feat: Add GCE PD CSI Driver beta support (#497)

Dev25 · web-flow · commit d96afa79fa97 · 2020-04-28T16:14:34.000-04:00
BREAKING CHANGE: Minimum provider change increased to 3.19.
diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
@@ -152,6 +152,14 @@ resource "google_container_cluster" "primary" {
     dns_cache_config {
       enabled = var.dns_cache
     }
+
+    dynamic "gce_persistent_disk_csi_driver_config" {
+      for_each = local.cluster_gce_pd_csi_config
+
+      content {
+        enabled = gce_persistent_disk_csi_driver_config.value.enabled
+      }
+    }
     {% endif %}
   }
 
diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl
@@ -88,6 +88,8 @@ locals {
 {% if beta_cluster %}
   cluster_cloudrun_config = var.cloudrun ? [{ disabled = false }] : []
 
+  cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
+
   cluster_node_metadata_config = var.node_metadata == "UNSPECIFIED" ? [] : [{
     node_metadata = var.node_metadata
   }]
diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
@@ -417,6 +417,12 @@ variable "dns_cache" {
   default     = false
 }
 
+variable "gce_pd_csi_driver" {
+  type        = bool
+  description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
+  default     = false
+}
+
 variable "database_encryption" {
   description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key."
   type        = list(object({ state = string, key_name = string }))
diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl
@@ -19,7 +19,7 @@ terraform {
 
   required_providers {
 {% if beta_cluster %}
-    google-beta = ">= 3.16, <4.0.0"
+    google-beta = ">= 3.19, <4.0.0"
 {% else %}
     google = ">= 3.16, <4.0.0"
 {% endif %}
diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf
@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google-beta" {
-  version = "~> 3.16.0"
+  version = "~> 3.19.0"
   region  = var.region
 }
 
diff --git a/examples/node_pool_update_variant_beta/main.tf b/examples/node_pool_update_variant_beta/main.tf
@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google-beta" {
-  version     = "~> 3.16.0"
+  version     = "~> 3.19.0"
   credentials = file(var.credentials_path)
   region      = var.region
 }
diff --git a/examples/safer_cluster/main.tf b/examples/safer_cluster/main.tf
@@ -34,7 +34,7 @@ provider "google" {
 }
 
 provider "google-beta" {
-  version = "~> 3.16.0"
+  version = "~> 3.19.0"
 }
 
 module "gke" {
diff --git a/examples/simple_regional_beta/README.md b/examples/simple_regional_beta/README.md
@@ -13,6 +13,7 @@ This example illustrates how to create a simple cluster with beta features.
 | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key. | object | `<list>` | no |
 | dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | bool | `"false"` | no |
 | enable\_binary\_authorization | Enable BinAuthZ Admission controller | string | `"false"` | no |
+| gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | bool | `"false"` | no |
 | ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes |
 | ip\_range\_services | The secondary ip range to use for services | string | n/a | yes |
 | istio | Boolean to enable / disable Istio | string | `"true"` | no |
diff --git a/examples/simple_regional_beta/main.tf b/examples/simple_regional_beta/main.tf
@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google-beta" {
-  version = "~> 3.16.0"
+  version = "~> 3.19.0"
   region  = var.region
 }
 
@@ -39,6 +39,7 @@ module "gke" {
   istio                       = var.istio
   cloudrun                    = var.cloudrun
   dns_cache                   = var.dns_cache
+  gce_pd_csi_driver           = var.gce_pd_csi_driver
   node_metadata               = var.node_metadata
   sandbox_enabled             = var.sandbox_enabled
   remove_default_node_pool    = var.remove_default_node_pool
diff --git a/examples/simple_regional_beta/variables.tf b/examples/simple_regional_beta/variables.tf
@@ -63,6 +63,12 @@ variable "dns_cache" {
   default     = false
 }
 
+variable "gce_pd_csi_driver" {
+  type        = bool
+  description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
+  default     = false
+}
+
 variable "node_metadata" {
   description = "Specifies how node metadata is exposed to the workload running on the node"
   default     = "SECURE"
diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf
@@ -24,7 +24,7 @@ provider "google" {
 }
 
 provider "google-beta" {
-  version = "~> 3.16.0"
+  version = "~> 3.19.0"
   region  = var.region
 }
 
@@ -56,9 +56,10 @@ module "gke" {
     },
   ]
 
-  istio     = var.istio
-  cloudrun  = var.cloudrun
-  dns_cache = var.dns_cache
+  istio             = var.istio
+  cloudrun          = var.cloudrun
+  dns_cache         = var.dns_cache
+  gce_pd_csi_driver = var.gce_pd_csi_driver
 }
 
 data "google_client_config" "default" {
diff --git a/examples/simple_regional_private_beta/variables.tf b/examples/simple_regional_private_beta/variables.tf
@@ -61,3 +61,9 @@ variable "dns_cache" {
   description = "Boolean to enable / disable NodeLocal DNSCache "
   default     = false
 }
+
+variable "gce_pd_csi_driver" {
+  type        = bool
+  description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
+  default     = false
+}
diff --git a/examples/workload_metadata_config/main.tf b/examples/workload_metadata_config/main.tf
@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google-beta" {
-  version = "~> 3.16.0"
+  version = "~> 3.19.0"
   region  = var.region
 }
 
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
@@ -183,6 +183,7 @@ Then perform the following commands on the root folder:
 | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | bool | `"false"` | no |
 | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers | list(string) | `<list>` | no |
 | firewall\_priority | Priority rule for firewall rules | number | `"1000"` | no |
+| gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | bool | `"false"` | no |
 | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer role. | bool | `"false"` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | bool | `"true"` | no |
 | http\_load\_balancing | Enable httpload balancer addon | bool | `"true"` | no |
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -137,6 +137,14 @@ resource "google_container_cluster" "primary" {
     dns_cache_config {
       enabled = var.dns_cache
     }
+
+    dynamic "gce_persistent_disk_csi_driver_config" {
+      for_each = local.cluster_gce_pd_csi_config
+
+      content {
+        enabled = gce_persistent_disk_csi_driver_config.value.enabled
+      }
+    }
   }
 
   ip_allocation_policy {
diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf
@@ -81,6 +81,8 @@ locals {
 
   cluster_cloudrun_config = var.cloudrun ? [{ disabled = false }] : []
 
+  cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
+
   cluster_node_metadata_config = var.node_metadata == "UNSPECIFIED" ? [] : [{
     node_metadata = var.node_metadata
   }]
diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
@@ -410,6 +410,12 @@ variable "dns_cache" {
   default     = false
 }
 
+variable "gce_pd_csi_driver" {
+  type        = bool
+  description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
+  default     = false
+}
+
 variable "database_encryption" {
   description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key."
   type        = list(object({ state = string, key_name = string }))
diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf
@@ -18,6 +18,6 @@ terraform {
   required_version = "~> 0.12.6"
 
   required_providers {
-    google-beta = ">= 3.16, <4.0.0"
+    google-beta = ">= 3.19, <4.0.0"
   }
 }
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
@@ -161,6 +161,7 @@ Then perform the following commands on the root folder:
 | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | bool | `"false"` | no |
 | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers | list(string) | `<list>` | no |
 | firewall\_priority | Priority rule for firewall rules | number | `"1000"` | no |
+| gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | bool | `"false"` | no |
 | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer role. | bool | `"false"` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | bool | `"true"` | no |
 | http\_load\_balancing | Enable httpload balancer addon | bool | `"true"` | no |
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
@@ -137,6 +137,14 @@ resource "google_container_cluster" "primary" {
     dns_cache_config {
       enabled = var.dns_cache
     }
+
+    dynamic "gce_persistent_disk_csi_driver_config" {
+      for_each = local.cluster_gce_pd_csi_config
+
+      content {
+        enabled = gce_persistent_disk_csi_driver_config.value.enabled
+      }
+    }
   }
 
   ip_allocation_policy {
diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf
@@ -81,6 +81,8 @@ locals {
 
   cluster_cloudrun_config = var.cloudrun ? [{ disabled = false }] : []
 
+  cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
+
   cluster_node_metadata_config = var.node_metadata == "UNSPECIFIED" ? [] : [{
     node_metadata = var.node_metadata
   }]
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
@@ -410,6 +410,12 @@ variable "dns_cache" {
   default     = false
 }
 
+variable "gce_pd_csi_driver" {
+  type        = bool
+  description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
+  default     = false
+}
+
 variable "database_encryption" {
   description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key."
   type        = list(object({ state = string, key_name = string }))
diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf
@@ -18,6 +18,6 @@ terraform {
   required_version = "~> 0.12.6"
 
   required_providers {
-    google-beta = ">= 3.16, <4.0.0"
+    google-beta = ">= 3.19, <4.0.0"
   }
 }
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
@@ -140,6 +140,7 @@ Then perform the following commands on the root folder:
 | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | bool | `"false"` | no |
 | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers | list(string) | `<list>` | no |
 | firewall\_priority | Priority rule for firewall rules | number | `"1000"` | no |
+| gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | bool | `"false"` | no |
 | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer role. | bool | `"false"` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | bool | `"true"` | no |
 | http\_load\_balancing | Enable httpload balancer addon | bool | `"true"` | no |
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
@@ -137,6 +137,14 @@ resource "google_container_cluster" "primary" {
     dns_cache_config {
       enabled = var.dns_cache
     }
+
+    dynamic "gce_persistent_disk_csi_driver_config" {
+      for_each = local.cluster_gce_pd_csi_config
+
+      content {
+        enabled = gce_persistent_disk_csi_driver_config.value.enabled
+      }
+    }
   }
 
   ip_allocation_policy {
diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf
@@ -81,6 +81,8 @@ locals {
 
   cluster_cloudrun_config = var.cloudrun ? [{ disabled = false }] : []
 
+  cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
+
   cluster_node_metadata_config = var.node_metadata == "UNSPECIFIED" ? [] : [{
     node_metadata = var.node_metadata
   }]
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
@@ -386,6 +386,12 @@ variable "dns_cache" {
   default     = false
 }
 
+variable "gce_pd_csi_driver" {
+  type        = bool
+  description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
+  default     = false
+}
+
 variable "database_encryption" {
   description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key."
   type        = list(object({ state = string, key_name = string }))
diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf
@@ -18,6 +18,6 @@ terraform {
   required_version = "~> 0.12.6"
 
   required_providers {
-    google-beta = ">= 3.16, <4.0.0"
+    google-beta = ">= 3.19, <4.0.0"
   }
 }
diff --git a/test/fixtures/beta_cluster/main.tf b/test/fixtures/beta_cluster/main.tf
@@ -56,6 +56,8 @@ module "this" {
 
   dns_cache = true
 
+  gce_pd_csi_driver = true
+
   enable_binary_authorization = true
 
   pod_security_policy_config = [{
diff --git a/test/integration/beta_cluster/controls/gcloud.rb b/test/integration/beta_cluster/controls/gcloud.rb
@@ -60,6 +60,9 @@
           "cloudRunConfig" => {},
           "dnsCacheConfig" => {
             "enabled" => true,
+          },
+          "gcePersistentDiskCsiDriverConfig" => {
+            "enabled" => true,
           }
         })
       end

Original file line number	Diff line number	Diff line change
`@@ -152,6 +152,14 @@ resource "google_container_cluster" "primary" {`
`152`	`152`	`dns_cache_config {`
`153`	`153`	`enabled = var.dns_cache`
`154`	`154`	`}`
	`155`	`+`
	`156`	`+ dynamic "gce_persistent_disk_csi_driver_config" {`
	`157`	`+ for_each = local.cluster_gce_pd_csi_config`
	`158`	`+`
	`159`	`+ content {`
	`160`	`+ enabled = gce_persistent_disk_csi_driver_config.value.enabled`
	`161`	`+ }`
	`162`	`+ }`
`155`	`163`	`{% endif %}`
`156`	`164`	`}`
`157`	`165`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ locals {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`provider "google-beta" {`
`22`		`- version = "~> 3.16.0"`
	`22`	`+ version = "~> 3.19.0"`
`23`	`23`	`region = var.region`
`24`	`24`	`}`
`25`	`25`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ provider "google" {`
`34`	`34`	`}`
`35`	`35`
`36`	`36`	`provider "google-beta" {`
`37`		`- version = "~> 3.16.0"`
	`37`	`+ version = "~> 3.19.0"`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`module "gke" {`