From 367f734738e36b94b5eafd4a83f543eb9396bb5a Mon Sep 17 00:00:00 2001
From: bibek4699 <121928896+bibek4699@users.noreply.github.com>
Date: Fri, 19 May 2023 16:07:17 +0700
Subject: [PATCH] feat: add maintenance policy config feature in gcp-gke module
(#110)
* feat: add maintenance policy config feature
* fix: Timezone change to UTC
* fix: Timezone change to UTC
* fix: change the maintennace policy window time
* fix: remove conditional statement
---
modules/gcp-gke/README.md | 4 ++--
modules/gcp-gke/inputs.tf | 10 ++++++++++
modules/gcp-gke/main.tf | 11 +++++++++++
test/wrapper.auto.tfvars | 7 +++++++
4 files changed, 30 insertions(+), 2 deletions(-)
diff --git a/modules/gcp-gke/README.md b/modules/gcp-gke/README.md
index 1e8a899..e97c0fb 100644
--- a/modules/gcp-gke/README.md
+++ b/modules/gcp-gke/README.md
@@ -24,7 +24,6 @@ To run E2E tests, navigate to the [test folder](../test) and run `go test -v -ti
| Name | Version |
|------|---------|
-| [google](#provider\_google) | >= 4.0 |
| [google.compute](#provider\_google.compute) | >= 4.0 |
| [google.vpc](#provider\_google.vpc) | >= 4.0 |
| [google-beta.compute-beta](#provider\_google-beta.compute-beta) | >= 4.0 |
@@ -67,7 +66,7 @@ To run E2E tests, navigate to the [test folder](../test) and run `go test -v -ti
| [create\_gcp\_nat](#input\_create\_gcp\_nat) | Set to `true` to create an Internet NAT for ALL\_SUBNETWORKS\_ALL\_IP\_RANGES in the VPC network. | `bool` | n/a | yes |
| [create\_gcp\_router](#input\_create\_gcp\_router) | Set to `true` to create a router in the VPC network. | `bool` | n/a | yes |
| [create\_public\_https\_firewall\_rule](#input\_create\_public\_https\_firewall\_rule) | Set to `true` to create a firewall rule allowing 0.0.0.0/0:443 on TCP to all worker nodes. | `bool` | n/a | yes |
-| [enable\_dataplane\_v2](#input\_enable\_dataplane\_v2) | enable GKE Dataplane V2 for control plane. male this valur true if you need to enable it | `bool` | `false` | no |
+| [enable\_dataplane\_v2](#input\_enable\_dataplane\_v2) | Enable GKE DataPlane V2 for control plane.Set this value true if need to enable this feature. | `bool` | `false` | no |
| [enable\_network\_policy](#input\_enable\_network\_policy) | This value is passed to network\_policy.enabled and the negative is passed to addons\_config.network\_policy\_config.disabled. | `bool` | n/a | yes |
| [gke\_authenticator\_groups\_config\_domain](#input\_gke\_authenticator\_groups\_config\_domain) | Domain to append to `gke-security-groups` to pass to authenticator\_groups\_config so members of that Google Group can authenticate to the cluster. Pass an empty string to disable. Domain passed here should be in the format of TLD.EXTENSION. | `string` | n/a | yes |
| [google\_project](#input\_google\_project) | The GCP project to use for this run | `any` | n/a | yes |
@@ -75,6 +74,7 @@ To run E2E tests, navigate to the [test folder](../test) and run `go test -v -ti
| [initial\_node\_count](#input\_initial\_node\_count) | Initial node count, per-zone for regional clusters. | `any` | n/a | yes |
| [kubernetes\_version](#input\_kubernetes\_version) | The Kubernetes version to install on the master and node pool - must be a valid version from the specified `var.release_channel` | `string` | n/a | yes |
| [machine\_type](#input\_machine\_type) | Machine types to use for the node pool. | `any` | n/a | yes |
+| [maintenance\_policy\_config](#input\_maintenance\_policy\_config) | (OPTIONAL) A list of objects used to configure maintenance policy | list(object({
maintenance_start_time = string
maintenance_end_time = string
maintenance_recurrence = string
})) | `[]` | no |
| [master\_authorized\_networks](#input\_master\_authorized\_networks) | List of master authorized networks to access the control plane. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no |
| [master\_ipv4\_cidr\_block](#input\_master\_ipv4\_cidr\_block) | The IP range to set for master nodes, passed to master\_ipv4\_cidr\_block - /28 required by Google. | `any` | n/a | yes |
| [maximum\_node\_count](#input\_maximum\_node\_count) | Maximum nodes for the node pool per-zone. | `any` | n/a | yes |
diff --git a/modules/gcp-gke/inputs.tf b/modules/gcp-gke/inputs.tf
index 8747429..57ec759 100644
--- a/modules/gcp-gke/inputs.tf
+++ b/modules/gcp-gke/inputs.tf
@@ -168,3 +168,13 @@ variable "enable_dataplane_v2" {
default = false
description = "Enable GKE DataPlane V2 for control plane.Set this value true if need to enable this feature."
}
+
+variable "maintenance_policy_config" {
+ type = list(object({
+ maintenance_start_time = string
+ maintenance_end_time = string
+ maintenance_recurrence = string
+ }))
+ description = "(OPTIONAL) A list of objects used to configure maintenance policy "
+ default = []
+}
diff --git a/modules/gcp-gke/main.tf b/modules/gcp-gke/main.tf
index 966d419..6d645fa 100644
--- a/modules/gcp-gke/main.tf
+++ b/modules/gcp-gke/main.tf
@@ -90,6 +90,17 @@ resource "google_container_cluster" "primary" {
}
}
+ dynamic "maintenance_policy" {
+ for_each = var.maintenance_policy_config
+ content {
+ recurring_window {
+ start_time = maintenance_policy.value.maintenance_start_time
+ end_time = maintenance_policy.value.maintenance_end_time
+ recurrence = maintenance_policy.value.maintenance_recurrence
+ }
+ }
+ }
+
workload_identity_config {
workload_pool = "${data.google_project.service_project.project_id}.svc.id.goog"
}
diff --git a/test/wrapper.auto.tfvars b/test/wrapper.auto.tfvars
index bc81392..6aba7f9 100644
--- a/test/wrapper.auto.tfvars
+++ b/test/wrapper.auto.tfvars
@@ -31,6 +31,13 @@ master_authorized_networks = [
display_name = "Access from Everywhere"
}
]
+maintenance_policy_config = [
+ {
+ maintenance_start_time = "2023-05-19T06:00:00Z"
+ maintenance_end_time = "2023-05-19T10:00:00Z"
+ maintenance_recurrence = "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH"
+ }
+]
release_channel = "REGULAR"
kubernetes_version = "1.26.2-gke.1000"