range_name = "honestcard-compute-services-subnet"
        }

      + logging_config {
          + enable_components = (known after apply)
        }

      + master_auth {
          + client_certificate     = (known after apply)
          + client_key             = (sensitive value)
          + cluster_ca_certificate = (known after apply)

          + client_certificate_config {
              + issue_client_certificate = false
            }
        }

      + master_authorized_networks_config {
          + cidr_blocks {
              + cidr_block = "0.0.0.0/0"
            }
        }

      + monitoring_config {
          + enable_components = (known after apply)

          + managed_prometheus {
              + enabled = (known after apply)
            }
        }

      + network_policy {
          + enabled = true
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = (known after apply)
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + node_pool {
          + initial_node_count          = (known after apply)
          + instance_group_urls         = (known after apply)
          + managed_instance_group_urls = (known after apply)
          + max_pods_per_node           = (known after apply)
          + name                        = (known after apply)
          + name_prefix                 = (known after apply)
          + node_count                  = (known after apply)
          + node_locations              = (known after apply)
          + version                     = (known after apply)

          + autoscaling {
              + max_node_count = (known after apply)
              + min_node_count = (known after apply)
            }

          + management {
              + auto_repair  = (known after apply)
              + auto_upgrade = (known after apply)
            }

          + network_config {
              + create_pod_range    = (known after apply)
              + pod_ipv4_cidr_block = (known after apply)
              + pod_range           = (known after apply)
            }

          + node_config {
              + boot_disk_kms_key = (known after apply)
              + disk_size_gb      = (known after apply)
              + disk_type         = (known after apply)
              + guest_accelerator = (known after apply)
              + image_type        = (known after apply)
              + labels            = (known after apply)
              + local_ssd_count   = (known after apply)
              + machine_type      = (known after apply)
              + metadata          = (known after apply)
              + min_cpu_platform  = (known after apply)
              + node_group        = (known after apply)
              + oauth_scopes      = (known after apply)
              + preemptible       = (known after apply)
              + service_account   = (known after apply)
              + spot              = (known after apply)
              + tags              = (known after apply)
              + taint             = (known after apply)

              + ephemeral_storage_config {
                  + local_ssd_count = (known after apply)
                }

              + gcfs_config {
                  + enabled = (known after apply)
                }

              + gvnic {
                  + enabled = (known after apply)
                }

              + kubelet_config {
                  + cpu_cfs_quota        = (known after apply)
                  + cpu_cfs_quota_period = (known after apply)
                  + cpu_manager_policy   = (known after apply)
                }

              + linux_node_config {
                  + sysctls = (known after apply)
                }

              + sandbox_config {
                  + sandbox_type = (known after apply)
                }

              + shielded_instance_config {
                  + enable_integrity_monitoring = (known after apply)
                  + enable_secure_boot          = (known after apply)
                }

              + workload_metadata_config {
                  + mode = (known after apply)
                }
            }

          + placement_policy {
              + type = (known after apply)
            }

          + upgrade_settings {
              + max_surge       = (known after apply)
              + max_unavailable = (known after apply)
            }
        }

      + notification_config {
          + pubsub {
              + enabled = (known after apply)
              + topic   = (known after apply)
            }
        }

      + private_cluster_config {
          + enable_private_nodes   = true
          + master_ipv4_cidr_block = "10.40.0.0/28"
          + peering_name           = (known after apply)
          + private_endpoint       = (known after apply)
          + public_endpoint        = (known after apply)

          + master_global_access_config {
              + enabled = false
            }
        }

      + release_channel {
          + channel = "REGULAR"
        }

      + tpu_config {
          + enabled                = (known after apply)
          + ipv4_cidr_block        = (known after apply)
          + use_service_networking = (known after apply)
        }

      + vertical_pod_autoscaling {
          + enabled = (known after apply)
        }

      + workload_identity_config {
          + workload_pool = "compute-df9f.svc.id.goog"
        }
    }

  # module.gke.google_container_node_pool.primary_node_pool will be created
  + resource "google_container_node_pool" "primary_node_pool" {
      + cluster                     = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = (known after apply)
      + instance_group_urls         = (known after apply)
      + location                    = "asia-southeast2"
      + managed_instance_group_urls = (known after apply)
      + max_pods_per_node           = (known after apply)
      + name                        = "primary"
      + name_prefix                 = (known after apply)
      + node_count                  = 1
      + node_locations              = [
          + "asia-southeast2-a",
          + "asia-southeast2-b",
          + "asia-southeast2-c",
        ]
      + operation                   = (known after apply)
      + project                     = (known after apply)
      + version                     = "1.23.5-gke.1501"

      + autoscaling {
          + max_node_count = 1
          + min_node_count = 1
        }

      + management {
          + auto_repair  = true
          + auto_upgrade = true
        }

      + network_config {
          + create_pod_range    = (known after apply)
          + pod_ipv4_cidr_block = (known after apply)
          + pod_range           = (known after apply)
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = [
              + "https://www.googleapis.com/auth/cloud-platform",
            ]
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + upgrade_settings {
          + max_surge       = (known after apply)
          + max_unavailable = (known after apply)
        }
    }

  # module.gke.google_service_account.default will be created
  + resource "google_service_account" "default" {
      + account_id   = (known after apply)
      + disabled     = false
      + display_name = (known after apply)
      + email        = (known after apply)
      + id           = (known after apply)
      + name         = (known after apply)
      + project      = (known after apply)
      + unique_id    = (known after apply)
    }

  # module.gke.random_id.node_pool_tag will be created
  + resource "random_id" "node_pool_tag" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 9 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ca_certificate                                       = (sensitive value)
  + client_token                                         = (sensitive value)
  + cluster_name                                         = (known after apply)
  + cluster_project                                      = (known after apply)
  + gke_cluster_istio_gatekeeper_firewall_rule_self_link = (known after apply)
  + gke_cluster_primary_node_pool_tag                    = (known after apply)
  + kubernetes_endpoint                                  = (sensitive value)
  + service_account                                      = (known after apply)

Pusher: @honestbank-bot, Action: pull_request, Working Directory: ``, Workflow: Terraform GitHub Actions

@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch from dd26598 to 979c989 Compare July 18, 2022 10:27
@github-actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖Success! The configuration is valid.

Terraform Plan 📖success

Show Plan 
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/honestbank/terraform-gcp-gke/runs/run-Kc4RqQoq8QYxXGrz

Waiting for the plan to start...

Terraform v1.1.5
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # random_id.run_id will be created
  + resource "random_id" "run_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

  # module.gke.data.google_compute_instance.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance" "primary_node_pool"  {
      + advanced_machine_features    = (known after apply)
      + allow_stopping_for_update    = (known after apply)
      + attached_disk                = (known after apply)
      + boot_disk                    = (known after apply)
      + can_ip_forward               = (known after apply)
      + confidential_instance_config = (known after apply)
      + cpu_platform                 = (known after apply)
      + current_status               = (known after apply)
      + deletion_protection          = (known after apply)
      + description                  = (known after apply)
      + desired_status               = (known after apply)
      + enable_display               = (known after apply)
      + guest_accelerator            = (known after apply)
      + hostname                     = (known after apply)
      + id                           = (known after apply)
      + instance_id                  = (known after apply)
      + label_fingerprint            = (known after apply)
      + labels                       = (known after apply)
      + machine_type                 = (known after apply)
      + metadata                     = (known after apply)
      + metadata_fingerprint         = (known after apply)
      + metadata_startup_script      = (known after apply)
      + min_cpu_platform             = (known after apply)
      + network_interface            = (known after apply)
      + reservation_affinity         = (known after apply)
      + resource_policies            = (known after apply)
      + scheduling                   = (known after apply)
      + scratch_disk                 = (known after apply)
      + self_link                    = (known after apply)
      + service_account              = (known after apply)
      + shielded_instance_config     = (known after apply)
      + tags                         = (known after apply)
      + tags_fingerprint             = (known after apply)
    }

  # module.gke.data.google_compute_instance_group.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance_group" "primary_node_pool"  {
      + description = (known after apply)
      + id          = (known after apply)
      + instances   = (known after apply)
      + named_port  = (known after apply)
      + network     = (known after apply)
      + project     = (known after apply)
      + self_link   = (known after apply)
      + size        = (known after apply)
      + zone        = (known after apply)
    }

  # module.gke.data.google_container_cluster.current_cluster will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "current_cluster"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + cluster_telemetry                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_l4_ilb_subsetting          = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + identity_service_config           = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + pod_security_policy_config        = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_config                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.data.google_container_cluster.primary will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "primary"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.google_compute_firewall.gke_private_cluster_istio_gatekeeper_rules will be created
  + resource "google_compute_firewall" "gke_private_cluster_istio_gatekeeper_rules" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "10.40.0.0/28",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "15017",
              + "8443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_firewall.gke_private_cluster_public_https_firewall_rule[0] will be created
  + resource "google_compute_firewall" "gke_private_cluster_public_https_firewall_rule" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "0.0.0.0/0",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_router.router[0] will be created
  + resource "google_compute_router" "router" {
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + project            = (known after apply)
      + region             = "asia-southeast2"
      + self_link          = (known after apply)
    }

  # module.gke.google_compute_router_nat.nat[0] will be created
  + resource "google_compute_router_nat" "nat" {
      + enable_dynamic_port_allocation      = (known after apply)
      + enable_endpoint_independent_mapping = true
      + icmp_idle_timeout_sec               = 30
      + id                                  = (known after apply)
      + name                                = (known after apply)
      + nat_ip_allocate_option              = "AUTO_ONLY"
      + project                             = (known after apply)
      + region                              = "asia-southeast2"
      + router                              = (known after apply)
      + source_subnetwork_ip_ranges_to_nat  = "ALL_SUBNETWORKS_ALL_IP_RANGES"
      + tcp_established_idle_timeout_sec    = 1200
      + tcp_transitory_idle_timeout_sec     = 30
      + udp_idle_timeout_sec                = 30

      + log_config {
          + enable = true
          + filter = "ERRORS_ONLY"
        }
    }

  # module.gke.google_container_cluster.primary will be created
  + resource "google_container_cluster" "primary" {
      + cluster_ipv4_cidr           = (known after apply)
      + datapath_provider           = (known after apply)
      + default_max_pods_per_node   = (known after apply)
      + enable_binary_authorization = true
      + enable_intranode_visibility = true
      + enable_kubernetes_alpha     = false
      + enable_l4_ilb_subsetting    = false
      + enable_legacy_abac          = false
      + enable_shielded_nodes       = true
      + enable_tpu                  = (known after apply)
      + endpoint                    = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = 1
      + label_fingerprint           = (known after apply)
      + location                    = "asia-southeast2"
      + logging_service             = (known after apply)
      + master_version              = (known after apply)
      + min_master_version          = "1.23.5-gke.1501"
      + monitoring_service          = (known after apply)
      + name                        = (known after apply)
      + network                     = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/global/networks/vpc"
      + networking_mode             = "VPC_NATIVE"
      + node_locations              = (known after apply)
      + node_version                = (known after apply)
      + operation                   = (known after apply)
      + private_ipv6_google_access  = (known after apply)
      + project                     = (known after apply)
      + remove_default_node_pool    = true
      + resource_labels             = {
          + "terraform" = "true"
        }
      + self_link                   = (known after apply)
      + services_ipv4_cidr          = (known after apply)
      + subnetwork                  = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/regions/asia-southeast2/subnetworks/honestcard-compute-primary-subnet"
      + tpu_ipv4_cidr_block         = (known after apply)

      + addons_config {
          + cloudrun_config {
              + disabled           = (known after apply)
              + load_balancer_type = (known after apply)
            }

          + config_connector_config {
              + enabled = (known after apply)
            }

          + dns_cache_config {
              + enabled = (known after apply)
            }

          + gce_persistent_disk_csi_driver_config {
              + enabled = (known after apply)
            }

          + gcp_filestore_csi_driver_config {
              + enabled = (known after apply)
            }

          + gke_backup_agent_config {
              + enabled = (known after apply)
            }

          + horizontal_pod_autoscaling {
              + disabled = false
            }

          + http_load_balancing {
              + disabled = false
            }

          + istio_config {
              + disabled = true
            }

          + kalm_config {
              + enabled = (known after apply)
            }

          + network_policy_config {
              + disabled = false
            }
        }

      + authenticator_groups_config {
          + security_group = "[email protected]"
        }

      + cluster_autoscaling {
          + autoscaling_profile = "BALANCED"
          + enabled             = false

          + auto_provisioning_defaults {
              + image_type       = (known after apply)
              + min_cpu_platform = (known after apply)
              + oauth_scopes     = (known after apply)
              + service_account  = (known after apply)
            }
        }

      + cluster_telemetry {
          + type = (known after apply)
        }

      + confidential_nodes {
          + enabled = (known after apply)
        }

      + database_encryption {
          + key_name = (known after apply)
          + state    = (known after apply)
        }

      + default_snat_status {
          + disabled = (known after apply)
        }

      + identity_service_config {
          + enabled = (known after apply)
        }

      + ip_allocation_policy {
          + cluster_ipv4_cidr_block       = (known after apply)
          + cluster_secondary_range_name  = "honestcard-compute-pods-subnet"
          + services_ipv4_cidr_block      = (known after apply)
          + services_secondary_range_name = "honestcard-compute-services-subnet"
        }

      + logging_config {
          + enable_components = (known after apply)
        }

      + master_auth {
          + client_certificate     = (known after apply)
          + client_key             = (sensitive value)
          + cluster_ca_certificate = (known after apply)

          + client_certificate_config {
              + issue_client_certificate = false
            }
        }

      + master_authorized_networks_config {
          + cidr_blocks {
              + cidr_block = "0.0.0.0/0"
            }
        }

      + monitoring_config {
          + enable_components = (known after apply)

          + managed_prometheus {
              + enabled = (known after apply)
            }
        }

      + network_policy {
          + enabled = true
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = (known after apply)
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + node_pool {
          + initial_node_count          = (known after apply)
          + instance_group_urls         = (known after apply)
          + managed_instance_group_urls = (known after apply)
          + max_pods_per_node           = (known after apply)
          + name                        = (known after apply)
          + name_prefix                 = (known after apply)
          + node_count                  = (known after apply)
          + node_locations              = (known after apply)
          + version                     = (known after apply)

          + autoscaling {
              + max_node_count = (known after apply)
              + min_node_count = (known after apply)
            }

          + management {
              + auto_repair  = (known after apply)
              + auto_upgrade = (known after apply)
            }

          + network_config {
              + create_pod_range    = (known after apply)
              + pod_ipv4_cidr_block = (known after apply)
              + pod_range           = (known after apply)
            }

          + node_config {
              + boot_disk_kms_key = (known after apply)
              + disk_size_gb      = (known after apply)
              + disk_type         = (known after apply)
              + guest_accelerator = (known after apply)
              + image_type        = (known after apply)
              + labels            = (known after apply)
              + local_ssd_count   = (known after apply)
              + machine_type      = (known after apply)
              + metadata          = (known after apply)
              + min_cpu_platform  = (known after apply)
              + node_group        = (known after apply)
              + oauth_scopes      = (known after apply)
              + preemptible       = (known after apply)
              + service_account   = (known after apply)
              + spot              = (known after apply)
              + tags              = (known after apply)
              + taint             = (known after apply)

              + ephemeral_storage_config {
                  + local_ssd_count = (known after apply)
                }

              + gcfs_config {
                  + enabled = (known after apply)
                }

              + gvnic {
                  + enabled = (known after apply)
                }

              + kubelet_config {
                  + cpu_cfs_quota        = (known after apply)
                  + cpu_cfs_quota_period = (known after apply)
                  + cpu_manager_policy   = (known after apply)
                }

              + linux_node_config {
                  + sysctls = (known after apply)
                }

              + sandbox_config {
                  + sandbox_type = (known after apply)
                }

              + shielded_instance_config {
                  + enable_integrity_monitoring = (known after apply)
                  + enable_secure_boot          = (known after apply)
                }

              + workload_metadata_config {
                  + mode = (known after apply)
                }
            }

          + placement_policy {
              + type = (known after apply)
            }

          + upgrade_settings {
              + max_surge       = (known after apply)
              + max_unavailable = (known after apply)
            }
        }

      + notification_config {
          + pubsub {
              + enabled = (known after apply)
              + topic   = (known after apply)
            }
        }

      + private_cluster_config {
          + enable_private_nodes   = true
          + master_ipv4_cidr_block = "10.40.0.0/28"
          + peering_name           = (known after apply)
          + private_endpoint       = (known after apply)
          + public_endpoint        = (known after apply)

          + master_global_access_config {
              + enabled = false
            }
        }

      + release_channel {
          + channel = "REGULAR"
        }

      + tpu_config {
          + enabled                = (known after apply)
          + ipv4_cidr_block        = (known after apply)
          + use_service_networking = (known after apply)
        }

      + vertical_pod_autoscaling {
          + enabled = (known after apply)
        }

      + workload_identity_config {
          + workload_pool = "compute-df9f.svc.id.goog"
        }
    }

  # module.gke.google_container_node_pool.primary_node_pool will be created
  + resource "google_container_node_pool" "primary_node_pool" {
      + cluster                     = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = (known after apply)
      + instance_group_urls         = (known after apply)
      + location                    = "asia-southeast2"
      + managed_instance_group_urls = (known after apply)
      + max_pods_per_node           = (known after apply)
      + name                        = "primary"
      + name_prefix                 = (known after apply)
      + node_count                  = 1
      + node_locations              = [
          + "asia-southeast2-a",
          + "asia-southeast2-b",
          + "asia-southeast2-c",
        ]
      + operation                   = (known after apply)
      + project                     = (known after apply)
      + version                     = "1.23.5-gke.1501"

      + autoscaling {
          + max_node_count = 1
          + min_node_count = 1
        }

      + management {
          + auto_repair  = true
          + auto_upgrade = true
        }

      + network_config {
          + create_pod_range    = (known after apply)
          + pod_ipv4_cidr_block = (known after apply)
          + pod_range           = (known after apply)
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = [
              + "https://www.googleapis.com/auth/cloud-platform",
            ]
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + upgrade_settings {
          + max_surge       = (known after apply)
          + max_unavailable = (known after apply)
        }
    }

  # module.gke.google_service_account.default will be created
  + resource "google_service_account" "default" {
      + account_id   = (known after apply)
      + disabled     = false
      + display_name = (known after apply)
      + email        = (known after apply)
      + id           = (known after apply)
      + name         = (known after apply)
      + project      = (known after apply)
      + unique_id    = (known after apply)
    }

  # module.gke.random_id.node_pool_tag will be created
  + resource "random_id" "node_pool_tag" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 9 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ca_certificate                                       = (sensitive value)
  + client_token                                         = (sensitive value)
  + cluster_name                                         = (known after apply)
  + cluster_project                                      = (known after apply)
  + gke_cluster_istio_gatekeeper_firewall_rule_self_link = (known after apply)
  + gke_cluster_primary_node_pool_tag                    = (known after apply)
  + kubernetes_endpoint                                  = (sensitive value)
  + service_account                                      = (known after apply)

Pusher: @honestbank-bot, Action: pull_request, Working Directory: ``, Workflow: Terraform GitHub Actions

@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch from 979c989 to 9d40db7 Compare July 18, 2022 17:02
@github-actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖Success! The configuration is valid.

Terraform Plan 📖success

Show Plan 
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/honestbank/terraform-gcp-gke/runs/run-LrVpitQtJCuwwwJE

Waiting for the plan to start...

Terraform v1.1.5
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # random_id.run_id will be created
  + resource "random_id" "run_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

  # module.gke.data.google_compute_instance.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance" "primary_node_pool"  {
      + advanced_machine_features    = (known after apply)
      + allow_stopping_for_update    = (known after apply)
      + attached_disk                = (known after apply)
      + boot_disk                    = (known after apply)
      + can_ip_forward               = (known after apply)
      + confidential_instance_config = (known after apply)
      + cpu_platform                 = (known after apply)
      + current_status               = (known after apply)
      + deletion_protection          = (known after apply)
      + description                  = (known after apply)
      + desired_status               = (known after apply)
      + enable_display               = (known after apply)
      + guest_accelerator            = (known after apply)
      + hostname                     = (known after apply)
      + id                           = (known after apply)
      + instance_id                  = (known after apply)
      + label_fingerprint            = (known after apply)
      + labels                       = (known after apply)
      + machine_type                 = (known after apply)
      + metadata                     = (known after apply)
      + metadata_fingerprint         = (known after apply)
      + metadata_startup_script      = (known after apply)
      + min_cpu_platform             = (known after apply)
      + network_interface            = (known after apply)
      + reservation_affinity         = (known after apply)
      + resource_policies            = (known after apply)
      + scheduling                   = (known after apply)
      + scratch_disk                 = (known after apply)
      + self_link                    = (known after apply)
      + service_account              = (known after apply)
      + shielded_instance_config     = (known after apply)
      + tags                         = (known after apply)
      + tags_fingerprint             = (known after apply)
    }

  # module.gke.data.google_compute_instance_group.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance_group" "primary_node_pool"  {
      + description = (known after apply)
      + id          = (known after apply)
      + instances   = (known after apply)
      + named_port  = (known after apply)
      + network     = (known after apply)
      + project     = (known after apply)
      + self_link   = (known after apply)
      + size        = (known after apply)
      + zone        = (known after apply)
    }

  # module.gke.data.google_container_cluster.current_cluster will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "current_cluster"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + cluster_telemetry                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_l4_ilb_subsetting          = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + identity_service_config           = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + pod_security_policy_config        = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_config                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.data.google_container_cluster.primary will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "primary"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.google_compute_firewall.gke_private_cluster_istio_gatekeeper_rules will be created
  + resource "google_compute_firewall" "gke_private_cluster_istio_gatekeeper_rules" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "10.40.0.0/28",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "15017",
              + "8443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_firewall.gke_private_cluster_public_https_firewall_rule[0] will be created
  + resource "google_compute_firewall" "gke_private_cluster_public_https_firewall_rule" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "0.0.0.0/0",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_router.router[0] will be created
  + resource "google_compute_router" "router" {
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + project            = (known after apply)
      + region             = "asia-southeast2"
      + self_link          = (known after apply)
    }

  # module.gke.google_compute_router_nat.nat[0] will be created
  + resource "google_compute_router_nat" "nat" {
      + enable_dynamic_port_allocation      = (known after apply)
      + enable_endpoint_independent_mapping = true
      + icmp_idle_timeout_sec               = 30
      + id                                  = (known after apply)
      + name                                = (known after apply)
      + nat_ip_allocate_option              = "AUTO_ONLY"
      + project                             = (known after apply)
      + region                              = "asia-southeast2"
      + router                              = (known after apply)
      + source_subnetwork_ip_ranges_to_nat  = "ALL_SUBNETWORKS_ALL_IP_RANGES"
      + tcp_established_idle_timeout_sec    = 1200
      + tcp_transitory_idle_timeout_sec     = 30
      + udp_idle_timeout_sec                = 30

      + log_config {
          + enable = true
          + filter = "ERRORS_ONLY"
        }
    }

  # module.gke.google_container_cluster.primary will be created
  + resource "google_container_cluster" "primary" {
      + cluster_ipv4_cidr           = (known after apply)
      + datapath_provider           = (known after apply)
      + default_max_pods_per_node   = (known after apply)
      + enable_binary_authorization = true
      + enable_intranode_visibility = true
      + enable_kubernetes_alpha     = false
      + enable_l4_ilb_subsetting    = false
      + enable_legacy_abac          = false
      + enable_shielded_nodes       = true
      + enable_tpu                  = (known after apply)
      + endpoint                    = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = 1
      + label_fingerprint           = (known after apply)
      + location                    = "asia-southeast2"
      + logging_service             = (known after apply)
      + master_version              = (known after apply)
      + min_master_version          = "1.23.5-gke.1501"
      + monitoring_service          = (known after apply)
      + name                        = (known after apply)
      + network                     = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/global/networks/vpc"
      + networking_mode             = "VPC_NATIVE"
      + node_locations              = (known after apply)
      + node_version                = (known after apply)
      + operation                   = (known after apply)
      + private_ipv6_google_access  = (known after apply)
      + project                     = (known after apply)
      + remove_default_node_pool    = true
      + resource_labels             = {
          + "terraform" = "true"
        }
      + self_link                   = (known after apply)
      + services_ipv4_cidr          = (known after apply)
      + subnetwork                  = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/regions/asia-southeast2/subnetworks/honestcard-compute-primary-subnet"
      + tpu_ipv4_cidr_block         = (known after apply)

      + addons_config {
          + cloudrun_config {
              + disabled           = (known after apply)
              + load_balancer_type = (known after apply)
            }

          + config_connector_config {
              + enabled = (known after apply)
            }

          + dns_cache_config {
              + enabled = (known after apply)
            }

          + gce_persistent_disk_csi_driver_config {
              + enabled = (known after apply)
            }

          + gcp_filestore_csi_driver_config {
              + enabled = (known after apply)
            }

          + gke_backup_agent_config {
              + enabled = (known after apply)
            }

          + horizontal_pod_autoscaling {
              + disabled = false
            }

          + http_load_balancing {
              + disabled = false
            }

          + istio_config {
              + disabled = true
            }

          + kalm_config {
              + enabled = (known after apply)
            }

          + network_policy_config {
              + disabled = false
            }
        }

      + authenticator_groups_config {
          + security_group = "[email protected]"
        }

      + cluster_autoscaling {
          + autoscaling_profile = "BALANCED"
          + enabled             = false

          + auto_provisioning_defaults {
              + image_type       = (known after apply)
              + min_cpu_platform = (known after apply)
              + oauth_scopes     = (known after apply)
              + service_account  = (known after apply)
            }
        }

      + cluster_telemetry {
          + type = (known after apply)
        }

      + confidential_nodes {
          + enabled = (known after apply)
        }

      + database_encryption {
          + key_name = (known after apply)
          + state    = (known after apply)
        }

      + default_snat_status {
          + disabled = (known after apply)
        }

      + identity_service_config {
          + enabled = (known after apply)
        }

      + ip_allocation_policy {
          + cluster_ipv4_cidr_block       = (known after apply)
          + cluster_secondary_range_name  = "honestcard-compute-pods-subnet"
          + services_ipv4_cidr_block      = (known after apply)
          + services_secondary_range_name = "honestcard-compute-services-subnet"
        }

      + logging_config {
          + enable_components = (known after apply)
        }

      + master_auth {
          + client_certificate     = (known after apply)
          + client_key             = (sensitive value)
          + cluster_ca_certificate = (known after apply)

          + client_certificate_config {
              + issue_client_certificate = false
            }
        }

      + master_authorized_networks_config {
          + cidr_blocks {
              + cidr_block = "0.0.0.0/0"
            }
        }

      + monitoring_config {
          + enable_components = (known after apply)

          + managed_prometheus {
              + enabled = (known after apply)
            }
        }

      + network_policy {
          + enabled = true
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = (known after apply)
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + node_pool {
          + initial_node_count          = (known after apply)
          + instance_group_urls         = (known after apply)
          + managed_instance_group_urls = (known after apply)
          + max_pods_per_node           = (known after apply)
          + name                        = (known after apply)
          + name_prefix                 = (known after apply)
          + node_count                  = (known after apply)
          + node_locations              = (known after apply)
          + version                     = (known after apply)

          + autoscaling {
              + max_node_count = (known after apply)
              + min_node_count = (known after apply)
            }

          + management {
              + auto_repair  = (known after apply)
              + auto_upgrade = (known after apply)
            }

          + network_config {
              + create_pod_range    = (known after apply)
              + pod_ipv4_cidr_block = (known after apply)
              + pod_range           = (known after apply)
            }

          + node_config {
              + boot_disk_kms_key = (known after apply)
              + disk_size_gb      = (known after apply)
              + disk_type         = (known after apply)
              + guest_accelerator = (known after apply)
              + image_type        = (known after apply)
              + labels            = (known after apply)
              + local_ssd_count   = (known after apply)
              + machine_type      = (known after apply)
              + metadata          = (known after apply)
              + min_cpu_platform  = (known after apply)
              + node_group        = (known after apply)
              + oauth_scopes      = (known after apply)
              + preemptible       = (known after apply)
              + service_account   = (known after apply)
              + spot              = (known after apply)
              + tags              = (known after apply)
              + taint             = (known after apply)

              + ephemeral_storage_config {
                  + local_ssd_count = (known after apply)
                }

              + gcfs_config {
                  + enabled = (known after apply)
                }

              + gvnic {
                  + enabled = (known after apply)
                }

              + kubelet_config {
                  + cpu_cfs_quota        = (known after apply)
                  + cpu_cfs_quota_period = (known after apply)
                  + cpu_manager_policy   = (known after apply)
                }

              + linux_node_config {
                  + sysctls = (known after apply)
                }

              + sandbox_config {
                  + sandbox_type = (known after apply)
                }

              + shielded_instance_config {
                  + enable_integrity_monitoring = (known after apply)
                  + enable_secure_boot          = (known after apply)
                }

              + workload_metadata_config {
                  + mode = (known after apply)
                }
            }

          + placement_policy {
              + type = (known after apply)
            }

          + upgrade_settings {
              + max_surge       = (known after apply)
              + max_unavailable = (known after apply)
            }
        }

      + notification_config {
          + pubsub {
              + enabled = (known after apply)
              + topic   = (known after apply)
            }
        }

      + private_cluster_config {
          + enable_private_nodes   = true
          + master_ipv4_cidr_block = "10.40.0.0/28"
          + peering_name           = (known after apply)
          + private_endpoint       = (known after apply)
          + public_endpoint        = (known after apply)

          + master_global_access_config {
              + enabled = false
            }
        }

      + release_channel {
          + channel = "REGULAR"
        }

      + tpu_config {
          + enabled                = (known after apply)
          + ipv4_cidr_block        = (known after apply)
          + use_service_networking = (known after apply)
        }

      + vertical_pod_autoscaling {
          + enabled = (known after apply)
        }

      + workload_identity_config {
          + workload_pool = "compute-df9f.svc.id.goog"
        }
    }

  # module.gke.google_container_node_pool.primary_node_pool will be created
  + resource "google_container_node_pool" "primary_node_pool" {
      + cluster                     = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = (known after apply)
      + instance_group_urls         = (known after apply)
      + location                    = "asia-southeast2"
      + managed_instance_group_urls = (known after apply)
      + max_pods_per_node           = (known after apply)
      + name                        = "primary"
      + name_prefix                 = (known after apply)
      + node_count                  = 1
      + node_locations              = [
          + "asia-southeast2-a",
          + "asia-southeast2-b",
          + "asia-southeast2-c",
        ]
      + operation                   = (known after apply)
      + project                     = (known after apply)
      + version                     = "1.23.5-gke.1501"

      + autoscaling {
          + max_node_count = 1
          + min_node_count = 1
        }

      + management {
          + auto_repair  = true
          + auto_upgrade = true
        }

      + network_config {
          + create_pod_range    = (known after apply)
          + pod_ipv4_cidr_block = (known after apply)
          + pod_range           = (known after apply)
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = [
              + "https://www.googleapis.com/auth/cloud-platform",
            ]
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + upgrade_settings {
          + max_surge       = (known after apply)
          + max_unavailable = (known after apply)
        }
    }

  # module.gke.google_service_account.default will be created
  + resource "google_service_account" "default" {
      + account_id   = (known after apply)
      + disabled     = false
      + display_name = (known after apply)
      + email        = (known after apply)
      + id           = (known after apply)
      + name         = (known after apply)
      + project      = (known after apply)
      + unique_id    = (known after apply)
    }

  # module.gke.random_id.node_pool_tag will be created
  + resource "random_id" "node_pool_tag" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 9 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ca_certificate                                       = (sensitive value)
  + client_token                                         = (sensitive value)
  + cluster_name                                         = (known after apply)
  + cluster_project                                      = (known after apply)
  + gke_cluster_istio_gatekeeper_firewall_rule_self_link = (known after apply)
  + gke_cluster_primary_node_pool_tag                    = (known after apply)
  + kubernetes_endpoint                                  = (sensitive value)
  + service_account                                      = (known after apply)

Pusher: @honestbank-bot, Action: pull_request, Working Directory: ``, Workflow: Terraform GitHub Actions

@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch from 9d40db7 to 3361e80 Compare July 22, 2022 02:47
@github-actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖

Warning: Argument is deprecated

with module.gke.google_container_cluster.primary,
on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":
59: enable_binary_authorization = true

Deprecated in favor of binary_authorization.
Success! The configuration is valid, but there were some validation warnings
as shown above.

Terraform Plan 📖success

Show Plan 
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/honestbank/terraform-gcp-gke/runs/run-J2k9N6ArqC3BkHkU

Waiting for the plan to start...

Terraform v1.1.5
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # random_id.run_id will be created
  + resource "random_id" "run_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

  # module.gke.data.google_compute_instance.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance" "primary_node_pool"  {
      + advanced_machine_features    = (known after apply)
      + allow_stopping_for_update    = (known after apply)
      + attached_disk                = (known after apply)
      + boot_disk                    = (known after apply)
      + can_ip_forward               = (known after apply)
      + confidential_instance_config = (known after apply)
      + cpu_platform                 = (known after apply)
      + current_status               = (known after apply)
      + deletion_protection          = (known after apply)
      + description                  = (known after apply)
      + desired_status               = (known after apply)
      + enable_display               = (known after apply)
      + guest_accelerator            = (known after apply)
      + hostname                     = (known after apply)
      + id                           = (known after apply)
      + instance_id                  = (known after apply)
      + label_fingerprint            = (known after apply)
      + labels                       = (known after apply)
      + machine_type                 = (known after apply)
      + metadata                     = (known after apply)
      + metadata_fingerprint         = (known after apply)
      + metadata_startup_script      = (known after apply)
      + min_cpu_platform             = (known after apply)
      + network_interface            = (known after apply)
      + reservation_affinity         = (known after apply)
      + resource_policies            = (known after apply)
      + scheduling                   = (known after apply)
      + scratch_disk                 = (known after apply)
      + self_link                    = (known after apply)
      + service_account              = (known after apply)
      + shielded_instance_config     = (known after apply)
      + tags                         = (known after apply)
      + tags_fingerprint             = (known after apply)
    }

  # module.gke.data.google_compute_instance_group.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance_group" "primary_node_pool"  {
      + description = (known after apply)
      + id          = (known after apply)
      + instances   = (known after apply)
      + named_port  = (known after apply)
      + network     = (known after apply)
      + project     = (known after apply)
      + self_link   = (known after apply)
      + size        = (known after apply)
      + zone        = (known after apply)
    }

  # module.gke.data.google_container_cluster.current_cluster will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "current_cluster"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + cluster_telemetry                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_l4_ilb_subsetting          = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + identity_service_config           = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + pod_security_policy_config        = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_config                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.data.google_container_cluster.primary will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "primary"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.google_compute_firewall.gke_private_cluster_istio_gatekeeper_rules will be created
  + resource "google_compute_firewall" "gke_private_cluster_istio_gatekeeper_rules" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "10.40.0.0/28",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "15017",
              + "8443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_firewall.gke_private_cluster_public_https_firewall_rule[0] will be created
  + resource "google_compute_firewall" "gke_private_cluster_public_https_firewall_rule" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "0.0.0.0/0",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_router.router[0] will be created
  + resource "google_compute_router" "router" {
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + project            = (known after apply)
      + region             = "asia-southeast2"
      + self_link          = (known after apply)
    }

  # module.gke.google_compute_router_nat.nat[0] will be created
  + resource "google_compute_router_nat" "nat" {
      + enable_dynamic_port_allocation      = (known after apply)
      + enable_endpoint_independent_mapping = true
      + icmp_idle_timeout_sec               = 30
      + id                                  = (known after apply)
      + name                                = (known after apply)
      + nat_ip_allocate_option              = "AUTO_ONLY"
      + project                             = (known after apply)
      + region                              = "asia-southeast2"
      + router                              = (known after apply)
      + source_subnetwork_ip_ranges_to_nat  = "ALL_SUBNETWORKS_ALL_IP_RANGES"
      + tcp_established_idle_timeout_sec    = 1200
      + tcp_transitory_idle_timeout_sec     = 30
      + udp_idle_timeout_sec                = 30

      + log_config {
          + enable = true
          + filter = "ERRORS_ONLY"
        }
    }

  # module.gke.google_container_cluster.primary will be created
  + resource "google_container_cluster" "primary" {
      + cluster_ipv4_cidr           = (known after apply)
      + datapath_provider           = (known after apply)
      + default_max_pods_per_node   = (known after apply)
      + enable_binary_authorization = true
      + enable_intranode_visibility = true
      + enable_kubernetes_alpha     = false
      + enable_l4_ilb_subsetting    = false
      + enable_legacy_abac          = false
      + enable_shielded_nodes       = true
      + enable_tpu                  = (known after apply)
      + endpoint                    = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = 1
      + label_fingerprint           = (known after apply)
      + location                    = "asia-southeast2"
      + logging_service             = (known after apply)
      + master_version              = (known after apply)
      + min_master_version          = "1.23.5-gke.1501"
      + monitoring_service          = (known after apply)
      + name                        = (known after apply)
      + network                     = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/global/networks/vpc"
      + networking_mode             = "VPC_NATIVE"
      + node_locations              = (known after apply)
      + node_version                = (known after apply)
      + operation                   = (known after apply)
      + private_ipv6_google_access  = (known after apply)
      + project                     = (known after apply)
      + remove_default_node_pool    = true
      + resource_labels             = {
          + "terraform" = "true"
        }
      + self_link                   = (known after apply)
      + services_ipv4_cidr          = (known after apply)
      + subnetwork                  = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/regions/asia-southeast2/subnetworks/honestcard-compute-primary-subnet"
      + tpu_ipv4_cidr_block         = (known after apply)

      + addons_config {
          + cloudrun_config {
              + disabled           = (known after apply)
              + load_balancer_type = (known after apply)
            }

          + config_connector_config {
              + enabled = (known after apply)
            }

          + dns_cache_config {
              + enabled = (known after apply)
            }

          + gce_persistent_disk_csi_driver_config {
              + enabled = (known after apply)
            }

          + gcp_filestore_csi_driver_config {
              + enabled = (known after apply)
            }

          + gke_backup_agent_config {
              + enabled = (known after apply)
            }

          + horizontal_pod_autoscaling {
              + disabled = false
            }

          + http_load_balancing {
              + disabled = false
            }

          + istio_config {
              + disabled = true
            }

          + kalm_config {
              + enabled = (known after apply)
            }

          + network_policy_config {
              + disabled = false
            }
        }

      + authenticator_groups_config {
          + security_group = "[email protected]"
        }

      + cluster_autoscaling {
          + autoscaling_profile = "BALANCED"
          + enabled             = false

          + auto_provisioning_defaults {
              + image_type       = (known after apply)
              + min_cpu_platform = (known after apply)
              + oauth_scopes     = (known after apply)
              + service_account  = (known after apply)
            }
        }

      + cluster_telemetry {
          + type = (known after apply)
        }

      + confidential_nodes {
          + enabled = (known after apply)
        }

      + database_encryption {
          + key_name = (known after apply)
          + state    = (known after apply)
        }

      + default_snat_status {
          + disabled = (known after apply)
        }

      + identity_service_config {
          + enabled = (known after apply)
        }

      + ip_allocation_policy {
          + cluster_ipv4_cidr_block       = (known after apply)
          + cluster_secondary_range_name  = "honestcard-compute-pods-subnet"
          + services_ipv4_cidr_block      = (known after apply)
          + services_secondary_range_name = "honestcard-compute-services-subnet"
        }

      + logging_config {
          + enable_components = (known after apply)
        }

      + master_auth {
          + client_certificate     = (known after apply)
          + client_key             = (sensitive value)
          + cluster_ca_certificate = (known after apply)

          + client_certificate_config {
              + issue_client_certificate = false
            }
        }

      + master_authorized_networks_config {
          + cidr_blocks {
              + cidr_block = "0.0.0.0/0"
            }
        }

      + monitoring_config {
          + enable_components = (known after apply)

          + managed_prometheus {
              + enabled = (known after apply)
            }
        }

      + network_policy {
          + enabled = true
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = (known after apply)
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + node_pool {
          + initial_node_count          = (known after apply)
          + instance_group_urls         = (known after apply)
          + managed_instance_group_urls = (known after apply)
          + max_pods_per_node           = (known after apply)
          + name                        = (known after apply)
          + name_prefix                 = (known after apply)
          + node_count                  = (known after apply)
          + node_locations              = (known after apply)
          + version                     = (known after apply)

          + autoscaling {
              + max_node_count = (known after apply)
              + min_node_count = (known after apply)
            }

          + management {
              + auto_repair  = (known after apply)
              + auto_upgrade = (known after apply)
            }

          + network_config {
              + create_pod_range    = (known after apply)
              + pod_ipv4_cidr_block = (known after apply)
              + pod_range           = (known after apply)
            }

          + node_config {
              + boot_disk_kms_key = (known after apply)
              + disk_size_gb      = (known after apply)
              + disk_type         = (known after apply)
              + guest_accelerator = (known after apply)
              + image_type        = (known after apply)
              + labels            = (known after apply)
              + local_ssd_count   = (known after apply)
              + machine_type      = (known after apply)
              + metadata          = (known after apply)
              + min_cpu_platform  = (known after apply)
              + node_group        = (known after apply)
              + oauth_scopes      = (known after apply)
              + preemptible       = (known after apply)
              + service_account   = (known after apply)
              + spot              = (known after apply)
              + tags              = (known after apply)
              + taint             = (known after apply)

              + ephemeral_storage_config {
                  + local_ssd_count = (known after apply)
                }

              + gcfs_config {
                  + enabled = (known after apply)
                }

              + gvnic {
                  + enabled = (known after apply)
                }

              + kubelet_config {
                  + cpu_cfs_quota        = (known after apply)
                  + cpu_cfs_quota_period = (known after apply)
                  + cpu_manager_policy   = (known after apply)
                }

              + linux_node_config {
                  + sysctls = (known after apply)
                }

              + sandbox_config {
                  + sandbox_type = (known after apply)
                }

              + shielded_instance_config {
                  + enable_integrity_monitoring = (known after apply)
                  + enable_secure_boot          = (known after apply)
                }

              + workload_metadata_config {
                  + mode = (known after apply)
                }
            }

          + placement_policy {
              + type = (known after apply)
            }

          + upgrade_settings {
              + max_surge       = (known after apply)
              + max_unavailable = (known after apply)
            }
        }

      + notification_config {
          + pubsub {
              + enabled = (known after apply)
              + topic   = (known after apply)
            }
        }

      + private_cluster_config {
          + enable_private_nodes   = true
          + master_ipv4_cidr_block = "10.40.0.0/28"
          + peering_name           = (known after apply)
          + private_endpoint       = (known after apply)
          + public_endpoint        = (known after apply)

          + master_global_access_config {
              + enabled = false
            }
        }

      + release_channel {
          + channel = "REGULAR"
        }

      + tpu_config {
          + enabled                = (known after apply)
          + ipv4_cidr_block        = (known after apply)
          + use_service_networking = (known after apply)
        }

      + vertical_pod_autoscaling {
          + enabled = (known after apply)
        }

      + workload_identity_config {
          + workload_pool = "compute-df9f.svc.id.goog"
        }
    }

  # module.gke.google_container_node_pool.primary_node_pool will be created
  + resource "google_container_node_pool" "primary_node_pool" {
      + cluster                     = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = (known after apply)
      + instance_group_urls         = (known after apply)
      + location                    = "asia-southeast2"
      + managed_instance_group_urls = (known after apply)
      + max_pods_per_node           = (known after apply)
      + name                        = "primary"
      + name_prefix                 = (known after apply)
      + node_count                  = 1
      + node_locations              = [
          + "asia-southeast2-a",
          + "asia-southeast2-b",
          + "asia-southeast2-c",
        ]
      + operation                   = (known after apply)
      + project                     = (known after apply)
      + version                     = "1.23.5-gke.1501"

      + autoscaling {
          + max_node_count = 1
          + min_node_count = 1
        }

      + management {
          + auto_repair  = true
          + auto_upgrade = true
        }

      + network_config {
          + create_pod_range    = (known after apply)
          + pod_ipv4_cidr_block = (known after apply)
          + pod_range           = (known after apply)
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = [
              + "https://www.googleapis.com/auth/cloud-platform",
            ]
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + upgrade_settings {
          + max_surge       = (known after apply)
          + max_unavailable = (known after apply)
        }
    }

  # module.gke.google_service_account.default will be created
  + resource "google_service_account" "default" {
      + account_id   = (known after apply)
      + disabled     = false
      + display_name = (known after apply)
      + email        = (known after apply)
      + id           = (known after apply)
      + name         = (known after apply)
      + project      = (known after apply)
      + unique_id    = (known after apply)
    }

  # module.gke.random_id.node_pool_tag will be created
  + resource "random_id" "node_pool_tag" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 9 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ca_certificate                                       = (sensitive value)
  + client_token                                         = (sensitive value)
  + cluster_name                                         = (known after apply)
  + cluster_project                                      = (known after apply)
  + gke_cluster_istio_gatekeeper_firewall_rule_self_link = (known after apply)
  + gke_cluster_primary_node_pool_tag                    = (known after apply)
  + kubernetes_endpoint                                  = (sensitive value)
  + service_account                                      = (known after apply)
╷
│ Warning: Argument is deprecated
│ 
│   with module.gke.google_container_cluster.primary,
│   on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":59:   enable_binary_authorization = true
│ 
│ Deprecated in favor of binary_authorization.
│ 
│ (and one more similar warning elsewhere)
╵

Pusher: @honestbank-bot, Action: pull_request, Working Directory: ``, Workflow: Terraform GitHub Actions

@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch from 3361e80 to 540fcdb Compare July 25, 2022 08:40
@github-actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖

Warning: Argument is deprecated

with module.gke.google_container_cluster.primary,
on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":
59: enable_binary_authorization = true

Deprecated in favor of binary_authorization.
Success! The configuration is valid, but there were some validation warnings
as shown above.

Terraform Plan 📖success

Show Plan 
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/honestbank/terraform-gcp-gke/runs/run-NHrCeaUv4Ro6XTSd

Waiting for the plan to start...

Terraform v1.1.5
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # random_id.run_id will be created
  + resource "random_id" "run_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

  # module.gke.data.google_compute_instance.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance" "primary_node_pool"  {
      + advanced_machine_features    = (known after apply)
      + allow_stopping_for_update    = (known after apply)
      + attached_disk                = (known after apply)
      + boot_disk                    = (known after apply)
      + can_ip_forward               = (known after apply)
      + confidential_instance_config = (known after apply)
      + cpu_platform                 = (known after apply)
      + current_status               = (known after apply)
      + deletion_protection          = (known after apply)
      + description                  = (known after apply)
      + desired_status               = (known after apply)
      + enable_display               = (known after apply)
      + guest_accelerator            = (known after apply)
      + hostname                     = (known after apply)
      + id                           = (known after apply)
      + instance_id                  = (known after apply)
      + label_fingerprint            = (known after apply)
      + labels                       = (known after apply)
      + machine_type                 = (known after apply)
      + metadata                     = (known after apply)
      + metadata_fingerprint         = (known after apply)
      + metadata_startup_script      = (known after apply)
      + min_cpu_platform             = (known after apply)
      + network_interface            = (known after apply)
      + reservation_affinity         = (known after apply)
      + resource_policies            = (known after apply)
      + scheduling                   = (known after apply)
      + scratch_disk                 = (known after apply)
      + self_link                    = (known after apply)
      + service_account              = (known after apply)
      + shielded_instance_config     = (known after apply)
      + tags                         = (known after apply)
      + tags_fingerprint             = (known after apply)
    }

  # module.gke.data.google_compute_instance_group.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance_group" "primary_node_pool"  {
      + description = (known after apply)
      + id          = (known after apply)
      + instances   = (known after apply)
      + named_port  = (known after apply)
      + network     = (known after apply)
      + project     = (known after apply)
      + self_link   = (known after apply)
      + size        = (known after apply)
      + zone        = (known after apply)
    }

  # module.gke.data.google_container_cluster.current_cluster will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "current_cluster"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + cluster_telemetry                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_l4_ilb_subsetting          = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + identity_service_config           = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + pod_security_policy_config        = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_config                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.data.google_container_cluster.primary will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "primary"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.google_compute_firewall.gke_private_cluster_istio_gatekeeper_rules will be created
  + resource "google_compute_firewall" "gke_private_cluster_istio_gatekeeper_rules" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "10.40.0.0/28",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "15017",
              + "8443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_firewall.gke_private_cluster_public_https_firewall_rule[0] will be created
  + resource "google_compute_firewall" "gke_private_cluster_public_https_firewall_rule" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "0.0.0.0/0",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_router.router[0] will be created
  + resource "google_compute_router" "router" {
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + project            = (known after apply)
      + region             = "asia-southeast2"
      + self_link          = (known after apply)
    }

  # module.gke.google_compute_router_nat.nat[0] will be created
  + resource "google_compute_router_nat" "nat" {
      + enable_dynamic_port_allocation      = (known after apply)
      + enable_endpoint_independent_mapping = true
      + icmp_idle_timeout_sec               = 30
      + id                                  = (known after apply)
      + name                                = (known after apply)
      + nat_ip_allocate_option              = "AUTO_ONLY"
      + project                             = (known after apply)
      + region                              = "asia-southeast2"
      + router                              = (known after apply)
      + source_subnetwork_ip_ranges_to_nat  = "ALL_SUBNETWORKS_ALL_IP_RANGES"
      + tcp_established_idle_timeout_sec    = 1200
      + tcp_transitory_idle_timeout_sec     = 30
      + udp_idle_timeout_sec                = 30

      + log_config {
          + enable = true
          + filter = "ERRORS_ONLY"
        }
    }

  # module.gke.google_container_cluster.primary will be created
  + resource "google_container_cluster" "primary" {
      + cluster_ipv4_cidr           = (known after apply)
      + datapath_provider           = (known after apply)
      + default_max_pods_per_node   = (known after apply)
      + enable_binary_authorization = true
      + enable_intranode_visibility = true
      + enable_kubernetes_alpha     = false
      + enable_l4_ilb_subsetting    = false
      + enable_legacy_abac          = false
      + enable_shielded_nodes       = true
      + enable_tpu                  = (known after apply)
      + endpoint                    = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = 1
      + label_fingerprint           = (known after apply)
      + location                    = "asia-southeast2"
      + logging_service             = (known after apply)
      + master_version              = (known after apply)
      + min_master_version          = "1.23.5-gke.1501"
      + monitoring_service          = (known after apply)
      + name                        = (known after apply)
      + network                     = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/global/networks/vpc"
      + networking_mode             = "VPC_NATIVE"
      + node_locations              = (known after apply)
      + node_version                = (known after apply)
      + operation                   = (known after apply)
      + private_ipv6_google_access  = (known after apply)
      + project                     = (known after apply)
      + remove_default_node_pool    = true
      + resource_labels             = {
          + "terraform" = "true"
        }
      + self_link                   = (known after apply)
      + services_ipv4_cidr          = (known after apply)
      + subnetwork                  = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/regions/asia-southeast2/subnetworks/honestcard-compute-primary-subnet"
      + tpu_ipv4_cidr_block         = (known after apply)

      + addons_config {
          + cloudrun_config {
              + disabled           = (known after apply)
              + load_balancer_type = (known after apply)
            }

          + config_connector_config {
              + enabled = (known after apply)
            }

          + dns_cache_config {
              + enabled = (known after apply)
            }

          + gce_persistent_disk_csi_driver_config {
              + enabled = (known after apply)
            }

          + gcp_filestore_csi_driver_config {
              + enabled = (known after apply)
            }

          + gke_backup_agent_config {
              + enabled = (known after apply)
            }

          + horizontal_pod_autoscaling {
              + disabled = false
            }

          + http_load_balancing {
              + disabled = false
            }

          + istio_config {
              + disabled = true
            }

          + kalm_config {
              + enabled = (known after apply)
            }

          + network_policy_config {
              + disabled = false
            }
        }

      + authenticator_groups_config {
          + security_group = "[email protected]"
        }

      + cluster_autoscaling {
          + autoscaling_profile = "BALANCED"
          + enabled             = false

          + auto_provisioning_defaults {
              + image_type       = (known after apply)
              + min_cpu_platform = (known after apply)
              + oauth_scopes     = (known after apply)
              + service_account  = (known after apply)
            }
        }

      + cluster_telemetry {
          + type = (known after apply)
        }

      + confidential_nodes {
          + enabled = (known after apply)
        }

      + database_encryption {
          + key_name = (known after apply)
          + state    = (known after apply)
        }

      + default_snat_status {
          + disabled = (known after apply)
        }

      + identity_service_config {
          + enabled = (known after apply)
        }

      + ip_allocation_policy {
          + cluster_ipv4_cidr_block       = (known after apply)
          + cluster_secondary_range_name  = "honestcard-compute-pods-subnet"
          + services_ipv4_cidr_block      = (known after apply)
          + services_secondary_range_name = "honestcard-compute-services-subnet"
        }

      + logging_config {
          + enable_components = (known after apply)
        }

      + master_auth {
          + client_certificate     = (known after apply)
          + client_key             = (sensitive value)
          + cluster_ca_certificate = (known after apply)

          + client_certificate_config {
              + issue_client_certificate = false
            }
        }

      + master_authorized_networks_config {
          + cidr_blocks {
              + cidr_block = "0.0.0.0/0"
            }
        }

      + monitoring_config {
          + enable_components = (known after apply)

          + managed_prometheus {
              + enabled = (known after apply)
            }
        }

      + network_policy {
          + enabled = true
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = (known after apply)
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + node_pool {
          + initial_node_count          = (known after apply)
          + instance_group_urls         = (known after apply)
          + managed_instance_group_urls = (known after apply)
          + max_pods_per_node           = (known after apply)
          + name                        = (known after apply)
          + name_prefix                 = (known after apply)
          + node_count                  = (known after apply)
          + node_locations              = (known after apply)
          + version                     = (known after apply)

          + autoscaling {
              + max_node_count = (known after apply)
              + min_node_count = (known after apply)
            }

          + management {
              + auto_repair  = (known after apply)
              + auto_upgrade = (known after apply)
            }

          + network_config {
              + create_pod_range    = (known after apply)
              + pod_ipv4_cidr_block = (known after apply)
              + pod_range           = (known after apply)
            }

          + node_config {
              + boot_disk_kms_key = (known after apply)
              + disk_size_gb      = (known after apply)
              + disk_type         = (known after apply)
              + guest_accelerator = (known after apply)
              + image_type        = (known after apply)
              + labels            = (known after apply)
              + local_ssd_count   = (known after apply)
              + machine_type      = (known after apply)
              + metadata          = (known after apply)
              + min_cpu_platform  = (known after apply)
              + node_group        = (known after apply)
              + oauth_scopes      = (known after apply)
              + preemptible       = (known after apply)
              + service_account   = (known after apply)
              + spot              = (known after apply)
              + tags              = (known after apply)
              + taint             = (known after apply)

              + ephemeral_storage_config {
                  + local_ssd_count = (known after apply)
                }

              + gcfs_config {
                  + enabled = (known after apply)
                }

              + gvnic {
                  + enabled = (known after apply)
                }

              + kubelet_config {
                  + cpu_cfs_quota        = (known after apply)
                  + cpu_cfs_quota_period = (known after apply)
                  + cpu_manager_policy   = (known after apply)
                }

              + linux_node_config {
                  + sysctls = (known after apply)
                }

              + sandbox_config {
                  + sandbox_type = (known after apply)
                }

              + shielded_instance_config {
                  + enable_integrity_monitoring = (known after apply)
                  + enable_secure_boot          = (known after apply)
                }

              + workload_metadata_config {
                  + mode = (known after apply)
                }
            }

          + placement_policy {
              + type = (known after apply)
            }

          + upgrade_settings {
              + max_surge       = (known after apply)
              + max_unavailable = (known after apply)
            }
        }

      + notification_config {
          + pubsub {
              + enabled = (known after apply)
              + topic   = (known after apply)
            }
        }

      + private_cluster_config {
          + enable_private_nodes   = true
          + master_ipv4_cidr_block = "10.40.0.0/28"
          + peering_name           = (known after apply)
          + private_endpoint       = (known after apply)
          + public_endpoint        = (known after apply)

          + master_global_access_config {
              + enabled = false
            }
        }

      + release_channel {
          + channel = "REGULAR"
        }

      + tpu_config {
          + enabled                = (known after apply)
          + ipv4_cidr_block        = (known after apply)
          + use_service_networking = (known after apply)
        }

      + vertical_pod_autoscaling {
          + enabled = (known after apply)
        }

      + workload_identity_config {
          + workload_pool = "compute-df9f.svc.id.goog"
        }
    }

  # module.gke.google_container_node_pool.primary_node_pool will be created
  + resource "google_container_node_pool" "primary_node_pool" {
      + cluster                     = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = (known after apply)
      + instance_group_urls         = (known after apply)
      + location                    = "asia-southeast2"
      + managed_instance_group_urls = (known after apply)
      + max_pods_per_node           = (known after apply)
      + name                        = "primary"
      + name_prefix                 = (known after apply)
      + node_count                  = 1
      + node_locations              = [
          + "asia-southeast2-a",
          + "asia-southeast2-b",
          + "asia-southeast2-c",
        ]
      + operation                   = (known after apply)
      + project                     = (known after apply)
      + version                     = "1.23.5-gke.1501"

      + autoscaling {
          + max_node_count = 1
          + min_node_count = 1
        }

      + management {
          + auto_repair  = true
          + auto_upgrade = true
        }

      + network_config {
          + create_pod_range    = (known after apply)
          + pod_ipv4_cidr_block = (known after apply)
          + pod_range           = (known after apply)
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = [
              + "https://www.googleapis.com/auth/cloud-platform",
            ]
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + upgrade_settings {
          + max_surge       = (known after apply)
          + max_unavailable = (known after apply)
        }
    }

  # module.gke.google_service_account.default will be created
  + resource "google_service_account" "default" {
      + account_id   = (known after apply)
      + disabled     = false
      + display_name = (known after apply)
      + email        = (known after apply)
      + id           = (known after apply)
      + name         = (known after apply)
      + project      = (known after apply)
      + unique_id    = (known after apply)
    }

  # module.gke.random_id.node_pool_tag will be created
  + resource "random_id" "node_pool_tag" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 9 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ca_certificate                                       = (sensitive value)
  + client_token                                         = (sensitive value)
  + cluster_name                                         = (known after apply)
  + cluster_project                                      = (known after apply)
  + gke_cluster_istio_gatekeeper_firewall_rule_self_link = (known after apply)
  + gke_cluster_primary_node_pool_tag                    = (known after apply)
  + kubernetes_endpoint                                  = (sensitive value)
  + service_account                                      = (known after apply)
╷
│ Warning: Argument is deprecated
│ 
│   with module.gke.google_container_cluster.primary,
│   on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":59:   enable_binary_authorization = true
│ 
│ Deprecated in favor of binary_authorization.
│ 
│ (and one more similar warning elsewhere)
╵

Pusher: @honestbank-bot, Action: pull_request, Working Directory: ``, Workflow: Terraform GitHub Actions

@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch from 540fcdb to f1c2b00 Compare July 28, 2022 08:48
@github-actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖

Warning: Argument is deprecated

with module.gke.google_container_cluster.primary,
on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":
59: enable_binary_authorization = true

Deprecated in favor of binary_authorization.
Success! The configuration is valid, but there were some validation warnings
as shown above.

Terraform Plan 📖success

Show Plan 
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/honestbank/terraform-gcp-gke/runs/run-D6jvnzzE6FPNa4wo

Waiting for the plan to start...

Terraform v1.1.5
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # random_id.run_id will be created
  + resource "random_id" "run_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

  # module.gke.data.google_compute_instance.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance" "primary_node_pool"  {
      + advanced_machine_features    = (known after apply)
      + allow_stopping_for_update    = (known after apply)
      + attached_disk                = (known after apply)
      + boot_disk                    = (known after apply)
      + can_ip_forward               = (known after apply)
      + confidential_instance_config = (known after apply)
      + cpu_platform                 = (known after apply)
      + current_status               = (known after apply)
      + deletion_protection          = (known after apply)
      + description                  = (known after apply)
      + desired_status               = (known after apply)
      + enable_display               = (known after apply)
      + guest_accelerator            = (known after apply)
      + hostname                     = (known after apply)
      + id                           = (known after apply)
      + instance_id                  = (known after apply)
      + label_fingerprint            = (known after apply)
      + labels                       = (known after apply)
      + machine_type                 = (known after apply)
      + metadata                     = (known after apply)
      + metadata_fingerprint         = (known after apply)
      + metadata_startup_script      = (known after apply)
      + min_cpu_platform             = (known after apply)
      + network_interface            = (known after apply)
      + reservation_affinity         = (known after apply)
      + resource_policies            = (known after apply)
      + scheduling                   = (known after apply)
      + scratch_disk                 = (known after apply)
      + self_link                    = (known after apply)
      + service_account              = (known after apply)
      + shielded_instance_config     = (known after apply)
      + tags                         = (known after apply)
      + tags_fingerprint             = (known after apply)
    }

  # module.gke.data.google_compute_instance_group.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance_group" "primary_node_pool"  {
      + description = (known after apply)
      + id          = (known after apply)
      + instances   = (known after apply)
      + named_port  = (known after apply)
      + network     = (known after apply)
      + project     = (known after apply)
      + self_link   = (known after apply)
      + size        = (known after apply)
      + zone        = (known after apply)
    }

  # module.gke.data.google_container_cluster.current_cluster will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "current_cluster"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + cluster_telemetry                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_l4_ilb_subsetting          = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + identity_service_config           = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + pod_security_policy_config        = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_config                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.data.google_container_cluster.primary will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "primary"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.google_compute_firewall.gke_private_cluster_istio_gatekeeper_rules will be created
  + resource "google_compute_firewall" "gke_private_cluster_istio_gatekeeper_rules" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "10.40.0.0/28",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "15017",
              + "8443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_firewall.gke_private_cluster_public_https_firewall_rule[0] will be created
  + resource "google_compute_firewall" "gke_private_cluster_public_https_firewall_rule" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "0.0.0.0/0",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_router.router[0] will be created
  + resource "google_compute_router" "router" {
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + project            = (known after apply)
      + region             = "asia-southeast2"
      + self_link          = (known after apply)
    }

  # module.gke.google_compute_router_nat.nat[0] will be created
  + resource "google_compute_router_nat" "nat" {
      + enable_dynamic_port_allocation      = (known after apply)
      + enable_endpoint_independent_mapping = true
      + icmp_idle_timeout_sec               = 30
      + id                                  = (known after apply)
      + name                                = (known after apply)
      + nat_ip_allocate_option              = "AUTO_ONLY"
      + project                             = (known after apply)
      + region                              = "asia-southeast2"
      + router                              = (known after apply)
      + source_subnetwork_ip_ranges_to_nat  = "ALL_SUBNETWORKS_ALL_IP_RANGES"
      + tcp_established_idle_timeout_sec    = 1200
      + tcp_transitory_idle_timeout_sec     = 30
      + udp_idle_timeout_sec                = 30

      + log_config {
          + enable = true
          + filter = "ERRORS_ONLY"
        }
    }

  # module.gke.google_container_cluster.primary will be created
  + resource "google_container_cluster" "primary" {
      + cluster_ipv4_cidr           = (known after apply)
      + datapath_provider           = (known after apply)
      + default_max_pods_per_node   = (known after apply)
      + enable_binary_authorization = true
      + enable_intranode_visibility = true
      + enable_kubernetes_alpha     = false
      + enable_l4_ilb_subsetting    = false
      + enable_legacy_abac          = false
      + enable_shielded_nodes       = true
      + enable_tpu                  = (known after apply)
      + endpoint                    = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = 1
      + label_fingerprint           = (known after apply)
      + location                    = "asia-southeast2"
      + logging_service             = (known after apply)
      + master_version              = (known after apply)
      + min_master_version          = "1.23.5-gke.1501"
      + monitoring_service          = (known after apply)
      + name                        = (known after apply)
      + network                     = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/global/networks/vpc"
      + networking_mode             = "VPC_NATIVE"
      + node_locations              = (known after apply)
      + node_version                = (known after apply)
      + operation                   = (known after apply)
      + private_ipv6_google_access  = (known after apply)
      + project                     = (known after apply)
      + remove_default_node_pool    = true
      + resource_labels             = {
          + "terraform" = "true"
        }
      + self_link                   = (known after apply)
      + services_ipv4_cidr          = (known after apply)
      + subnetwork                  = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/regions/asia-southeast2/subnetworks/honestcard-compute-primary-subnet"
      + tpu_ipv4_cidr_block         = (known after apply)

      + addons_config {
          + cloudrun_config {
              + disabled           = (known after apply)
              + load_balancer_type = (known after apply)
            }

          + config_connector_config {
              + enabled = (known after apply)
            }

          + dns_cache_config {
              + enabled = (known after apply)
            }

          + gce_persistent_disk_csi_driver_config {
              + enabled = (known after apply)
            }

          + gcp_filestore_csi_driver_config {
              + enabled = (known after apply)
            }

          + gke_backup_agent_config {
              + enabled = (known after apply)
            }

          + horizontal_pod_autoscaling {
              + disabled = false
            }

          + http_load_balancing {
              + disabled = false
            }

          + istio_config {
              + disabled = true
            }

          + kalm_config {
              + enabled = (known after apply)
            }

          + network_policy_config {
              + disabled = false
            }
        }

      + authenticator_groups_config {
          + security_group = "[email protected]"
        }

      + cluster_autoscaling {
          + autoscaling_profile = "BALANCED"
          + enabled             = false

          + auto_provisioning_defaults {
              + image_type       = (known after apply)
              + min_cpu_platform = (known after apply)
              + oauth_scopes     = (known after apply)
              + service_account  = (known after apply)
            }
        }

      + cluster_telemetry {
          + type = (known after apply)
        }

      + confidential_nodes {
          + enabled = (known after apply)
        }

      + database_encryption {
          + key_name = (known after apply)
          + state    = (known after apply)
        }

      + default_snat_status {
          + disabled = (known after apply)
        }

      + identity_service_config {
          + enabled = (known after apply)
        }

      + ip_allocation_policy {
          + cluster_ipv4_cidr_block       = (known after apply)
          + cluster_secondary_range_name  = "honestcard-compute-pods-subnet"
          + services_ipv4_cidr_block      = (known after apply)
          + services_secondary_range_name = "honestcard-compute-services-subnet"
        }

      + logging_config {
          + enable_components = (known after apply)
        }

      + master_auth {
          + client_certificate     = (known after apply)
          + client_key             = (sensitive value)
          + cluster_ca_certificate = (known after apply)

          + client_certificate_config {
              + issue_client_certificate = false
            }
        }

      + master_authorized_networks_config {
          + cidr_blocks {
              + cidr_block = "0.0.0.0/0"
            }
        }

      + monitoring_config {
          + enable_components = (known after apply)

          + managed_prometheus {
              + enabled = (known after apply)
            }
        }

      + network_policy {
          + enabled = true
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = (known after apply)
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + node_pool {
          + initial_node_count          = (known after apply)
          + instance_group_urls         = (known after apply)
          + managed_instance_group_urls = (known after apply)
          + max_pods_per_node           = (known after apply)
          + name                        = (known after apply)
          + name_prefix                 = (known after apply)
          + node_count                  = (known after apply)
          + node_locations              = (known after apply)
          + version                     = (known after apply)

          + autoscaling {
              + max_node_count = (known after apply)
              + min_node_count = (known after apply)
            }

          + management {
              + auto_repair  = (known after apply)
              + auto_upgrade = (known after apply)
            }

          + network_config {
              + create_pod_range    = (known after apply)
              + pod_ipv4_cidr_block = (known after apply)
              + pod_range           = (known after apply)
            }

          + node_config {
              + boot_disk_kms_key = (known after apply)
              + disk_size_gb      = (known after apply)
              + disk_type         = (known after apply)
              + guest_accelerator = (known after apply)
              + image_type        = (known after apply)
              + labels            = (known after apply)
              + local_ssd_count   = (known after apply)
              + machine_type      = (known after apply)
              + metadata          = (known after apply)
              + min_cpu_platform  = (known after apply)
              + node_group        = (known after apply)
              + oauth_scopes      = (known after apply)
              + preemptible       = (known after apply)
              + service_account   = (known after apply)
              + spot              = (known after apply)
              + tags              = (known after apply)
              + taint             = (known after apply)

              + ephemeral_storage_config {
                  + local_ssd_count = (known after apply)
                }

              + gcfs_config {
                  + enabled = (known after apply)
                }

              + gvnic {
                  + enabled = (known after apply)
                }

              + kubelet_config {
                  + cpu_cfs_quota        = (known after apply)
                  + cpu_cfs_quota_period = (known after apply)
                  + cpu_manager_policy   = (known after apply)
                }

              + linux_node_config {
                  + sysctls = (known after apply)
                }

              + sandbox_config {
                  + sandbox_type = (known after apply)
                }

              + shielded_instance_config {
                  + enable_integrity_monitoring = (known after apply)
                  + enable_secure_boot          = (known after apply)
                }

              + workload_metadata_config {
                  + mode = (known after apply)
                }
            }

          + placement_policy {
              + type = (known after apply)
            }

          + upgrade_settings {
              + max_surge       = (known after apply)
              + max_unavailable = (known after apply)
            }
        }

      + notification_config {
          + pubsub {
              + enabled = (known after apply)
              + topic   = (known after apply)
            }
        }

      + private_cluster_config {
          + enable_private_nodes   = true
          + master_ipv4_cidr_block = "10.40.0.0/28"
          + peering_name           = (known after apply)
          + private_endpoint       = (known after apply)
          + public_endpoint        = (known after apply)

          + master_global_access_config {
              + enabled = false
            }
        }

      + release_channel {
          + channel = "REGULAR"
        }

      + tpu_config {
          + enabled                = (known after apply)
          + ipv4_cidr_block        = (known after apply)
          + use_service_networking = (known after apply)
        }

      + vertical_pod_autoscaling {
          + enabled = (known after apply)
        }

      + workload_identity_config {
          + workload_pool = "compute-df9f.svc.id.goog"
        }
    }

  # module.gke.google_container_node_pool.primary_node_pool will be created
  + resource "google_container_node_pool" "primary_node_pool" {
      + cluster                     = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = (known after apply)
      + instance_group_urls         = (known after apply)
      + location                    = "asia-southeast2"
      + managed_instance_group_urls = (known after apply)
      + max_pods_per_node           = (known after apply)
      + name                        = "primary"
      + name_prefix                 = (known after apply)
      + node_count                  = 1
      + node_locations              = [
          + "asia-southeast2-a",
          + "asia-southeast2-b",
          + "asia-southeast2-c",
        ]
      + operation                   = (known after apply)
      + project                     = (known after apply)
      + version                     = "1.23.5-gke.1501"

      + autoscaling {
          + max_node_count = 1
          + min_node_count = 1
        }

      + management {
          + auto_repair  = true
          + auto_upgrade = true
        }

      + network_config {
          + create_pod_range    = (known after apply)
          + pod_ipv4_cidr_block = (known after apply)
          + pod_range           = (known after apply)
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = [
              + "https://www.googleapis.com/auth/cloud-platform",
            ]
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + upgrade_settings {
          + max_surge       = (known after apply)
          + max_unavailable = (known after apply)
        }
    }

  # module.gke.google_service_account.default will be created
  + resource "google_service_account" "default" {
      + account_id   = (known after apply)
      + disabled     = false
      + display_name = (known after apply)
      + email        = (known after apply)
      + id           = (known after apply)
      + name         = (known after apply)
      + project      = (known after apply)
      + unique_id    = (known after apply)
    }

  # module.gke.random_id.node_pool_tag will be created
  + resource "random_id" "node_pool_tag" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 9 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ca_certificate                                       = (sensitive value)
  + client_token                                         = (sensitive value)
  + cluster_name                                         = (known after apply)
  + cluster_project                                      = (known after apply)
  + gke_cluster_istio_gatekeeper_firewall_rule_self_link = (known after apply)
  + gke_cluster_primary_node_pool_tag                    = (known after apply)
  + kubernetes_endpoint                                  = (sensitive value)
  + service_account                                      = (known after apply)
╷
│ Warning: Argument is deprecated
│ 
│   with module.gke.google_container_cluster.primary,
│   on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":59:   enable_binary_authorization = true
│ 
│ Deprecated in favor of binary_authorization.
│ 
│ (and one more similar warning elsewhere)
╵

Pusher: @honestbank-bot, Action: pull_request, Working Directory: ``, Workflow: Terraform GitHub Actions

@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch from f1c2b00 to 861d605 Compare September 12, 2022 05:31
@github-actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖

Warning: Argument is deprecated

with module.gke.google_container_cluster.primary,
on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":
59: enable_binary_authorization = true

Deprecated in favor of binary_authorization.
Success! The configuration is valid, but there were some validation warnings
as shown above.

Terraform Plan 📖success

Show Plan 
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/honestbank/terraform-gcp-gke/runs/run-DaK8g1ZYxszUcbBL

Waiting for the plan to start...

Terraform v1.1.5
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # random_id.run_id will be created
  + resource "random_id" "run_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

  # module.gke.data.google_compute_instance.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance" "primary_node_pool"  {
      + advanced_machine_features    = (known after apply)
      + allow_stopping_for_update    = (known after apply)
      + attached_disk                = (known after apply)
      + boot_disk                    = (known after apply)
      + can_ip_forward               = (known after apply)
      + confidential_instance_config = (known after apply)
      + cpu_platform                 = (known after apply)
      + current_status               = (known after apply)
      + deletion_protection          = (known after apply)
      + description                  = (known after apply)
      + desired_status               = (known after apply)
      + enable_display               = (known after apply)
      + guest_accelerator            = (known after apply)
      + hostname                     = (known after apply)
      + id                           = (known after apply)
      + instance_id                  = (known after apply)
      + label_fingerprint            = (known after apply)
      + labels                       = (known after apply)
      + machine_type                 = (known after apply)
      + metadata                     = (known after apply)
      + metadata_fingerprint         = (known after apply)
      + metadata_startup_script      = (known after apply)
      + min_cpu_platform             = (known after apply)
      + network_interface            = (known after apply)
      + reservation_affinity         = (known after apply)
      + resource_policies            = (known after apply)
      + scheduling                   = (known after apply)
      + scratch_disk                 = (known after apply)
      + self_link                    = (known after apply)
      + service_account              = (known after apply)
      + shielded_instance_config     = (known after apply)
      + tags                         = (known after apply)
      + tags_fingerprint             = (known after apply)
    }

  # module.gke.data.google_compute_instance_group.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance_group" "primary_node_pool"  {
      + description = (known after apply)
      + id          = (known after apply)
      + instances   = (known after apply)
      + named_port  = (known after apply)
      + network     = (known after apply)
      + project     = (known after apply)
      + self_link   = (known after apply)
      + size        = (known after apply)
      + zone        = (known after apply)
    }

  # module.gke.data.google_container_cluster.current_cluster will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "current_cluster"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + cluster_telemetry                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + cost_management_config            = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_l4_ilb_subsetting          = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + identity_service_config           = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + mesh_certificates                 = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_pool_auto_config             = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + pod_security_policy_config        = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + service_external_ips_config       = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_config                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.data.google_container_cluster.primary will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "primary"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + mesh_certificates                 = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + service_external_ips_config       = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.google_compute_firewall.gke_private_cluster_istio_gatekeeper_rules will be created
  + resource "google_compute_firewall" "gke_private_cluster_istio_gatekeeper_rules" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "10.40.0.0/28",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "15017",
              + "8443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_firewall.gke_private_cluster_public_https_firewall_rule[0] will be created
  + resource "google_compute_firewall" "gke_private_cluster_public_https_firewall_rule" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "0.0.0.0/0",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_router.router[0] will be created
  + resource "google_compute_router" "router" {
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + project            = (known after apply)
      + region             = "asia-southeast2"
      + self_link          = (known after apply)
    }

  # module.gke.google_compute_router_nat.nat[0] will be created
  + resource "google_compute_router_nat" "nat" {
      + enable_dynamic_port_allocation      = (known after apply)
      + enable_endpoint_independent_mapping = true
      + icmp_idle_timeout_sec               = 30
      + id                                  = (known after apply)
      + name                                = (known after apply)
      + nat_ip_allocate_option              = "AUTO_ONLY"
      + project                             = (known after apply)
      + region                              = "asia-southeast2"
      + router                              = (known after apply)
      + source_subnetwork_ip_ranges_to_nat  = "ALL_SUBNETWORKS_ALL_IP_RANGES"
      + tcp_established_idle_timeout_sec    = 1200
      + tcp_transitory_idle_timeout_sec     = 30
      + udp_idle_timeout_sec                = 30

      + log_config {
          + enable = true
          + filter = "ERRORS_ONLY"
        }
    }

  # module.gke.google_container_cluster.primary will be created
  + resource "google_container_cluster" "primary" {
      + cluster_ipv4_cidr           = (known after apply)
      + datapath_provider           = (known after apply)
      + default_max_pods_per_node   = (known after apply)
      + enable_binary_authorization = true
      + enable_intranode_visibility = true
      + enable_kubernetes_alpha     = false
      + enable_l4_ilb_subsetting    = false
      + enable_legacy_abac          = false
      + enable_shielded_nodes       = true
      + enable_tpu                  = (known after apply)
      + endpoint                    = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = 1
      + label_fingerprint           = (known after apply)
      + location                    = "asia-southeast2"
      + logging_service             = (known after apply)
      + master_version              = (known after apply)
      + min_master_version          = "1.23.5-gke.1501"
      + monitoring_service          = (known after apply)
      + name                        = (known after apply)
      + network                     = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/global/networks/vpc"
      + networking_mode             = "VPC_NATIVE"
      + node_locations              = (known after apply)
      + node_version                = (known after apply)
      + operation                   = (known after apply)
      + private_ipv6_google_access  = (known after apply)
      + project                     = (known after apply)
      + remove_default_node_pool    = true
      + resource_labels             = {
          + "terraform" = "true"
        }
      + self_link                   = (known after apply)
      + services_ipv4_cidr          = (known after apply)
      + subnetwork                  = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/regions/asia-southeast2/subnetworks/honestcard-compute-primary-subnet"
      + tpu_ipv4_cidr_block         = (known after apply)

      + addons_config {
          + cloudrun_config {
              + disabled           = (known after apply)
              + load_balancer_type = (known after apply)
            }

          + config_connector_config {
              + enabled = (known after apply)
            }

          + dns_cache_config {
              + enabled = (known after apply)
            }

          + gce_persistent_disk_csi_driver_config {
              + enabled = (known after apply)
            }

          + gcp_filestore_csi_driver_config {
              + enabled = (known after apply)
            }

          + gke_backup_agent_config {
              + enabled = (known after apply)
            }

          + horizontal_pod_autoscaling {
              + disabled = false
            }

          + http_load_balancing {
              + disabled = false
            }

          + istio_config {
              + disabled = true
            }

          + kalm_config {
              + enabled = (known after apply)
            }

          + network_policy_config {
              + disabled = false
            }
        }

      + authenticator_groups_config {
          + security_group = "[email protected]"
        }

      + cluster_autoscaling {
          + autoscaling_profile = "BALANCED"
          + enabled             = false

          + auto_provisioning_defaults {
              + boot_disk_kms_key = (known after apply)
              + image_type        = (known after apply)
              + min_cpu_platform  = (known after apply)
              + oauth_scopes      = (known after apply)
              + service_account   = (known after apply)
            }
        }

      + cluster_telemetry {
          + type = (known after apply)
        }

      + confidential_nodes {
          + enabled = (known after apply)
        }

      + cost_management_config {
          + enabled = (known after apply)
        }

      + database_encryption {
          + key_name = (known after apply)
          + state    = (known after apply)
        }

      + default_snat_status {
          + disabled = (known after apply)
        }

      + identity_service_config {
          + enabled = (known after apply)
        }

      + ip_allocation_policy {
          + cluster_ipv4_cidr_block       = (known after apply)
          + cluster_secondary_range_name  = "honestcard-compute-pods-subnet"
          + services_ipv4_cidr_block      = (known after apply)
          + services_secondary_range_name = "honestcard-compute-services-subnet"
        }

      + logging_config {
          + enable_components = (known after apply)
        }

      + master_auth {
          + client_certificate     = (known after apply)
          + client_key             = (sensitive value)
          + cluster_ca_certificate = (known after apply)

          + client_certificate_config {
              + issue_client_certificate = false
            }
        }

      + master_authorized_networks_config {
          + cidr_blocks {
              + cidr_block = "0.0.0.0/0"
            }
        }

      + mesh_certificates {
          + enable_certificates = (known after apply)
        }

      + monitoring_config {
          + enable_components = (known after apply)

          + managed_prometheus {
              + enabled = (known after apply)
            }
        }

      + network_policy {
          + enabled = true
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = (known after apply)
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + node_pool {
          + initial_node_count          = (known after apply)
          + instance_group_urls         = (known after apply)
          + managed_instance_group_urls = (known after apply)
          + max_pods_per_node           = (known after apply)
          + name                        = (known after apply)
          + name_prefix                 = (known after apply)
          + node_count                  = (known after apply)
          + node_locations              = (known after apply)
          + version                     = (known after apply)

          + autoscaling {
              + max_node_count = (known after apply)
              + min_node_count = (known after apply)
            }

          + management {
              + auto_repair  = (known after apply)
              + auto_upgrade = (known after apply)
            }

          + network_config {
              + create_pod_range    = (known after apply)
              + pod_ipv4_cidr_block = (known after apply)
              + pod_range           = (known after apply)
            }

          + node_config {
              + boot_disk_kms_key = (known after apply)
              + disk_size_gb      = (known after apply)
              + disk_type         = (known after apply)
              + guest_accelerator = (known after apply)
              + image_type        = (known after apply)
              + labels            = (known after apply)
              + local_ssd_count   = (known after apply)
              + machine_type      = (known after apply)
              + metadata          = (known after apply)
              + min_cpu_platform  = (known after apply)
              + node_group        = (known after apply)
              + oauth_scopes      = (known after apply)
              + preemptible       = (known after apply)
              + service_account   = (known after apply)
              + spot              = (known after apply)
              + tags              = (known after apply)
              + taint             = (known after apply)

              + ephemeral_storage_config {
                  + local_ssd_count = (known after apply)
                }

              + gcfs_config {
                  + enabled = (known after apply)
                }

              + gvnic {
                  + enabled = (known after apply)
                }

              + kubelet_config {
                  + cpu_cfs_quota        = (known after apply)
                  + cpu_cfs_quota_period = (known after apply)
                  + cpu_manager_policy   = (known after apply)
                }

              + linux_node_config {
                  + sysctls = (known after apply)
                }

              + reservation_affinity {
                  + consume_reservation_type = (known after apply)
                  + key                      = (known after apply)
                  + values                   = (known after apply)
                }

              + sandbox_config {
                  + sandbox_type = (known after apply)
                }

              + shielded_instance_config {
                  + enable_integrity_monitoring = (known after apply)
                  + enable_secure_boot          = (known after apply)
                }

              + workload_metadata_config {
                  + mode = (known after apply)
                }
            }

          + placement_policy {
              + type = (known after apply)
            }

          + upgrade_settings {
              + max_surge       = (known after apply)
              + max_unavailable = (known after apply)
            }
        }

      + notification_config {
          + pubsub {
              + enabled = (known after apply)
              + topic   = (known after apply)
            }
        }

      + private_cluster_config {
          + enable_private_nodes   = true
          + master_ipv4_cidr_block = "10.40.0.0/28"
          + peering_name           = (known after apply)
          + private_endpoint       = (known after apply)
          + public_endpoint        = (known after apply)

          + master_global_access_config {
              + enabled = false
            }
        }

      + release_channel {
          + channel = "REGULAR"
        }

      + service_external_ips_config {
          + enabled = (known after apply)
        }

      + tpu_config {
          + enabled                = (known after apply)
          + ipv4_cidr_block        = (known after apply)
          + use_service_networking = (known after apply)
        }

      + vertical_pod_autoscaling {
          + enabled = (known after apply)
        }

      + workload_identity_config {
          + workload_pool = "compute-df9f.svc.id.goog"
        }
    }

  # module.gke.google_container_node_pool.primary_node_pool will be created
  + resource "google_container_node_pool" "primary_node_pool" {
      + cluster                     = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = (known after apply)
      + instance_group_urls         = (known after apply)
      + location                    = "asia-southeast2"
      + managed_instance_group_urls = (known after apply)
      + max_pods_per_node           = (known after apply)
      + name                        = "primary"
      + name_prefix                 = (known after apply)
      + node_count                  = 1
      + node_locations              = [
          + "asia-southeast2-a",
          + "asia-southeast2-b",
          + "asia-southeast2-c",
        ]
      + operation                   = (known after apply)
      + project                     = (known after apply)
      + version                     = "1.23.5-gke.1501"

      + autoscaling {
          + max_node_count = 1
          + min_node_count = 1
        }

      + management {
          + auto_repair  = true
          + auto_upgrade = true
        }

      + network_config {
          + create_pod_range    = (known after apply)
          + pod_ipv4_cidr_block = (known after apply)
          + pod_range           = (known after apply)
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = [
              + "https://www.googleapis.com/auth/cloud-platform",
            ]
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + upgrade_settings {
          + max_surge       = (known after apply)
          + max_unavailable = (known after apply)
        }
    }

  # module.gke.google_service_account.default will be created
  + resource "google_service_account" "default" {
      + account_id   = (known after apply)
      + disabled     = false
      + display_name = (known after apply)
      + email        = (known after apply)
      + id           = (known after apply)
      + name         = (known after apply)
      + project      = (known after apply)
      + unique_id    = (known after apply)
    }

  # module.gke.random_id.node_pool_tag will be created
  + resource "random_id" "node_pool_tag" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 9 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ca_certificate                                       = (sensitive value)
  + client_token                                         = (sensitive value)
  + cluster_name                                         = (known after apply)
  + cluster_project                                      = (known after apply)
  + gke_cluster_istio_gatekeeper_firewall_rule_self_link = (known after apply)
  + gke_cluster_primary_node_pool_tag                    = (known after apply)
  + kubernetes_endpoint                                  = (sensitive value)
  + service_account                                      = (known after apply)
╷
│ Warning: Argument is deprecated
│ 
│   with module.gke.google_container_cluster.primary,
│   on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":59:   enable_binary_authorization = true
│ 
│ Deprecated in favor of binary_authorization.
│ 
│ (and one more similar warning elsewhere)
╵

Pusher: @honestbank-bot, Action: pull_request, Working Directory: ``, Workflow: Terraform GitHub Actions

@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch from 861d605 to d99e081 Compare September 13, 2022 11:19
@github-actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖

Warning: Argument is deprecated

with module.gke.google_container_cluster.primary,
on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":
59: enable_binary_authorization = true

Deprecated in favor of binary_authorization.
Success! The configuration is valid, but there were some validation warnings
as shown above.

Terraform Plan 📖success

Show Plan 
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/honestbank/terraform-gcp-gke/runs/run-KG9dbYZpoDVX1Cda

Waiting for the plan to start...

Terraform v1.1.5
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # random_id.run_id will be created
  + resource "random_id" "run_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

  # module.gke.data.google_compute_instance.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance" "primary_node_pool"  {
      + advanced_machine_features    = (known after apply)
      + allow_stopping_for_update    = (known after apply)
      + attached_disk                = (known after apply)
      + boot_disk                    = (known after apply)
      + can_ip_forward               = (known after apply)
      + confidential_instance_config = (known after apply)
      + cpu_platform                 = (known after apply)
      + current_status               = (known after apply)
      + deletion_protection          = (known after apply)
      + description                  = (known after apply)
      + desired_status               = (known after apply)
      + enable_display               = (known after apply)
      + guest_accelerator            = (known after apply)
      + hostname                     = (known after apply)
      + id                           = (known after apply)
      + instance_id                  = (known after apply)
      + label_fingerprint            = (known after apply)
      + labels                       = (known after apply)
      + machine_type                 = (known after apply)
      + metadata                     = (known after apply)
      + metadata_fingerprint         = (known after apply)
      + metadata_startup_script      = (known after apply)
      + min_cpu_platform             = (known after apply)
      + network_interface            = (known after apply)
      + reservation_affinity         = (known after apply)
      + resource_policies            = (known after apply)
      + scheduling                   = (known after apply)
      + scratch_disk                 = (known after apply)
      + self_link                    = (known after apply)
      + service_account              = (known after apply)
      + shielded_instance_config     = (known after apply)
      + tags                         = (known after apply)
      + tags_fingerprint             = (known after apply)
    }

  # module.gke.data.google_compute_instance_group.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance_group" "primary_node_pool"  {
      + description = (known after apply)
      + id          = (known after apply)
      + instances   = (known after apply)
      + named_port  = (known after apply)
      + network     = (known after apply)
      + project     = (known after apply)
      + self_link   = (known after apply)
      + size        = (known after apply)
      + zone        = (known after apply)
    }

  # module.gke.data.google_container_cluster.current_cluster will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "current_cluster"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + cluster_telemetry                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + cost_management_config            = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_l4_ilb_subsetting          = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + identity_service_config           = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + mesh_certificates                 = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_pool_auto_config             = (known after apply)
      + node_pool_defaults                = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + pod_security_policy_config        = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + service_external_ips_config       = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_config                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.data.google_container_cluster.primary will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "primary"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + mesh_certificates                 = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + service_external_ips_config       = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.google_compute_firewall.gke_private_cluster_istio_gatekeeper_rules will be created
  + resource "google_compute_firewall" "gke_private_cluster_istio_gatekeeper_rules" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "10.40.0.0/28",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "15017",
              + "8443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_firewall.gke_private_cluster_public_https_firewall_rule[0] will be created
  + resource "google_compute_firewall" "gke_private_cluster_public_https_firewall_rule" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "0.0.0.0/0",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_router.router[0] will be created
  + resource "google_compute_router" "router" {
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + project            = (known after apply)
      + region             = "asia-southeast2"
      + self_link          = (known after apply)
    }

  # module.gke.google_compute_router_nat.nat[0] will be created
  + resource "google_compute_router_nat" "nat" {
      + enable_dynamic_port_allocation      = (known after apply)
      + enable_endpoint_independent_mapping = true
      + icmp_idle_timeout_sec               = 30
      + id                                  = (known after apply)
      + name                                = (known after apply)
      + nat_ip_allocate_option              = "AUTO_ONLY"
      + project                             = (known after apply)
      + region                              = "asia-southeast2"
      + router                              = (known after apply)
      + source_subnetwork_ip_ranges_to_nat  = "ALL_SUBNETWORKS_ALL_IP_RANGES"
      + tcp_established_idle_timeout_sec    = 1200
      + tcp_transitory_idle_timeout_sec     = 30
      + udp_idle_timeout_sec                = 30

      + log_config {
          + enable = true
          + filter = "ERRORS_ONLY"
        }
    }

  # module.gke.google_container_cluster.primary will be created
  + resource "google_container_cluster" "primary" {
      + cluster_ipv4_cidr           = (known after apply)
      + datapath_provider           = (known after apply)
      + default_max_pods_per_node   = (known after apply)
      + enable_binary_authorization = true
      + enable_intranode_visibility = true
      + enable_kubernetes_alpha     = false
      + enable_l4_ilb_subsetting    = false
      + enable_legacy_abac          = false
      + enable_shielded_nodes       = true
      + enable_tpu                  = (known after apply)
      + endpoint                    = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = 1
      + label_fingerprint           = (known after apply)
      + location                    = "asia-southeast2"
      + logging_service             = (known after apply)
      + master_version              = (known after apply)
      + min_master_version          = "1.23.5-gke.1501"
      + monitoring_service          = (known after apply)
      + name                        = (known after apply)
      + network                     = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/global/networks/vpc"
      + networking_mode             = "VPC_NATIVE"
      + node_locations              = (known after apply)
      + node_version                = (known after apply)
      + operation                   = (known after apply)
      + private_ipv6_google_access  = (known after apply)
      + project                     = (known after apply)
      + remove_default_node_pool    = true
      + resource_labels             = {
          + "terraform" = "true"
        }
      + self_link                   = (known after apply)
      + services_ipv4_cidr          = (known after apply)
      + subnetwork                  = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/regions/asia-southeast2/subnetworks/honestcard-compute-primary-subnet"
      + tpu_ipv4_cidr_block         = (known after apply)

      + addons_config {
          + cloudrun_config {
              + disabled           = (known after apply)
              + load_balancer_type = (known after apply)
            }

          + config_connector_config {
              + enabled = (known after apply)
            }

          + dns_cache_config {
              + enabled = (known after apply)
            }

          + gce_persistent_disk_csi_driver_config {
              + enabled = (known after apply)
            }

          + gcp_filestore_csi_driver_config {
              + enabled = (known after apply)
            }

          + gke_backup_agent_config {
              + enabled = (known after apply)
            }

          + horizontal_pod_autoscaling {
              + disabled = false
            }

          + http_load_balancing {
              + disabled = false
            }

          + istio_config {
              + disabled = true
            }

          + kalm_config {
              + enabled = (known after apply)
            }

          + network_policy_config {
              + disabled = false
            }
        }

      + authenticator_groups_config {
          + security_group = "[email protected]"
        }

      + cluster_autoscaling {
          + autoscaling_profile = "BALANCED"
          + enabled             = false

          + auto_provisioning_defaults {
              + boot_disk_kms_key = (known after apply)
              + image_type        = (known after apply)
              + min_cpu_platform  = (known after apply)
              + oauth_scopes      = (known after apply)
              + service_account   = (known after apply)
            }
        }

      + cluster_telemetry {
          + type = (known after apply)
        }

      + confidential_nodes {
          + enabled = (known after apply)
        }

      + cost_management_config {
          + enabled = (known after apply)
        }

      + database_encryption {
          + key_name = (known after apply)
          + state    = (known after apply)
        }

      + default_snat_status {
          + disabled = (known after apply)
        }

      + identity_service_config {
          + enabled = (known after apply)
        }

      + ip_allocation_policy {
          + cluster_ipv4_cidr_block       = (known after apply)
          + cluster_secondary_range_name  = "honestcard-compute-pods-subnet"
          + services_ipv4_cidr_block      = (known after apply)
          + services_secondary_range_name = "honestcard-compute-services-subnet"
        }

      + logging_config {
          + enable_components = (known after apply)
        }

      + master_auth {
          + client_certificate     = (known after apply)
          + client_key             = (sensitive value)
          + cluster_ca_certificate = (known after apply)

          + client_certificate_config {
              + issue_client_certificate = false
            }
        }

      + master_authorized_networks_config {
          + cidr_blocks {
              + cidr_block = "0.0.0.0/0"
            }
        }

      + mesh_certificates {
          + enable_certificates = (known after apply)
        }

      + monitoring_config {
          + enable_components = (known after apply)

          + managed_prometheus {
              + enabled = (known after apply)
            }
        }

      + network_policy {
          + enabled = true
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = (known after apply)
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + node_pool {
          + initial_node_count          = (known after apply)
          + instance_group_urls         = (known after apply)
          + managed_instance_group_urls = (known after apply)
          + max_pods_per_node           = (known after apply)
          + name                        = (known after apply)
          + name_prefix                 = (known after apply)
          + node_count                  = (known after apply)
          + node_locations              = (known after apply)
          + version                     = (known after apply)

          + autoscaling {
              + location_policy      = (known after apply)
              + max_node_count       = (known after apply)
              + min_node_count       = (known after apply)
              + total_max_node_count = (known after apply)
              + total_min_node_count = (known after apply)
            }

          + management {
              + auto_repair  = (known after apply)
              + auto_upgrade = (known after apply)
            }

          + network_config {
              + create_pod_range    = (known after apply)
              + pod_ipv4_cidr_block = (known after apply)
              + pod_range           = (known after apply)
            }

          + node_config {
              + boot_disk_kms_key = (known after apply)
              + disk_size_gb      = (known after apply)
              + disk_type         = (known after apply)
              + guest_accelerator = (known after apply)
              + image_type        = (known after apply)
              + labels            = (known after apply)
              + local_ssd_count   = (known after apply)
              + machine_type      = (known after apply)
              + metadata          = (known after apply)
              + min_cpu_platform  = (known after apply)
              + node_group        = (known after apply)
              + oauth_scopes      = (known after apply)
              + preemptible       = (known after apply)
              + service_account   = (known after apply)
              + spot              = (known after apply)
              + tags              = (known after apply)
              + taint             = (known after apply)

              + ephemeral_storage_config {
                  + local_ssd_count = (known after apply)
                }

              + gcfs_config {
                  + enabled = (known after apply)
                }

              + gvnic {
                  + enabled = (known after apply)
                }

              + kubelet_config {
                  + cpu_cfs_quota        = (known after apply)
                  + cpu_cfs_quota_period = (known after apply)
                  + cpu_manager_policy   = (known after apply)
                }

              + linux_node_config {
                  + sysctls = (known after apply)
                }

              + reservation_affinity {
                  + consume_reservation_type = (known after apply)
                  + key                      = (known after apply)
                  + values                   = (known after apply)
                }

              + sandbox_config {
                  + sandbox_type = (known after apply)
                }

              + shielded_instance_config {
                  + enable_integrity_monitoring = (known after apply)
                  + enable_secure_boot          = (known after apply)
                }

              + workload_metadata_config {
                  + mode = (known after apply)
                }
            }

          + placement_policy {
              + type = (known after apply)
            }

          + upgrade_settings {
              + max_surge       = (known after apply)
              + max_unavailable = (known after apply)
            }
        }

      + notification_config {
          + pubsub {
              + enabled = (known after apply)
              + topic   = (known after apply)
            }
        }

      + private_cluster_config {
          + enable_private_nodes   = true
          + master_ipv4_cidr_block = "10.40.0.0/28"
          + peering_name           = (known after apply)
          + private_endpoint       = (known after apply)
          + public_endpoint        = (known after apply)

          + master_global_access_config {
              + enabled = false
            }
        }

      + release_channel {
          + channel = "REGULAR"
        }

      + service_external_ips_config {
          + enabled = (known after apply)
        }

      + tpu_config {
          + enabled                = (known after apply)
          + ipv4_cidr_block        = (known after apply)
          + use_service_networking = (known after apply)
        }

      + vertical_pod_autoscaling {
          + enabled = (known after apply)
        }

      + workload_identity_config {
          + workload_pool = "compute-df9f.svc.id.goog"
        }
    }

  # module.gke.google_container_node_pool.primary_node_pool will be created
  + resource "google_container_node_pool" "primary_node_pool" {
      + cluster                     = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = (known after apply)
      + instance_group_urls         = (known after apply)
      + location                    = "asia-southeast2"
      + managed_instance_group_urls = (known after apply)
      + max_pods_per_node           = (known after apply)
      + name                        = "primary"
      + name_prefix                 = (known after apply)
      + node_count                  = 1
      + node_locations              = [
          + "asia-southeast2-a",
          + "asia-southeast2-b",
          + "asia-southeast2-c",
        ]
      + operation                   = (known after apply)
      + project                     = (known after apply)
      + version                     = "1.23.5-gke.1501"

      + autoscaling {
          + max_node_count = 1
          + min_node_count = 1
        }

      + management {
          + auto_repair  = true
          + auto_upgrade = true
        }

      + network_config {
          + create_pod_range    = (known after apply)
          + pod_ipv4_cidr_block = (known after apply)
          + pod_range           = (known after apply)
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = [
              + "https://www.googleapis.com/auth/cloud-platform",
            ]
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + upgrade_settings {
          + max_surge       = (known after apply)
          + max_unavailable = (known after apply)
        }
    }

  # module.gke.google_service_account.default will be created
  + resource "google_service_account" "default" {
      + account_id   = (known after apply)
      + disabled     = false
      + display_name = (known after apply)
      + email        = (known after apply)
      + id           = (known after apply)
      + name         = (known after apply)
      + project      = (known after apply)
      + unique_id    = (known after apply)
    }

  # module.gke.random_id.node_pool_tag will be created
  + resource "random_id" "node_pool_tag" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 9 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ca_certificate                                       = (sensitive value)
  + client_token                                         = (sensitive value)
  + cluster_name                                         = (known after apply)
  + cluster_project                                      = (known after apply)
  + gke_cluster_istio_gatekeeper_firewall_rule_self_link = (known after apply)
  + gke_cluster_primary_node_pool_tag                    = (known after apply)
  + kubernetes_endpoint                                  = (sensitive value)
  + service_account                                      = (known after apply)
╷
│ Warning: Argument is deprecated
│ 
│   with module.gke.google_container_cluster.primary,
│   on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":59:   enable_binary_authorization = true
│ 
│ Deprecated in favor of binary_authorization.
│ 
│ (and one more similar warning elsewhere)
╵

Pusher: @honestbank-bot, Action: pull_request, Working Directory: ``, Workflow: Terraform GitHub Actions

@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch from d99e081 to a148906 Compare September 22, 2022 09:42
@github-actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖

Warning: Argument is deprecated

with module.gke.google_container_cluster.primary,
on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":
59: enable_binary_authorization = true

Deprecated in favor of binary_authorization.
Success! The configuration is valid, but there were some validation warnings
as shown above.

Terraform Plan 📖success

Show Plan 
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/honestbank/terraform-gcp-gke/runs/run-zvW9oDMirNLQhAFU

Waiting for the plan to start...

Terraform v1.1.5
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # random_id.run_id will be created
  + resource "random_id" "run_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

  # module.gke.data.google_compute_instance.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance" "primary_node_pool"  {
      + advanced_machine_features    = (known after apply)
      + allow_stopping_for_update    = (known after apply)
      + attached_disk                = (known after apply)
      + boot_disk                    = (known after apply)
      + can_ip_forward               = (known after apply)
      + confidential_instance_config = (known after apply)
      + cpu_platform                 = (known after apply)
      + current_status               = (known after apply)
      + deletion_protection          = (known after apply)
      + description                  = (known after apply)
      + desired_status               = (known after apply)
      + enable_display               = (known after apply)
      + guest_accelerator            = (known after apply)
      + hostname                     = (known after apply)
      + id                           = (known after apply)
      + instance_id                  = (known after apply)
      + label_fingerprint            = (known after apply)
      + labels                       = (known after apply)
      + machine_type                 = (known after apply)
      + metadata                     = (known after apply)
      + metadata_fingerprint         = (known after apply)
      + metadata_startup_script      = (known after apply)
      + min_cpu_platform             = (known after apply)
      + network_interface            = (known after apply)
      + reservation_affinity         = (known after apply)
      + resource_policies            = (known after apply)
      + scheduling                   = (known after apply)
      + scratch_disk                 = (known after apply)
      + self_link                    = (known after apply)
      + service_account              = (known after apply)
      + shielded_instance_config     = (known after apply)
      + tags                         = (known after apply)
      + tags_fingerprint             = (known after apply)
    }

  # module.gke.data.google_compute_instance_group.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance_group" "primary_node_pool"  {
      + description = (known after apply)
      + id          = (known after apply)
      + instances   = (known after apply)
      + named_port  = (known after apply)
      + network     = (known after apply)
      + project     = (known after apply)
      + self_link   = (known after apply)
      + size        = (known after apply)
      + zone        = (known after apply)
    }

  # module.gke.data.google_container_cluster.current_cluster will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "current_cluster"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + cluster_telemetry                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + cost_management_config            = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_l4_ilb_subsetting          = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + identity_service_config           = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + mesh_certificates                 = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_pool_auto_config             = (known after apply)
      + node_pool_defaults                = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + pod_security_policy_config        = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + service_external_ips_config       = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_config                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.data.google_container_cluster.primary will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "primary"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + mesh_certificates                 = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + service_external_ips_config       = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.google_compute_firewall.gke_private_cluster_istio_gatekeeper_rules will be created
  + resource "google_compute_firewall" "gke_private_cluster_istio_gatekeeper_rules" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "10.40.0.0/28",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "15017",
              + "8443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_firewall.gke_private_cluster_public_https_firewall_rule[0] will be created
  + resource "google_compute_firewall" "gke_private_cluster_public_https_firewall_rule" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "0.0.0.0/0",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_router.router[0] will be created
  + resource "google_compute_router" "router" {
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + project            = (known after apply)
      + region             = "asia-southeast2"
      + self_link          = (known after apply)
    }

  # module.gke.google_compute_router_nat.nat[0] will be created
  + resource "google_compute_router_nat" "nat" {
      + enable_dynamic_port_allocation      = (known after apply)
      + enable_endpoint_independent_mapping = true
      + icmp_idle_timeout_sec               = 30
      + id                                  = (known after apply)
      + name                                = (known after apply)
      + nat_ip_allocate_option              = "AUTO_ONLY"
      + project                             = (known after apply)
      + region                              = "asia-southeast2"
      + router                              = (known after apply)
      + source_subnetwork_ip_ranges_to_nat  = "ALL_SUBNETWORKS_ALL_IP_RANGES"
      + tcp_established_idle_timeout_sec    = 1200
      + tcp_transitory_idle_timeout_sec     = 30
      + udp_idle_timeout_sec                = 30

      + log_config {
          + enable = true
          + filter = "ERRORS_ONLY"
        }
    }

  # module.gke.google_container_cluster.primary will be created
  + resource "google_container_cluster" "primary" {
      + cluster_ipv4_cidr           = (known after apply)
      + datapath_provider           = (known after apply)
      + default_max_pods_per_node   = (known after apply)
      + enable_binary_authorization = true
      + enable_intranode_visibility = true
      + enable_kubernetes_alpha     = false
      + enable_l4_ilb_subsetting    = false
      + enable_legacy_abac          = false
      + enable_shielded_nodes       = true
      + enable_tpu                  = (known after apply)
      + endpoint                    = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = 1
      + label_fingerprint           = (known after apply)
      + location                    = "asia-southeast2"
      + logging_service             = (known after apply)
      + master_version              = (known after apply)
      + min_master_version          = "1.23.5-gke.1501"
      + monitoring_service          = (known after apply)
      + name                        = (known after apply)
      + network                     = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/global/networks/vpc"
      + networking_mode             = "VPC_NATIVE"
      + node_locations              = (known after apply)
      + node_version                = (known after apply)
      + operation                   = (known after apply)
      + private_ipv6_google_access  = (known after apply)
      + project                     = (known after apply)
      + remove_default_node_pool    = true
      + resource_labels             = {
          + "terraform" = "true"
        }
      + self_link                   = (known after apply)
      + services_ipv4_cidr          = (known after apply)
      + subnetwork                  = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/regions/asia-southeast2/subnetworks/honestcard-compute-primary-subnet"
      + tpu_ipv4_cidr_block         = (known after apply)

      + addons_config {
          + cloudrun_config {
              + disabled           = (known after apply)
              + load_balancer_type = (known after apply)
            }

          + config_connector_config {
              + enabled = (known after apply)
            }

          + dns_cache_config {
              + enabled = (known after apply)
            }

          + gce_persistent_disk_csi_driver_config {
              + enabled = (known after apply)
            }

          + gcp_filestore_csi_driver_config {
              + enabled = (known after apply)
            }

          + gke_backup_agent_config {
              + enabled = (known after apply)
            }

          + horizontal_pod_autoscaling {
              + disabled = false
            }

          + http_load_balancing {
              + disabled = false
            }

          + istio_config {
              + disabled = true
            }

          + kalm_config {
              + enabled = (known after apply)
            }

          + network_policy_config {
              + disabled = false
            }
        }

      + authenticator_groups_config {
          + security_group = "[email protected]"
        }

      + cluster_autoscaling {
          + autoscaling_profile = "BALANCED"
          + enabled             = false

          + auto_provisioning_defaults {
              + boot_disk_kms_key = (known after apply)
              + image_type        = (known after apply)
              + min_cpu_platform  = (known after apply)
              + oauth_scopes      = (known after apply)
              + service_account   = (known after apply)
            }
        }

      + cluster_telemetry {
          + type = (known after apply)
        }

      + confidential_nodes {
          + enabled = (known after apply)
        }

      + cost_management_config {
          + enabled = (known after apply)
        }

      + database_encryption {
          + key_name = (known after apply)
          + state    = (known after apply)
        }

      + default_snat_status {
          + disabled = (known after apply)
        }

      + identity_service_config {
          + enabled = (known after apply)
        }

      + ip_allocation_policy {
          + cluster_ipv4_cidr_block       = (known after apply)
          + cluster_secondary_range_name  = "honestcard-compute-pods-subnet"
          + services_ipv4_cidr_block      = (known after apply)
          + services_secondary_range_name = "honestcard-compute-services-subnet"
        }

      + logging_config {
          + enable_components = (known after apply)
        }

      + master_auth {
          + client_certificate     = (known after apply)
          + client_key             = (sensitive value)
          + cluster_ca_certificate = (known after apply)

          + client_certificate_config {
              + issue_client_certificate = false
            }
        }

      + master_authorized_networks_config {
          + cidr_blocks {
              + cidr_block = "0.0.0.0/0"
            }
        }

      + mesh_certificates {
          + enable_certificates = (known after apply)
        }

      + monitoring_config {
          + enable_components = (known after apply)

          + managed_prometheus {
              + enabled = (known after apply)
            }
        }

      + network_policy {
          + enabled = true
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = (known after apply)
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + node_pool {
          + initial_node_count          = (known after apply)
          + instance_group_urls         = (known after apply)
          + managed_instance_group_urls = (known after apply)
          + max_pods_per_node           = (known after apply)
          + name                        = (known after apply)
          + name_prefix                 = (known after apply)
          + node_count                  = (known after apply)
          + node_locations              = (known after apply)
          + version                     = (known after apply)

          + autoscaling {
              + location_policy      = (known after apply)
              + max_node_count       = (known after apply)
              + min_node_count       = (known after apply)
              + total_max_node_count = (known after apply)
              + total_min_node_count = (known after apply)
            }

          + management {
              + auto_repair  = (known after apply)
              + auto_upgrade = (known after apply)
            }

          + network_config {
              + create_pod_range    = (known after apply)
              + pod_ipv4_cidr_block = (known after apply)
              + pod_range           = (known after apply)
            }

          + node_config {
              + boot_disk_kms_key = (known after apply)
              + disk_size_gb      = (known after apply)
              + disk_type         = (known after apply)
              + guest_accelerator = (known after apply)
              + image_type        = (known after apply)
              + labels            = (known after apply)
              + local_ssd_count   = (known after apply)
              + machine_type      = (known after apply)
              + metadata          = (known after apply)
              + min_cpu_platform  = (known after apply)
              + node_group        = (known after apply)
              + oauth_scopes      = (known after apply)
              + preemptible       = (known after apply)
              + service_account   = (known after apply)
              + spot              = (known after apply)
              + tags              = (known after apply)
              + taint             = (known after apply)

              + ephemeral_storage_config {
                  + local_ssd_count = (known after apply)
                }

              + gcfs_config {
                  + enabled = (known after apply)
                }

              + gvnic {
                  + enabled = (known after apply)
                }

              + kubelet_config {
                  + cpu_cfs_quota        = (known after apply)
                  + cpu_cfs_quota_period = (known after apply)
                  + cpu_manager_policy   = (known after apply)
                }

              + linux_node_config {
                  + sysctls = (known after apply)
                }

              + reservation_affinity {
                  + consume_reservation_type = (known after apply)
                  + key                      = (known after apply)
                  + values                   = (known after apply)
                }

              + sandbox_config {
                  + sandbox_type = (known after apply)
                }

              + shielded_instance_config {
                  + enable_integrity_monitoring = (known after apply)
                  + enable_secure_boot          = (known after apply)
                }

              + workload_metadata_config {
                  + mode = (known after apply)
                }
            }

          + placement_policy {
              + type = (known after apply)
            }

          + upgrade_settings {
              + max_surge       = (known after apply)
              + max_unavailable = (known after apply)
            }
        }

      + notification_config {
          + pubsub {
              + enabled = (known after apply)
              + topic   = (known after apply)
            }
        }

      + private_cluster_config {
          + enable_private_nodes   = true
          + master_ipv4_cidr_block = "10.40.0.0/28"
          + peering_name           = (known after apply)
          + private_endpoint       = (known after apply)
          + public_endpoint        = (known after apply)

          + master_global_access_config {
              + enabled = false
            }
        }

      + release_channel {
          + channel = "REGULAR"
        }

      + service_external_ips_config {
          + enabled = (known after apply)
        }

      + tpu_config {
          + enabled                = (known after apply)
          + ipv4_cidr_block        = (known after apply)
          + use_service_networking = (known after apply)
        }

      + vertical_pod_autoscaling {
          + enabled = (known after apply)
        }

      + workload_identity_config {
          + workload_pool = "compute-df9f.svc.id.goog"
        }
    }

  # module.gke.google_container_node_pool.primary_node_pool will be created
  + resource "google_container_node_pool" "primary_node_pool" {
      + cluster                     = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = (known after apply)
      + instance_group_urls         = (known after apply)
      + location                    = "asia-southeast2"
      + managed_instance_group_urls = (known after apply)
      + max_pods_per_node           = (known after apply)
      + name                        = "primary"
      + name_prefix                 = (known after apply)
      + node_count                  = 1
      + node_locations              = [
          + "asia-southeast2-a",
          + "asia-southeast2-b",
          + "asia-southeast2-c",
        ]
      + operation                   = (known after apply)
      + project                     = (known after apply)
      + version                     = "1.23.5-gke.1501"

      + autoscaling {
          + max_node_count = 1
          + min_node_count = 1
        }

      + management {
          + auto_repair  = true
          + auto_upgrade = true
        }

      + network_config {
          + create_pod_range    = (known after apply)
          + pod_ipv4_cidr_block = (known after apply)
          + pod_range           = (known after apply)
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = [
              + "https://www.googleapis.com/auth/cloud-platform",
            ]
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + upgrade_settings {
          + max_surge       = (known after apply)
          + max_unavailable = (known after apply)
        }
    }

  # module.gke.google_service_account.default will be created
  + resource "google_service_account" "default" {
      + account_id   = (known after apply)
      + disabled     = false
      + display_name = (known after apply)
      + email        = (known after apply)
      + id           = (known after apply)
      + name         = (known after apply)
      + project      = (known after apply)
      + unique_id    = (known after apply)
    }

  # module.gke.random_id.node_pool_tag will be created
  + resource "random_id" "node_pool_tag" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 9 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ca_certificate                                       = (sensitive value)
  + client_token                                         = (sensitive value)
  + cluster_name                                         = (known after apply)
  + cluster_project                                      = (known after apply)
  + gke_cluster_istio_gatekeeper_firewall_rule_self_link = (known after apply)
  + gke_cluster_primary_node_pool_tag                    = (known after apply)
  + kubernetes_endpoint                                  = (sensitive value)
  + service_account                                      = (known after apply)
╷
│ Warning: Argument is deprecated
│ 
│   with module.gke.google_container_cluster.primary,
│   on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":59:   enable_binary_authorization = true
│ 
│ Deprecated in favor of binary_authorization.
│ 
│ (and one more similar warning elsewhere)
╵

Pusher: @honestbank-bot, Action: pull_request, Working Directory: ``, Workflow: Terraform GitHub Actions

@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch 2 times, most recently from b7c2047 to a9d82d9 Compare September 22, 2022 10:09
@github-actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖

Warning: Argument is deprecated

with module.gke.google_container_cluster.primary,
on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":
59: enable_binary_authorization = true

Deprecated in favor of binary_authorization.
Success! The configuration is valid, but there were some validation warnings
as shown above.

Terraform Plan 📖success

Show Plan 
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/honestbank/terraform-gcp-gke/runs/run-YygZychtjof6PNhr

Waiting for the plan to start...

Terraform v1.1.5
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # random_id.run_id will be created
  + resource "random_id" "run_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

  # module.gke.data.google_compute_instance.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance" "primary_node_pool"  {
      + advanced_machine_features    = (known after apply)
      + allow_stopping_for_update    = (known after apply)
      + attached_disk                = (known after apply)
      + boot_disk                    = (known after apply)
      + can_ip_forward               = (known after apply)
      + confidential_instance_config = (known after apply)
      + cpu_platform                 = (known after apply)
      + current_status               = (known after apply)
      + deletion_protection          = (known after apply)
      + description                  = (known after apply)
      + desired_status               = (known after apply)
      + enable_display               = (known after apply)
      + guest_accelerator            = (known after apply)
      + hostname                     = (known after apply)
      + id                           = (known after apply)
      + instance_id                  = (known after apply)
      + label_fingerprint            = (known after apply)
      + labels                       = (known after apply)
      + machine_type                 = (known after apply)
      + metadata                     = (known after apply)
      + metadata_fingerprint         = (known after apply)
      + metadata_startup_script      = (known after apply)
      + min_cpu_platform             = (known after apply)
      + network_interface            = (known after apply)
      + reservation_affinity         = (known after apply)
      + resource_policies            = (known after apply)
      + scheduling                   = (known after apply)
      + scratch_disk                 = (known after apply)
      + self_link                    = (known after apply)
      + service_account              = (known after apply)
      + shielded_instance_config     = (known after apply)
      + tags                         = (known after apply)
      + tags_fingerprint             = (known after apply)
    }

  # module.gke.data.google_compute_instance_group.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance_group" "primary_node_pool"  {
      + description = (known after apply)
      + id          = (known after apply)
      + instances   = (known after apply)
      + named_port  = (known after apply)
      + network     = (known after apply)
      + project     = (known after apply)
      + self_link   = (known after apply)
      + size        = (known after apply)
      + zone        = (known after apply)
    }

  # module.gke.data.google_container_cluster.current_cluster will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "current_cluster"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + cluster_telemetry                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + cost_management_config            = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_l4_ilb_subsetting          = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + identity_service_config           = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + mesh_certificates                 = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_pool_auto_config             = (known after apply)
      + node_pool_defaults                = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + pod_security_policy_config        = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + service_external_ips_config       = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_config                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.data.google_container_cluster.primary will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "primary"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + mesh_certificates                 = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + service_external_ips_config       = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.google_compute_firewall.gke_private_cluster_istio_gatekeeper_rules will be created
  + resource "google_compute_firewall" "gke_private_cluster_istio_gatekeeper_rules" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "10.40.0.0/28",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "15017",
              + "8443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_firewall.gke_private_cluster_public_https_firewall_rule[0] will be created
  + resource "google_compute_firewall" "gke_private_cluster_public_https_firewall_rule" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "0.0.0.0/0",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_router.router[0] will be created
  + resource "google_compute_router" "router" {
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + project            = (known after apply)
      + region             = "asia-southeast2"
      + self_link          = (known after apply)
    }

  # module.gke.google_compute_router_nat.nat[0] will be created
  + resource "google_compute_router_nat" "nat" {
      + enable_dynamic_port_allocation      = (known after apply)
      + enable_endpoint_independent_mapping = true
      + icmp_idle_timeout_sec               = 30
      + id                                  = (known after apply)
      + name                                = (known after apply)
      + nat_ip_allocate_option              = "AUTO_ONLY"
      + project                             = (known after apply)
      + region                              = "asia-southeast2"
      + router                              = (known after apply)
      + source_subnetwork_ip_ranges_to_nat  = "ALL_SUBNETWORKS_ALL_IP_RANGES"
      + tcp_established_idle_timeout_sec    = 1200
      + tcp_transitory_idle_timeout_sec     = 30
      + udp_idle_timeout_sec                = 30

      + log_config {
          + enable = true
          + filter = "ERRORS_ONLY"
        }
    }

  # module.gke.google_container_cluster.primary will be created
  + resource "google_container_cluster" "primary" {
      + cluster_ipv4_cidr           = (known after apply)
      + datapath_provider           = (known after apply)
      + default_max_pods_per_node   = (known after apply)
      + enable_binary_authorization = true
      + enable_intranode_visibility = true
      + enable_kubernetes_alpha     = false
      + enable_l4_ilb_subsetting    = false
      + enable_legacy_abac          = false
      + enable_shielded_nodes       = true
      + enable_tpu                  = (known after apply)
      + endpoint                    = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = 1
      + label_fingerprint           = (known after apply)
      + location                    = "asia-southeast2"
      + logging_service             = (known after apply)
      + master_version              = (known after apply)
      + min_master_version          = "1.23.5-gke.1501"
      + monitoring_service          = (known after apply)
      + name                        = (known after apply)
      + network                     = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/global/networks/vpc"
      + networking_mode             = "VPC_NATIVE"
      + node_locations              = (known after apply)
      + node_version                = (known after apply)
      + operation                   = (known after apply)
      + private_ipv6_google_access  = (known after apply)
      + project                     = (known after apply)
      + remove_default_node_pool    = true
      + resource_labels             = {
          + "terraform" = "true"
        }
      + self_link                   = (known after apply)
      + services_ipv4_cidr          = (known after apply)
      + subnetwork                  = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/regions/asia-southeast2/subnetworks/honestcard-compute-primary-subnet"
      + tpu_ipv4_cidr_block         = (known after apply)

      + addons_config {
          + cloudrun_config {
              + disabled           = (known after apply)
              + load_balancer_type = (known after apply)
            }

          + config_connector_config {
              + enabled = (known after apply)
            }

          + dns_cache_config {
              + enabled = (known after apply)
            }

          + gce_persistent_disk_csi_driver_config {
              + enabled = (known after apply)
            }

          + gcp_filestore_csi_driver_config {
              + enabled = (known after apply)
            }

          + gke_backup_agent_config {
              + enabled = (known after apply)
            }

          + horizontal_pod_autoscaling {
              + disabled = false
            }

          + http_load_balancing {
              + disabled = false
            }

          + istio_config {
              + disabled = true
            }

          + kalm_config {
              + enabled = (known after apply)
            }

          + network_policy_config {
              + disabled = false
            }
        }

      + authenticator_groups_config {
          + security_group = "[email protected]"
        }

      + cluster_autoscaling {
          + autoscaling_profile = "BALANCED"
          + enabled             = false

          + auto_provisioning_defaults {
              + boot_disk_kms_key = (known after apply)
              + image_type        = (known after apply)
              + min_cpu_platform  = (known after apply)
              + oauth_scopes      = (known after apply)
              + service_account   = (known after apply)
            }
        }

      + cluster_telemetry {
          + type = (known after apply)
        }

      + confidential_nodes {
          + enabled = (known after apply)
        }

      + cost_management_config {
          + enabled = (known after apply)
        }

      + database_encryption {
          + key_name = (known after apply)
          + state    = (known after apply)
        }

      + default_snat_status {
          + disabled = (known after apply)
        }

      + identity_service_config {
          + enabled = (known after apply)
        }

      + ip_allocation_policy {
          + cluster_ipv4_cidr_block       = (known after apply)
          + cluster_secondary_range_name  = "honestcard-compute-pods-subnet"
          + services_ipv4_cidr_block      = (known after apply)
          + services_secondary_range_name = "honestcard-compute-services-subnet"
        }

      + logging_config {
          + enable_components = (known after apply)
        }

      + master_auth {
          + client_certificate     = (known after apply)
          + client_key             = (sensitive value)
          + cluster_ca_certificate = (known after apply)

          + client_certificate_config {
              + issue_client_certificate = false
            }
        }

      + master_authorized_networks_config {
          + cidr_blocks {
              + cidr_block = "0.0.0.0/0"
            }
        }

      + mesh_certificates {
          + enable_certificates = (known after apply)
        }

      + monitoring_config {
          + enable_components = (known after apply)

          + managed_prometheus {
              + enabled = (known after apply)
            }
        }

      + network_policy {
          + enabled = true
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = (known after apply)
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + node_pool {
          + initial_node_count          = (known after apply)
          + instance_group_urls         = (known after apply)
          + managed_instance_group_urls = (known after apply)
          + max_pods_per_node           = (known after apply)
          + name                        = (known after apply)
          + name_prefix                 = (known after apply)
          + node_count                  = (known after apply)
          + node_locations              = (known after apply)
          + version                     = (known after apply)

          + autoscaling {
              + location_policy      = (known after apply)
              + max_node_count       = (known after apply)
              + min_node_count       = (known after apply)
              + total_max_node_count = (known after apply)
              + total_min_node_count = (known after apply)
            }

          + management {
              + auto_repair  = (known after apply)
              + auto_upgrade = (known after apply)
            }

          + network_config {
              + create_pod_range    = (known after apply)
              + pod_ipv4_cidr_block = (known after apply)
              + pod_range           = (known after apply)
            }

          + node_config {
              + boot_disk_kms_key = (known after apply)
              + disk_size_gb      = (known after apply)
              + disk_type         = (known after apply)
              + guest_accelerator = (known after apply)
              + image_type        = (known after apply)
              + labels            = (known after apply)
              + local_ssd_count   = (known after apply)
              + machine_type      = (known after apply)
              + metadata          = (known after apply)
              + min_cpu_platform  = (known after apply)
              + node_group        = (known after apply)
              + oauth_scopes      = (known after apply)
              + preemptible       = (known after apply)
              + service_account   = (known after apply)
              + spot              = (known after apply)
              + tags              = (known after apply)
              + taint             = (known after apply)

              + ephemeral_storage_config {
                  + local_ssd_count = (known after apply)
                }

              + gcfs_config {
                  + enabled = (known after apply)
                }

              + gvnic {
                  + enabled = (known after apply)
                }

              + kubelet_config {
                  + cpu_cfs_quota        = (known after apply)
                  + cpu_cfs_quota_period = (known after apply)
                  + cpu_manager_policy   = (known after apply)
                }

              + linux_node_config {
                  + sysctls = (known after apply)
                }

              + reservation_affinity {
                  + consume_reservation_type = (known after apply)
                  + key                      = (known after apply)
                  + values                   = (known after apply)
                }

              + sandbox_config {
                  + sandbox_type = (known after apply)
                }

              + shielded_instance_config {
                  + enable_integrity_monitoring = (known after apply)
                  + enable_secure_boot          = (known after apply)
                }

              + workload_metadata_config {
                  + mode = (known after apply)
                }
            }

          + placement_policy {
              + type = (known after apply)
            }

          + upgrade_settings {
              + max_surge       = (known after apply)
              + max_unavailable = (known after apply)
            }
        }

      + notification_config {
          + pubsub {
              + enabled = (known after apply)
              + topic   = (known after apply)
            }
        }

      + private_cluster_config {
          + enable_private_nodes   = true
          + master_ipv4_cidr_block = "10.40.0.0/28"
          + peering_name           = (known after apply)
          + private_endpoint       = (known after apply)
          + public_endpoint        = (known after apply)

          + master_global_access_config {
              + enabled = false
            }
        }

      + release_channel {
          + channel = "REGULAR"
        }

      + service_external_ips_config {
          + enabled = (known after apply)
        }

      + tpu_config {
          + enabled                = (known after apply)
          + ipv4_cidr_block        = (known after apply)
          + use_service_networking = (known after apply)
        }

      + vertical_pod_autoscaling {
          + enabled = (known after apply)
        }

      + workload_identity_config {
          + workload_pool = "compute-df9f.svc.id.goog"
        }
    }

  # module.gke.google_container_node_pool.primary_node_pool will be created
  + resource "google_container_node_pool" "primary_node_pool" {
      + cluster                     = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = (known after apply)
      + instance_group_urls         = (known after apply)
      + location                    = "asia-southeast2"
      + managed_instance_group_urls = (known after apply)
      + max_pods_per_node           = (known after apply)
      + name                        = "primary"
      + name_prefix                 = (known after apply)
      + node_count                  = 1
      + node_locations              = [
          + "asia-southeast2-a",
          + "asia-southeast2-b",
          + "asia-southeast2-c",
        ]
      + operation                   = (known after apply)
      + project                     = (known after apply)
      + version                     = "1.23.5-gke.1501"

      + autoscaling {
          + max_node_count = 1
          + min_node_count = 1
        }

      + management {
          + auto_repair  = true
          + auto_upgrade = true
        }

      + network_config {
          + create_pod_range    = (known after apply)
          + pod_ipv4_cidr_block = (known after apply)
          + pod_range           = (known after apply)
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = [
              + "https://www.googleapis.com/auth/cloud-platform",
            ]
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + upgrade_settings {
          + max_surge       = (known after apply)
          + max_unavailable = (known after apply)
        }
    }

  # module.gke.google_service_account.default will be created
  + resource "google_service_account" "default" {
      + account_id   = (known after apply)
      + disabled     = false
      + display_name = (known after apply)
      + email        = (known after apply)
      + id           = (known after apply)
      + name         = (known after apply)
      + project      = (known after apply)
      + unique_id    = (known after apply)
    }

  # module.gke.random_id.node_pool_tag will be created
  + resource "random_id" "node_pool_tag" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 9 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ca_certificate                                       = (sensitive value)
  + client_token                                         = (sensitive value)
  + cluster_name                                         = (known after apply)
  + cluster_project                                      = (known after apply)
  + gke_cluster_istio_gatekeeper_firewall_rule_self_link = (known after apply)
  + gke_cluster_primary_node_pool_tag                    = (known after apply)
  + kubernetes_endpoint                                  = (sensitive value)
  + service_account                                      = (known after apply)
╷
│ Warning: Argument is deprecated
│ 
│   with module.gke.google_container_cluster.primary,
│   on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":59:   enable_binary_authorization = true
│ 
│ Deprecated in favor of binary_authorization.
│ 
│ (and one more similar warning elsewhere)
╵

Pusher: @honestbank-bot, Action: pull_request, Working Directory: ``, Workflow: Terraform GitHub Actions

@github-actions
Copy link

Terraform Format and Style 🖌success

Terraform Initialization ⚙️success

Terraform Validation 🤖

Warning: Argument is deprecated

with module.gke.google_container_cluster.primary,
on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":
59: enable_binary_authorization = true

Deprecated in favor of binary_authorization.
Success! The configuration is valid, but there were some validation warnings
as shown above.

Terraform Plan 📖success

Show Plan 
Running plan in the remote backend. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

Preparing the remote plan...

To view this run in a browser, visit:
https://app.terraform.io/app/honestbank/terraform-gcp-gke/runs/run-oPXvJyLQpRQ27Rfx

Waiting for the plan to start...

Terraform v1.1.5
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # random_id.run_id will be created
  + resource "random_id" "run_id" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

  # module.gke.data.google_compute_instance.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance" "primary_node_pool"  {
      + advanced_machine_features    = (known after apply)
      + allow_stopping_for_update    = (known after apply)
      + attached_disk                = (known after apply)
      + boot_disk                    = (known after apply)
      + can_ip_forward               = (known after apply)
      + confidential_instance_config = (known after apply)
      + cpu_platform                 = (known after apply)
      + current_status               = (known after apply)
      + deletion_protection          = (known after apply)
      + description                  = (known after apply)
      + desired_status               = (known after apply)
      + enable_display               = (known after apply)
      + guest_accelerator            = (known after apply)
      + hostname                     = (known after apply)
      + id                           = (known after apply)
      + instance_id                  = (known after apply)
      + label_fingerprint            = (known after apply)
      + labels                       = (known after apply)
      + machine_type                 = (known after apply)
      + metadata                     = (known after apply)
      + metadata_fingerprint         = (known after apply)
      + metadata_startup_script      = (known after apply)
      + min_cpu_platform             = (known after apply)
      + network_interface            = (known after apply)
      + reservation_affinity         = (known after apply)
      + resource_policies            = (known after apply)
      + scheduling                   = (known after apply)
      + scratch_disk                 = (known after apply)
      + self_link                    = (known after apply)
      + service_account              = (known after apply)
      + shielded_instance_config     = (known after apply)
      + tags                         = (known after apply)
      + tags_fingerprint             = (known after apply)
    }

  # module.gke.data.google_compute_instance_group.primary_node_pool will be read during apply
  # (config refers to values not yet known)
 <= data "google_compute_instance_group" "primary_node_pool"  {
      + description = (known after apply)
      + id          = (known after apply)
      + instances   = (known after apply)
      + named_port  = (known after apply)
      + network     = (known after apply)
      + project     = (known after apply)
      + self_link   = (known after apply)
      + size        = (known after apply)
      + zone        = (known after apply)
    }

  # module.gke.data.google_container_cluster.current_cluster will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "current_cluster"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + cluster_telemetry                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + cost_management_config            = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_l4_ilb_subsetting          = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + identity_service_config           = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + mesh_certificates                 = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_pool_auto_config             = (known after apply)
      + node_pool_defaults                = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + pod_security_policy_config        = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + service_external_ips_config       = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_config                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.data.google_container_cluster.primary will be read during apply
  # (config refers to values not yet known)
 <= data "google_container_cluster" "primary"  {
      + addons_config                     = (known after apply)
      + authenticator_groups_config       = (known after apply)
      + binary_authorization              = (known after apply)
      + cluster_autoscaling               = (known after apply)
      + cluster_ipv4_cidr                 = (known after apply)
      + confidential_nodes                = (known after apply)
      + database_encryption               = (known after apply)
      + datapath_provider                 = (known after apply)
      + default_max_pods_per_node         = (known after apply)
      + default_snat_status               = (known after apply)
      + description                       = (known after apply)
      + dns_config                        = (known after apply)
      + enable_autopilot                  = (known after apply)
      + enable_binary_authorization       = (known after apply)
      + enable_intranode_visibility       = (known after apply)
      + enable_kubernetes_alpha           = (known after apply)
      + enable_legacy_abac                = (known after apply)
      + enable_shielded_nodes             = (known after apply)
      + enable_tpu                        = (known after apply)
      + endpoint                          = (known after apply)
      + id                                = (known after apply)
      + initial_node_count                = (known after apply)
      + ip_allocation_policy              = (known after apply)
      + label_fingerprint                 = (known after apply)
      + location                          = "asia-southeast2"
      + logging_config                    = (known after apply)
      + logging_service                   = (known after apply)
      + maintenance_policy                = (known after apply)
      + master_auth                       = (known after apply)
      + master_authorized_networks_config = (known after apply)
      + master_version                    = (known after apply)
      + mesh_certificates                 = (known after apply)
      + min_master_version                = (known after apply)
      + monitoring_config                 = (known after apply)
      + monitoring_service                = (known after apply)
      + name                              = (known after apply)
      + network                           = (known after apply)
      + network_policy                    = (known after apply)
      + networking_mode                   = (known after apply)
      + node_config                       = (known after apply)
      + node_locations                    = (known after apply)
      + node_pool                         = (known after apply)
      + node_version                      = (known after apply)
      + notification_config               = (known after apply)
      + operation                         = (known after apply)
      + private_cluster_config            = (known after apply)
      + private_ipv6_google_access        = (known after apply)
      + release_channel                   = (known after apply)
      + remove_default_node_pool          = (known after apply)
      + resource_labels                   = (known after apply)
      + resource_usage_export_config      = (known after apply)
      + self_link                         = (known after apply)
      + service_external_ips_config       = (known after apply)
      + services_ipv4_cidr                = (known after apply)
      + subnetwork                        = (known after apply)
      + tpu_ipv4_cidr_block               = (known after apply)
      + vertical_pod_autoscaling          = (known after apply)
      + workload_identity_config          = (known after apply)
    }

  # module.gke.google_compute_firewall.gke_private_cluster_istio_gatekeeper_rules will be created
  + resource "google_compute_firewall" "gke_private_cluster_istio_gatekeeper_rules" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "10.40.0.0/28",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "15017",
              + "8443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_firewall.gke_private_cluster_public_https_firewall_rule[0] will be created
  + resource "google_compute_firewall" "gke_private_cluster_public_https_firewall_rule" {
      + creation_timestamp = (known after apply)
      + destination_ranges = (known after apply)
      + direction          = (known after apply)
      + enable_logging     = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + priority           = 1000
      + project            = (known after apply)
      + self_link          = (known after apply)
      + source_ranges      = [
          + "0.0.0.0/0",
        ]
      + target_tags        = (known after apply)

      + allow {
          + ports    = [
              + "443",
            ]
          + protocol = "tcp"
        }
    }

  # module.gke.google_compute_router.router[0] will be created
  + resource "google_compute_router" "router" {
      + creation_timestamp = (known after apply)
      + id                 = (known after apply)
      + name               = (known after apply)
      + network            = "projects/test-terraform-project-01/global/networks/vpc"
      + project            = (known after apply)
      + region             = "asia-southeast2"
      + self_link          = (known after apply)
    }

  # module.gke.google_compute_router_nat.nat[0] will be created
  + resource "google_compute_router_nat" "nat" {
      + enable_dynamic_port_allocation      = (known after apply)
      + enable_endpoint_independent_mapping = true
      + icmp_idle_timeout_sec               = 30
      + id                                  = (known after apply)
      + name                                = (known after apply)
      + nat_ip_allocate_option              = "AUTO_ONLY"
      + project                             = (known after apply)
      + region                              = "asia-southeast2"
      + router                              = (known after apply)
      + source_subnetwork_ip_ranges_to_nat  = "ALL_SUBNETWORKS_ALL_IP_RANGES"
      + tcp_established_idle_timeout_sec    = 1200
      + tcp_transitory_idle_timeout_sec     = 30
      + udp_idle_timeout_sec                = 30

      + log_config {
          + enable = true
          + filter = "ERRORS_ONLY"
        }
    }

  # module.gke.google_container_cluster.primary will be created
  + resource "google_container_cluster" "primary" {
      + cluster_ipv4_cidr           = (known after apply)
      + datapath_provider           = (known after apply)
      + default_max_pods_per_node   = (known after apply)
      + enable_binary_authorization = true
      + enable_intranode_visibility = true
      + enable_kubernetes_alpha     = false
      + enable_l4_ilb_subsetting    = false
      + enable_legacy_abac          = false
      + enable_shielded_nodes       = true
      + enable_tpu                  = (known after apply)
      + endpoint                    = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = 1
      + label_fingerprint           = (known after apply)
      + location                    = "asia-southeast2"
      + logging_service             = (known after apply)
      + master_version              = (known after apply)
      + min_master_version          = "1.23.5-gke.1501"
      + monitoring_service          = (known after apply)
      + name                        = (known after apply)
      + network                     = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/global/networks/vpc"
      + networking_mode             = "VPC_NATIVE"
      + node_locations              = (known after apply)
      + node_version                = (known after apply)
      + operation                   = (known after apply)
      + private_ipv6_google_access  = (known after apply)
      + project                     = (known after apply)
      + remove_default_node_pool    = true
      + resource_labels             = {
          + "terraform" = "true"
        }
      + self_link                   = (known after apply)
      + services_ipv4_cidr          = (known after apply)
      + subnetwork                  = "https://www.googleapis.com/compute/v1/projects/test-terraform-project-01/regions/asia-southeast2/subnetworks/honestcard-compute-primary-subnet"
      + tpu_ipv4_cidr_block         = (known after apply)

      + addons_config {
          + cloudrun_config {
              + disabled           = (known after apply)
              + load_balancer_type = (known after apply)
            }

          + config_connector_config {
              + enabled = (known after apply)
            }

          + dns_cache_config {
              + enabled = (known after apply)
            }

          + gce_persistent_disk_csi_driver_config {
              + enabled = (known after apply)
            }

          + gcp_filestore_csi_driver_config {
              + enabled = (known after apply)
            }

          + gke_backup_agent_config {
              + enabled = (known after apply)
            }

          + horizontal_pod_autoscaling {
              + disabled = false
            }

          + http_load_balancing {
              + disabled = false
            }

          + istio_config {
              + disabled = true
            }

          + kalm_config {
              + enabled = (known after apply)
            }

          + network_policy_config {
              + disabled = false
            }
        }

      + authenticator_groups_config {
          + security_group = "[email protected]"
        }

      + cluster_autoscaling {
          + autoscaling_profile = "BALANCED"
          + enabled             = false

          + auto_provisioning_defaults {
              + boot_disk_kms_key = (known after apply)
              + image_type        = (known after apply)
              + min_cpu_platform  = (known after apply)
              + oauth_scopes      = (known after apply)
              + service_account   = (known after apply)
            }
        }

      + cluster_telemetry {
          + type = (known after apply)
        }

      + confidential_nodes {
          + enabled = (known after apply)
        }

      + cost_management_config {
          + enabled = (known after apply)
        }

      + database_encryption {
          + key_name = (known after apply)
          + state    = (known after apply)
        }

      + default_snat_status {
          + disabled = (known after apply)
        }

      + identity_service_config {
          + enabled = (known after apply)
        }

      + ip_allocation_policy {
          + cluster_ipv4_cidr_block       = (known after apply)
          + cluster_secondary_range_name  = "honestcard-compute-pods-subnet"
          + services_ipv4_cidr_block      = (known after apply)
          + services_secondary_range_name = "honestcard-compute-services-subnet"
        }

      + logging_config {
          + enable_components = (known after apply)
        }

      + master_auth {
          + client_certificate     = (known after apply)
          + client_key             = (sensitive value)
          + cluster_ca_certificate = (known after apply)

          + client_certificate_config {
              + issue_client_certificate = false
            }
        }

      + master_authorized_networks_config {
          + cidr_blocks {
              + cidr_block = "0.0.0.0/0"
            }
        }

      + mesh_certificates {
          + enable_certificates = (known after apply)
        }

      + monitoring_config {
          + enable_components = (known after apply)

          + managed_prometheus {
              + enabled = (known after apply)
            }
        }

      + network_policy {
          + enabled = true
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = (known after apply)
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + node_pool {
          + initial_node_count          = (known after apply)
          + instance_group_urls         = (known after apply)
          + managed_instance_group_urls = (known after apply)
          + max_pods_per_node           = (known after apply)
          + name                        = (known after apply)
          + name_prefix                 = (known after apply)
          + node_count                  = (known after apply)
          + node_locations              = (known after apply)
          + version                     = (known after apply)

          + autoscaling {
              + location_policy      = (known after apply)
              + max_node_count       = (known after apply)
              + min_node_count       = (known after apply)
              + total_max_node_count = (known after apply)
              + total_min_node_count = (known after apply)
            }

          + management {
              + auto_repair  = (known after apply)
              + auto_upgrade = (known after apply)
            }

          + network_config {
              + create_pod_range    = (known after apply)
              + pod_ipv4_cidr_block = (known after apply)
              + pod_range           = (known after apply)
            }

          + node_config {
              + boot_disk_kms_key = (known after apply)
              + disk_size_gb      = (known after apply)
              + disk_type         = (known after apply)
              + guest_accelerator = (known after apply)
              + image_type        = (known after apply)
              + labels            = (known after apply)
              + local_ssd_count   = (known after apply)
              + machine_type      = (known after apply)
              + metadata          = (known after apply)
              + min_cpu_platform  = (known after apply)
              + node_group        = (known after apply)
              + oauth_scopes      = (known after apply)
              + preemptible       = (known after apply)
              + service_account   = (known after apply)
              + spot              = (known after apply)
              + tags              = (known after apply)
              + taint             = (known after apply)

              + ephemeral_storage_config {
                  + local_ssd_count = (known after apply)
                }

              + gcfs_config {
                  + enabled = (known after apply)
                }

              + gvnic {
                  + enabled = (known after apply)
                }

              + kubelet_config {
                  + cpu_cfs_quota        = (known after apply)
                  + cpu_cfs_quota_period = (known after apply)
                  + cpu_manager_policy   = (known after apply)
                }

              + linux_node_config {
                  + sysctls = (known after apply)
                }

              + reservation_affinity {
                  + consume_reservation_type = (known after apply)
                  + key                      = (known after apply)
                  + values                   = (known after apply)
                }

              + sandbox_config {
                  + sandbox_type = (known after apply)
                }

              + shielded_instance_config {
                  + enable_integrity_monitoring = (known after apply)
                  + enable_secure_boot          = (known after apply)
                }

              + workload_metadata_config {
                  + mode = (known after apply)
                }
            }

          + placement_policy {
              + type = (known after apply)
            }

          + upgrade_settings {
              + max_surge       = (known after apply)
              + max_unavailable = (known after apply)
            }
        }

      + notification_config {
          + pubsub {
              + enabled = (known after apply)
              + topic   = (known after apply)
            }
        }

      + private_cluster_config {
          + enable_private_nodes   = true
          + master_ipv4_cidr_block = "10.40.0.0/28"
          + peering_name           = (known after apply)
          + private_endpoint       = (known after apply)
          + public_endpoint        = (known after apply)

          + master_global_access_config {
              + enabled = false
            }
        }

      + release_channel {
          + channel = "REGULAR"
        }

      + service_external_ips_config {
          + enabled = (known after apply)
        }

      + tpu_config {
          + enabled                = (known after apply)
          + ipv4_cidr_block        = (known after apply)
          + use_service_networking = (known after apply)
        }

      + vertical_pod_autoscaling {
          + enabled = (known after apply)
        }

      + workload_identity_config {
          + workload_pool = "compute-df9f.svc.id.goog"
        }
    }

  # module.gke.google_container_node_pool.primary_node_pool will be created
  + resource "google_container_node_pool" "primary_node_pool" {
      + cluster                     = (known after apply)
      + id                          = (known after apply)
      + initial_node_count          = (known after apply)
      + instance_group_urls         = (known after apply)
      + location                    = "asia-southeast2"
      + managed_instance_group_urls = (known after apply)
      + max_pods_per_node           = (known after apply)
      + name                        = "primary"
      + name_prefix                 = (known after apply)
      + node_count                  = 1
      + node_locations              = [
          + "asia-southeast2-a",
          + "asia-southeast2-b",
          + "asia-southeast2-c",
        ]
      + operation                   = (known after apply)
      + project                     = (known after apply)
      + version                     = "1.23.5-gke.1501"

      + autoscaling {
          + max_node_count = 1
          + min_node_count = 1
        }

      + management {
          + auto_repair  = true
          + auto_upgrade = true
        }

      + network_config {
          + create_pod_range    = (known after apply)
          + pod_ipv4_cidr_block = (known after apply)
          + pod_range           = (known after apply)
        }

      + node_config {
          + disk_size_gb      = (known after apply)
          + disk_type         = (known after apply)
          + guest_accelerator = (known after apply)
          + image_type        = "COS_CONTAINERD"
          + labels            = (known after apply)
          + local_ssd_count   = (known after apply)
          + machine_type      = "e2-standard-4"
          + metadata          = (known after apply)
          + min_cpu_platform  = (known after apply)
          + oauth_scopes      = [
              + "https://www.googleapis.com/auth/cloud-platform",
            ]
          + preemptible       = false
          + service_account   = (known after apply)
          + spot              = false
          + tags              = (known after apply)
          + taint             = (known after apply)

          + shielded_instance_config {
              + enable_integrity_monitoring = true
              + enable_secure_boot          = true
            }

          + workload_metadata_config {
              + mode = "GKE_METADATA"
            }
        }

      + upgrade_settings {
          + max_surge       = (known after apply)
          + max_unavailable = (known after apply)
        }
    }

  # module.gke.google_service_account.default will be created
  + resource "google_service_account" "default" {
      + account_id   = (known after apply)
      + disabled     = false
      + display_name = (known after apply)
      + email        = (known after apply)
      + id           = (known after apply)
      + name         = (known after apply)
      + project      = (known after apply)
      + unique_id    = (known after apply)
    }

  # module.gke.random_id.node_pool_tag will be created
  + resource "random_id" "node_pool_tag" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
    }

Plan: 9 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ca_certificate                                       = (sensitive value)
  + client_token                                         = (sensitive value)
  + cluster_name                                         = (known after apply)
  + cluster_project                                      = (known after apply)
  + gke_cluster_istio_gatekeeper_firewall_rule_self_link = (known after apply)
  + gke_cluster_primary_node_pool_tag                    = (known after apply)
  + kubernetes_endpoint                                  = (sensitive value)
  + service_account                                      = (known after apply)
╷
│ Warning: Argument is deprecated
│ 
│   with module.gke.google_container_cluster.primary,
│   on modules/gcp-gke/main.tf line 59, in resource "google_container_cluster" "primary":59:   enable_binary_authorization = true
│ 
│ Deprecated in favor of binary_authorization.
│ 
│ (and one more similar warning elsewhere)
╵

Pusher: @honestbank-bot, Action: pull_request, Working Directory: ``, Workflow: Terraform GitHub Actions

@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch from a9d82d9 to c6e9ff5 Compare November 23, 2022 05:29
jai
jai previously approved these changes Dec 14, 2022
View reviewed changes
@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch 4 times, most recently from 2b6ff52 to 48ae940 Compare July 1, 2024 03:09
@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch 10 times, most recently from 7815193 to d7f51a1 Compare July 9, 2024 08:55
@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch from d7f51a1 to a473008 Compare July 10, 2024 06:39
@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch 3 times, most recently from 0fda5b8 to 099a99c Compare August 8, 2024 06:52
@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch 4 times, most recently from c5a355d to 2b4cf80 Compare August 22, 2024 09:39
@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch 3 times, most recently from 531c311 to b7781b1 Compare September 5, 2024 07:35
@honestbank-bot honestbank-bot force-pushed the sync_workflow_files/default branch from b7781b1 to c257295 Compare September 12, 2024 02:52
@honestbank-bot honestbank-bot merged commit 8fd0c1a into main Sep 12, 2024
4 of 6 checks passed
@honestbank-bot
Copy link
Contributor Author

🎉 Merging this PR. All checks pass and automerge label present.

@honestbank-bot honestbank-bot deleted the sync_workflow_files/default branch September 12, 2024 03:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MXfive MXfive MXfive left review comments

@jai jai jai left review comments

@poom poom poom left review comments

@honestsubhadip honestsubhadip Awaiting requested review from honestsubhadip

@JoseFMP JoseFMP Awaiting requested review from JoseFMP

Assignees

@poom poom

Labels
automerge size/L sync
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@honestbank-bot @poom @jai @MXfive