Skip to content

Commit

Permalink
Merge pull request terraform-google-modules#187 from chrislovecnm/ip-…
Browse files Browse the repository at this point in the history
…masq

Creation of new variable configure_ip_masq controlling ip masq install
  • Loading branch information
morgante authored Jun 26, 2019
2 parents 36c7c06 + 4532075 commit 2298360
Show file tree
Hide file tree
Showing 16 changed files with 36 additions and 25 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
| basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
| basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | string | `""` | no |
| configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | string | `"false"` | no |
| description | The description of the cluster | string | `""` | no |
| disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | string | `"true"` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | string | `"true"` | no |
Expand Down
2 changes: 1 addition & 1 deletion autogen/masq.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
Create ip-masq-agent confimap
*****************************************/
resource "kubernetes_config_map" "ip-masq-agent" {
count = "${var.network_policy ? 1 : 0}"
count = "${var.configure_ip_masq ? 1 : 0}"

metadata {
name = "ip-masq-agent"
Expand Down
5 changes: 5 additions & 0 deletions autogen/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -237,6 +237,11 @@ variable "ip_masq_link_local" {
default = "false"
}

variable "configure_ip_masq" {
description = "Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server."
default = "false"
}

variable "logging_service" {
description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none"
default = "logging.googleapis.com"
Expand Down
2 changes: 2 additions & 0 deletions examples/stub_domains/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ module "gke" {
network_policy = true
service_account = "${var.compute_engine_service_account}"

configure_ip_masq = true

stub_domains {
"example.com" = [
"10.254.154.11",
Expand Down
2 changes: 1 addition & 1 deletion masq.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
Create ip-masq-agent confimap
*****************************************/
resource "kubernetes_config_map" "ip-masq-agent" {
count = "${var.network_policy ? 1 : 0}"
count = "${var.configure_ip_masq ? 1 : 0}"

metadata {
name = "ip-masq-agent"
Expand Down
1 change: 1 addition & 0 deletions modules/beta-private-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
| basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
| cloudrun | (Beta) Enable CloudRun addon | string | `"false"` | no |
| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | string | `""` | no |
| configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | string | `"false"` | no |
| database\_encryption | Application-layer Secrets Encryption settings. Example: database_encryption = [{ state = "ENCRYPTED", key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key" }] | list | `<list>` | no |
| deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | string | `"false"` | no |
| description | The description of the cluster | string | `""` | no |
Expand Down
2 changes: 1 addition & 1 deletion modules/beta-private-cluster/masq.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
Create ip-masq-agent confimap
*****************************************/
resource "kubernetes_config_map" "ip-masq-agent" {
count = "${var.network_policy ? 1 : 0}"
count = "${var.configure_ip_masq ? 1 : 0}"

metadata {
name = "ip-masq-agent"
Expand Down
5 changes: 5 additions & 0 deletions modules/beta-private-cluster/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,11 @@ variable "ip_masq_link_local" {
default = "false"
}

variable "configure_ip_masq" {
description = "Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server."
default = "false"
}

variable "logging_service" {
description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none"
default = "logging.googleapis.com"
Expand Down
1 change: 1 addition & 0 deletions modules/beta-public-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
| basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
| cloudrun | (Beta) Enable CloudRun addon | string | `"false"` | no |
| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | string | `""` | no |
| configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | string | `"false"` | no |
| database\_encryption | Application-layer Secrets Encryption settings. Example: database_encryption = [{ state = "ENCRYPTED", key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key" }] | list | `<list>` | no |
| description | The description of the cluster | string | `""` | no |
| disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | string | `"true"` | no |
Expand Down
2 changes: 1 addition & 1 deletion modules/beta-public-cluster/masq.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
Create ip-masq-agent confimap
*****************************************/
resource "kubernetes_config_map" "ip-masq-agent" {
count = "${var.network_policy ? 1 : 0}"
count = "${var.configure_ip_masq ? 1 : 0}"

metadata {
name = "ip-masq-agent"
Expand Down
5 changes: 5 additions & 0 deletions modules/beta-public-cluster/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,11 @@ variable "ip_masq_link_local" {
default = "false"
}

variable "configure_ip_masq" {
description = "Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server."
default = "false"
}

variable "logging_service" {
description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none"
default = "logging.googleapis.com"
Expand Down
1 change: 1 addition & 0 deletions modules/private-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
| basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
| basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | string | `""` | no |
| configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | string | `"false"` | no |
| deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | string | `"false"` | no |
| description | The description of the cluster | string | `""` | no |
| disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | string | `"true"` | no |
Expand Down
2 changes: 1 addition & 1 deletion modules/private-cluster/masq.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
Create ip-masq-agent confimap
*****************************************/
resource "kubernetes_config_map" "ip-masq-agent" {
count = "${var.network_policy ? 1 : 0}"
count = "${var.configure_ip_masq ? 1 : 0}"

metadata {
name = "ip-masq-agent"
Expand Down
5 changes: 5 additions & 0 deletions modules/private-cluster/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -235,6 +235,11 @@ variable "ip_masq_link_local" {
default = "false"
}

variable "configure_ip_masq" {
description = "Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server."
default = "false"
}

variable "logging_service" {
description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none"
default = "logging.googleapis.com"
Expand Down
20 changes: 0 additions & 20 deletions test/integration/stub_domains_private/controls/kubectl.rb
Original file line number Diff line number Diff line change
Expand Up @@ -59,26 +59,6 @@
})
end
end

describe "ipmasq" do
let(:ipmasq_configmap) { client.get_config_map("ip-masq-agent", "kube-system") }

it "is created by Terraform" do
expect(ipmasq_configmap.metadata.labels.maintained_by).to eq "terraform"
end

it "is configured properly" do
expect(YAML.load(ipmasq_configmap.data.config)).to eq({
"nonMasqueradeCIDRs" => [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16",
],
"resyncInterval" => "60s",
"masqLinkLocal" => false,
})
end
end
end
end
end
5 changes: 5 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,11 @@ variable "ip_masq_link_local" {
default = "false"
}

variable "configure_ip_masq" {
description = "Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server."
default = "false"
}

variable "logging_service" {
description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none"
default = "logging.googleapis.com"
Expand Down

0 comments on commit 2298360

Please sign in to comment.