feat: GKE autopilot support (#1148)

* adding auto-pilot support

* fixes

* add kitchen tests

* Update main.tf

* fix: add back in

* Update examples/simple_autopilot_private/README.md

Co-authored-by: Bharath KKB <[email protected]>

* Update examples/simple_autopilot_private/README.md

Co-authored-by: Bharath KKB <[email protected]>

* Update modules/beta-autopilot-public-cluster/versions.tf

Co-authored-by: Bharath KKB <[email protected]>

* Update examples/simple_autopilot_private/main.tf

Co-authored-by: Bharath KKB <[email protected]>

* update dates and remove Vars

* fixes

* i hate symlinks

* add vars and outputs

* docs generation

* add random string to subnet names

* Update main.tf

* adding auto-pilot support

* fixes

* add kitchen tests

* Update main.tf

* fix: add back in

* Update examples/simple_autopilot_private/README.md

Co-authored-by: Bharath KKB <[email protected]>

* Update examples/simple_autopilot_private/README.md

Co-authored-by: Bharath KKB <[email protected]>

* Update modules/beta-autopilot-public-cluster/versions.tf

Co-authored-by: Bharath KKB <[email protected]>

* Update examples/simple_autopilot_private/main.tf

Co-authored-by: Bharath KKB <[email protected]>

* update dates and remove Vars

* fixes

* i hate symlinks

* add vars and outputs

* docs generation

* add random string to subnet names

* Update main.tf

* remove random name

Co-authored-by: Corey McGalliard <[email protected]>
Co-authored-by: Bharath KKB <[email protected]>

Author: 3 people

.kitchen.yml

@@ -244,3 +244,17 @@ suites:
           controls:
             - gcloud
             - kubectl
+  - name: "simple_autopilot_private"
+    driver:
+      root_module_directory: test/fixtures/simple_autopilot_private
+    verifier:
+      systems:
+        - name: simple_autopilot_private
+          backend: local
+  - name: "simple_autopilot_public"
+    driver:
+      root_module_directory: test/fixtures/simple_autopilot_public
+    verifier:
+      systems:
+        - name: simple_autopilot_public
+          backend: local

README.md

@@ -43,8 +43,8 @@ module "gke" {
   ip_range_pods              = "us-central1-01-gke-01-pods"
   ip_range_services          = "us-central1-01-gke-01-services"
   http_load_balancing        = false
-  horizontal_pod_autoscaling = true
   network_policy             = false
+  horizontal_pod_autoscaling = true
 
   node_pools = [
     {
@@ -253,8 +253,6 @@ The node_pools variable takes the following parameters:
 | tags | The list of instance tags applied to all nodes | | Required |
 | value | The value for the taint | | Required |
 | version | The Kubernetes version for the nodes in this pool. Should only be set if auto_upgrade is false | " " | Optional |
-
-
 ## Requirements
 
 Before this module can be used on a project, you must ensure that the following pre-requisites are fulfilled:

autogen/main/README.md

@@ -72,20 +72,26 @@ module "gke" {
   subnetwork                 = "us-central1-01"
   ip_range_pods              = "us-central1-01-gke-01-pods"
   ip_range_services          = "us-central1-01-gke-01-services"
+  {% if autopilot_cluster != true %}
   http_load_balancing        = false
-  horizontal_pod_autoscaling = true
   network_policy             = false
+  {% endif %}
+  horizontal_pod_autoscaling = true
   {% if private_cluster %}
   enable_private_endpoint    = true
   enable_private_nodes       = true
   master_ipv4_cidr_block     = "10.0.0.0/28"
   {% endif %}
-  {% if beta_cluster %}
-  istio = true
-  cloudrun = true
-  dns_cache = false
+  {% if beta_cluster and autopilot_cluster != true  %}
+  istio                      = true
+  cloudrun                   = true
+  dns_cache                  = false
+  {% endif %}
+  {% if autopilot_cluster %}
+  enable_autopilot           = true
   {% endif %}
 
+{% if autopilot_cluster != true %}
   node_pools = [
     {
       name                      = "default-node-pool"
@@ -152,6 +158,7 @@ module "gke" {
       "default-node-pool",
     ]
   }
+{% endif %}
 }
 ```
 
@@ -166,6 +173,7 @@ Then perform the following commands on the root folder:
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
+{% if autopilot_cluster != true %}
 ## node_pools variable
 The node_pools variable takes the following parameters:
 
@@ -220,8 +228,7 @@ The node_pools variable takes the following parameters:
 | tags | The list of instance tags applied to all nodes | | Required |
 | value | The value for the taint | | Required |
 | version | The Kubernetes version for the nodes in this pool. Should only be set if auto_upgrade is false | " " | Optional |
-
-
+{% endif %}
 ## Requirements
 
 Before this module can be used on a project, you must ensure that the following pre-requisites are fulfilled:

autogen/main/cluster.tf.tmpl

@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2022 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -35,7 +35,7 @@ resource "google_container_cluster" "primary" {
   node_locations    = local.node_locations
   cluster_ipv4_cidr = var.cluster_ipv4_cidr
   network           = "projects/${local.network_project_id}/global/networks/${var.network}"
-
+  {% if autopilot_cluster != true %}
   dynamic "network_policy" {
     for_each = local.cluster_network_policy
 
@@ -44,6 +44,7 @@ resource "google_container_cluster" "primary" {
       provider = network_policy.value.provider
     }
   }
+  {% endif %}
 
   dynamic "release_channel" {
     for_each = local.release_channel
@@ -64,13 +65,13 @@ resource "google_container_cluster" "primary" {
   subnetwork = "projects/${local.network_project_id}/regions/${local.region}/subnetworks/${var.subnetwork}"
 
 {% if beta_cluster %}
-  default_snat_status{
+  default_snat_status {
     disabled = var.disable_default_snat
   }
 {% endif %}
   min_master_version = var.release_channel != null ? null : local.master_version
 
-{% if beta_cluster %}
+{% if beta_cluster and  autopilot_cluster != true %}
   dynamic "cluster_telemetry" {
     for_each = local.cluster_telemetry_type_is_set ? [1] : []
     content {
@@ -98,7 +99,7 @@ resource "google_container_cluster" "primary" {
   logging_service    = var.logging_service
   monitoring_service = var.monitoring_service
 {% endif %}
-
+  {% if autopilot_cluster != true %}
   cluster_autoscaling {
     enabled = var.cluster_autoscaling.enabled
     dynamic "auto_provisioning_defaults" {
@@ -107,14 +108,14 @@ resource "google_container_cluster" "primary" {
       content {
         service_account = local.service_account
         oauth_scopes = local.node_pools_oauth_scopes["all"]
-{% if beta_cluster %}
+        {% if beta_cluster %}
         min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "")
-{% endif %}
+        {% endif %}
       }
     }
-{% if beta_cluster %}
+    {% if beta_cluster %}
     autoscaling_profile = var.cluster_autoscaling.autoscaling_profile != null ? var.cluster_autoscaling.autoscaling_profile : "BALANCED"
-{% endif %}
+    {% endif %}
     dynamic "resource_limits" {
       for_each = local.autoscaling_resource_limits
       content {
@@ -124,16 +125,15 @@ resource "google_container_cluster" "primary" {
       }
     }
   }
-
+  {% endif %}
   vertical_pod_autoscaling {
     enabled = var.enable_vertical_pod_autoscaling
   }
-
+  {% if autopilot_cluster != true %}
   default_max_pods_per_node = var.default_max_pods_per_node
-
   enable_shielded_nodes       = var.enable_shielded_nodes
   enable_binary_authorization = var.enable_binary_authorization
-{% if beta_cluster %}
+  {% if beta_cluster %}
   enable_intranode_visibility = var.enable_intranode_visibility
   enable_kubernetes_alpha     = var.enable_kubernetes_alpha
   enable_tpu                  = var.enable_tpu
@@ -153,6 +153,10 @@ resource "google_container_cluster" "primary" {
   }
 
   enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
+  {% endif %}
+  {% endif %}
+{% if autopilot_cluster %}
+  enable_autopilot = true
 {% endif %}
   dynamic "master_authorized_networks_config" {
     for_each = local.master_authorized_networks_config
@@ -181,14 +185,15 @@ resource "google_container_cluster" "primary" {
     horizontal_pod_autoscaling {
       disabled = !var.horizontal_pod_autoscaling
     }
-
+    {% if autopilot_cluster != true %}
     network_policy_config {
       disabled = !var.network_policy
     }
-    {% if beta_cluster %}
+    {% endif %}
+    {% if beta_cluster and autopilot_cluster != true %}
 
     istio_config {
-      disabled = ! var.istio
+      disabled = !var.istio
       auth     = var.istio_auth
     }
 
@@ -258,24 +263,25 @@ resource "google_container_cluster" "primary" {
         end_time       = maintenance_exclusion.value.end_time
       }
     }
-
   {% else %}
     daily_maintenance_window {
       start_time = var.maintenance_start_time
     }
   {% endif %}
   }
 
+  {% if autopilot_cluster != true %}
   lifecycle {
     ignore_changes = [node_pool, initial_node_count, resource_labels["asmv"], resource_labels["mesh_id"]]
   }
+  {% endif %}
 
   timeouts {
     create = "45m"
     update = "45m"
     delete = "45m"
   }
-
+  {% if autopilot_cluster != true %}
   node_pool {
     name               = "default-pool"
     initial_node_count = var.initial_node_count
@@ -321,6 +327,7 @@ resource "google_container_cluster" "primary" {
       }
     }
   }
+  {% endif %}
 
   dynamic "resource_usage_export_config" {
     for_each = var.resource_usage_export_dataset_id != "" ? [{
@@ -362,6 +369,7 @@ resource "google_container_cluster" "primary" {
   }
 {% endif %}
 
+  {% if autopilot_cluster != true %}
   remove_default_node_pool = var.remove_default_node_pool
 
   dynamic "database_encryption" {
@@ -380,27 +388,30 @@ resource "google_container_cluster" "primary" {
       workload_pool = workload_identity_config.value.workload_pool
     }
   }
+  {% endif %}
 
+  {% if autopilot_cluster != true %}
   dynamic "authenticator_groups_config" {
     for_each = local.cluster_authenticator_security_group
     content {
       security_group = authenticator_groups_config.value.security_group
     }
   }
-
-{% if beta_cluster %}
+  {% endif %}
+  {% if beta_cluster %}
   notification_config {
     pubsub {
       enabled = var.notification_config_topic != "" ? true : false
-      topic = var.notification_config_topic
+      topic   = var.notification_config_topic
     }
   }
-{% endif %}
+  {% endif %}
 }
-
+{% if autopilot_cluster != true %}
 /******************************************
   Create Container Cluster node pools
  *****************************************/
+{% endif %}
 {% if update_variant %}
 locals {
   force_node_pool_recreation_resources = [
@@ -491,6 +502,7 @@ resource "random_id" "name" {
 }
 
 {% endif %}
+{% if autopilot_cluster != true %}
 resource "google_container_node_pool" "pools" {
   {% if beta_cluster %}
   provider = google-beta
@@ -698,3 +710,4 @@ resource "google_container_node_pool" "pools" {
     delete = "45m"
   }
 }
+{% endif %}

autogen/main/dns.tf.tmpl

@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2022 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -35,7 +35,9 @@ module "gcloud_delete_default_kube_dns_configmap" {
 
   module_depends_on = concat(
     [google_container_cluster.primary.master_version],
+    {% if autopilot_cluster != true %}
     [for pool in google_container_node_pool.pools : pool.name]
+    {% endif %}
   )
 }
 
@@ -63,7 +65,9 @@ EOF
   depends_on = [
     module.gcloud_delete_default_kube_dns_configmap.wait,
     google_container_cluster.primary,
+    {% if autopilot_cluster != true %}
     google_container_node_pool.pools,
+    {% endif %}
   ]
 }
 
@@ -89,7 +93,9 @@ EOF
   depends_on = [
     module.gcloud_delete_default_kube_dns_configmap.wait,
     google_container_cluster.primary,
+    {% if autopilot_cluster != true %}
     google_container_node_pool.pools,
+    {% endif %}
   ]
 }
 
@@ -118,6 +124,8 @@ EOF
   depends_on = [
     module.gcloud_delete_default_kube_dns_configmap.wait,
     google_container_cluster.primary,
+    {% if autopilot_cluster != true %}
     google_container_node_pool.pools,
+    {% endif %}
   ]
 }

autogen/main/firewall.tf.tmpl

@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2022 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.