Skip to content

Latest commit

 

History

History
1456 lines (927 loc) · 143 KB

CHANGELOG.md

File metadata and controls

1456 lines (927 loc) · 143 KB
Raw

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Extending the adopted spec, each change should have a link to its corresponding pull request appended.

30.3.0 (2024-05-09)

Features

  • add enable_l4_ilb_subsetting for GA TPG (#1924) (da0476a)
  • adds local_nvme_ssd_block_config to beta-public-cluster (#1912) (f7c2ed9)
  • network tags for autoprovisioned node pools (#1920) (f864e8a)
  • safer-clusters: add components selection for monitoring (#1851) (15b472f)

Bug Fixes

  • make master_ipv4_cidr_block optional for autopilot (#1902) (af43bdd)

30.2.0 (2024-03-08)

Features

30.1.0 (2024-02-26)

Features

  • add direct fleet registration option (#1878) (6b267bd)
  • add optional membership_location to fleet-membership (#1860) (163de39)

Bug Fixes

  • handle missing fleet membership and extend asm timeout (#1880) (22896b0)

30.0.0 (2024-01-31)

⚠ BREAKING CHANGES

  • TPG>=5.9: cluster autoscaling profile is GA (#1839)
  • Update least privilege default service account (#1844)
  • TPG>=5.6: use hub membership location for output (#1824)
  • Revert create least privilege default service account (#1757) (#1827)
  • TF>=1.1: Configure ASM management mode (#1702)

Features

  • add advanced datapath observability config option (#1776) (90e9bdf)
  • Add support for configuring allow_net_admin in autopilot clusters (#1768) (493149d)
  • add support for pod_range in private cluster (#1803) (9c62f1f)
  • dual stack (IPV4_IPV6) support (#1818) (d6cb390)
  • Make confidential_nodes GA (#1815) (322a5ee)
  • promote tpu to ga (#1856) (ba78819)
  • TF>=1.1: Configure ASM management mode (#1702) (a9de2d7)
  • TPG>=5.6: use hub membership location for output (#1824) (13e79af)
  • TPG>=5.9: cluster autoscaling profile is GA (#1839) (495623e)
  • Update least privilege default service account (#1844) (c63aa4f)
  • workload-identity: Allow passing Google Service Account display_name and description (#1834) (b387621)

Bug Fixes

  • Add project ID to the fleet feature membership for ASM (#1832) (1835f80)
  • alpha option for cluster creation (#1796) (67b67f3)
  • CI: extend wait time for ACM (#1861) (3d840c0)
  • Do not ignore "mesh_id" label on "google_container_cluster" resource (#1836) (95641a6)
  • Revert create least privilege default service account (#1757) (#1827) (0d7f638)

29.0.0 (2023-11-02)

⚠ BREAKING CHANGES

  • TPGv5: update to TPG v5 (#1761)
  • align keepers with ForceNew: true fields (#1698)
  • Create least privilege default service account (#1757)
  • acm: remove direct kubectl commands (#1751)
  • TPG>=4.81.0: add fqdn policies (#1729)
  • enabling vulnerability and audit modes for workloads (#1749)
  • support for enabling image streaming at cluster level (#1696)
  • make promethus configurable (#1715)
  • Add support for additional pod secondary ranges at the cluster level (#1738)

Features

  • acm: remove direct kubectl commands (#1751) (4c27a6a)
  • add security posture (#1750) (5d959a6)
  • Add support for additional pod secondary ranges at the cluster level (#1738) (cebc213)
  • add support for gpu_driver_installation_config on nodepool (#1767) (f43a241)
  • align keepers with ForceNew: true fields (#1698) (3181f6c)
  • Create least privilege default service account (#1757) (350faa7)
  • enabling vulnerability and audit modes for workloads (#1749) (7bfd6fe)
  • make promethus configurable (#1715) (ae26016)
  • support for enabling image streaming at cluster level (#1696) (dbb57a2)
  • TPG>=4.81.0: add fqdn policies (#1729) (2beb720)

Bug Fixes

28.0.0 (2023-09-20)

⚠ BREAKING CHANGES

  • support gcs fuse addon (#1722)
  • Add support for disk_size and disk_type for cluster_autoscaling. (#1693)

Features

  • add project and location output to fleet-membership (#1740) (825bda6)
  • Add support for disk_size and disk_type for cluster_autoscaling. (#1693) (fd233e5)
  • Add support for Logging Variant to enable max throughput option (#1616) (acd2d41)
  • mesh_certificates support (#1712) (8913ef2)
  • promote config_connector_config to ga (#1559) (ae63848)
  • support configuring ACM git service account email (#1685) (426f06f)
  • support gcs fuse addon (#1722) (2f5a276)

Bug Fixes

27.0.0 (2023-06-29)

⚠ BREAKING CHANGES

  • TPG>=4.32.0: Support enabling Policy Controller mutations (#1665)

Features

  • Add protect_config beta feature (#1617) (d252579)
  • cluster.tf: add support to set initial release channel version (#1625) (e522073)
  • TPG>=4.32.0: Support enabling Policy Controller mutations (#1665) (1173518)

Bug Fixes

26.1.1 (2023-05-22)

Bug Fixes

26.1.0 (2023-05-16)

Features

  • Add timeouts variable for safer cluster module (#1613) (146b2e7)

Bug Fixes

26.0.0 (2023-05-10)

⚠ BREAKING CHANGES

  • set release_channel and auto_upgrade, drop meshtelemetry (#1618)
  • kubernetes ~> 2.13: Remove 1.23 restriction on workload identity module (#1595)
  • acm: prevent conflicts in IAM binding (#1576)

Features

  • add blue/green upgrade strategy settings (#1551) (db51271)
  • add enable_private_nodes options to node_pool network_config (#1604) (48d7590)
  • allow setting network tags on autopilot clusters (#1572) (23e9c96)
  • Workload Identity module, to bind roles in various projects for the service account created (#1574) (53f0f58)

Bug Fixes

  • acm: prevent conflicts in IAM binding (#1576) (a7cfe92)
  • Autopilot vertical pod autoscaling (#1564) (6853c61)
  • fixes for tflint and dev-tools 1.10 (#1598) (d012313)
  • kubernetes ~> 2.13: Remove 1.23 restriction on workload identity module (#1595) (b23bc86)
  • node_metadata mapping for GCE_METADATA (#1542) (#1543) (b03ea84)
  • nodepool autoscaling vars avail in GKE 1.24.1 result in conflicts. Preserve default behavior (#1562) (98e8dc3)
  • PSP removed in GKE >= 1.25.0 (#1622) (530f16b)
  • set release_channel and auto_upgrade, drop meshtelemetry (#1618) (3c8dd3a)
  • use provided service_account_name if available (#1610) (a42ed88)

25.0.0 (2023-02-03)

⚠ BREAKING CHANGES

  • Promote node sysctl config to GA (#1536)
  • enable auto repair and upgrade with cluster autoscaling (#1530)
  • support for gateway api for safer cluster variants (#1523)
  • promote gke_backup_agent_config to ga (#1513)
  • enable private nodes with specified pod ip range (#1514)
  • Promote managed_prometheus to GA (#1505)
  • support for gateway api (#1510)
  • Add option to pass resource_labels to NP (#1508)
  • promote gce_pd_csi_driver to GA (#1509)
  • Set the provided SA when creating autopilot clusters (#1495)

Features

  • add all pod_ranges to cluster firewall rules and add missing shadow rules (#1480) (bcd5e03)
  • Add option to pass resource_labels to NP (#1508) (e7566c5)
  • add support for policy bundles and metrics SA (#1529) (0f63eab)
  • promote gce_pd_csi_driver to GA (#1509) (ac062f8)
  • promote gke_backup_agent_config to ga (#1513) (966135f)
  • Promote managed_prometheus to GA (#1505) (9c77c6c)
  • Promote node sysctl config to GA (#1536) (754f4e3)
  • Set the provided SA when creating autopilot clusters (#1495) (d122a55)
  • support for gateway api (#1510) (4181276)
  • support for gateway api for safer cluster variants (#1523) (912da8c)

Bug Fixes

24.1.0 (2022-12-14)

Features

  • Allow enabling cost management for safer_cluster module (#1475) (8507e09)

24.0.0 (2022-11-21)

⚠ BREAKING CHANGES

  • cost_management_config is out of beta now (#1470)
  • update variant - recreate node pools on max_pods_per_node or pod_range change (#1464)
  • expose global master access in GA modules (#1421)
  • min tpb bump for location_policy
  • min TPG bump for location_policy (#1453)
  • add service_external_ips option (#1441)
  • Adding Support for Cost Allocation Feature in Beta (#1413)
  • add boot_disk_kms_key variable for node pools to GA modules (#1371)

Features

  • add boot_disk_kms_key variable for node pools to GA modules (#1371) (d9a44c6)
  • add location_policy and fix permadiff (#1452) (aecccf0)
  • add nodepool autoscaling vars avail in GKE 1.24.1 (#1415) (f57f3ce)
  • add service_external_ips option (#1441) (e9de006)
  • Add support for https_proxy parameter for the config_sync.git block (#1457) (43bbd3c)
  • Adding Support for Cost Allocation Feature in Beta (#1413) (ba3dcd0)
  • cost_management_config is out of beta now (#1470) (10ea608)
  • expose global master access in GA modules (#1421) (4278f2c)
  • Make creation of istio-system namespace optional (#1439) (335c62a)
  • update variant - recreate node pools on max_pods_per_node or pod_range change (#1464) (b006593)

Bug Fixes

23.3.0 (2022-10-28)

Features

Bug Fixes

  • Exposing VPA to GA module (#1404) (df16cda)
  • incorrect node_pools variable type (#1424) (faaee19)
  • Truncating hub membership ID when greater than 63 character (#1429) (0c5660d)
  • use dynamic block for accelerators, updates for CI (#1428) (0304a20)

23.2.0 (2022-09-27)

Features

  • add support for provisioning windows node pools (92d7c67)
  • Allow configuring cluster_autoscaling for safer cluster variants (#1407) (a661eea)

23.1.0 (2022-09-08)

Features

  • add enable_referential_rules variable (#1394) (1fd7184)
  • adds placement policy argument to the beta modules (#1385) (c0f5881)
  • Allow enabling GKE backup agent for safer cluster variants (#1367) (5fb077d)
  • cloud dns support for safer clusters (#1384) (4e817be)
  • enable PoCo referential_rules for ACM (#1373) (b9287de)

23.0.0 (2022-08-22)

⚠ BREAKING CHANGES

  • Increased minimum Google Provider version to 4.29 (#1353)
  • The new binary_authorization (#1332) may result in the first apply after upgrading taking additional time

Features

  • add module_depends_on to workload-identity (#1341) (a6dce1a)
  • promote notification config & dns to ga (#1327) (47b5ff6)

Bug Fixes

  • add depends_on to asm module google_container_cluster data resource (#1365) (9140c60)
  • change asm module depends_on method (#1354) (300eb1f)
  • new binary_authorization (#1332) requires TPG 4.29 (#1353) (4f0d19e)

22.1.0 (2022-08-02)

Features

Bug Fixes

  • resolve deprecation warning for binary authorization (#1332) (f8a5cca), closes #1331
  • support explicit k8s version with unspecified release channel (#1335) (dc1de85)

22.0.0 (2022-07-11)

⚠ BREAKING CHANGES

  • Minimum Google/Google Beta provider versions increased to v4.25.0.
  • promote Spot VM to GA (#1294)
  • support maintenance_exclusion (#1273)

Features

  • Allow enabling managed Prometheus in beta cluster submodules (#1307) (71e7067)
  • expose use_existing_context variable in WI module (#1295) (d802e49)
  • promote Spot VM to GA (#1294) (274da2f)
  • support gVNIC (#1296) (5d6eac1)
  • support maintenance_exclusion (#1273) (425bf93)
  • Support managed Prometheus for safer cluster variants (#1311) (55faaf5)
  • WorkloadIdenity allow to use k8s sa from the different project (#1275) (4f5dded)

Bug Fixes

  • Create new node pool when shielded_instance_config changes (#1237) (a2272f0)
  • support managed prometheus for autopilot (#1310) (568c824)

21.2.0 (2022-06-22)

Features

  • Add keeper for enable_secure_boot nodepool option for update variant. (#1277) (a8b6f20)
  • Add maintenance variables for safer cluster (#1282) (19f59c4)
  • expose timeouts (6011c80)
  • Recurring maintenance window to GA (#1262) (4bba52f)

Bug Fixes

  • source node pools' auto_upgrade configuration from the GKE cluster (#1293) (c7c9f44)

21.1.0 (2022-05-24)

Features

  • support database encryption and google group rbac for autopilot (#1265) (066149d)

Bug Fixes

  • convert gcfs_config to dynamic block to prevent node pool recreation (81686e7)
  • trim trailing dash from gcp SA name (#1243) (aee12e7)

21.0.0 (2022-05-12)

⚠ BREAKING CHANGES

  • update kube-dns configMap using kubernetes_config_map_v1_data (#1214)

Features

  • Add filestore_csi_driver option for safer cluster variants (#1176) (40ef1a1)
  • Add app.kubernetes.io/created-by label to CPR in ASM module (#1190) (bbd9b77)
  • Add keeper for enable_gcfs node pool option for update variants (#1218) (f431756), closes #1217
  • Add support for image streaming/GCFS (#1174) (3a94528)
  • Add support for internal endpoint with ASM module (#1219) (8e87308)
  • Switch to native Terraform resources for hub registration and ACM (#947) (9359961)
  • update kube-dns configMap using kubernetes_config_map_v1_data (#1214) (8547935)

Bug Fixes

  • add output "service_account" to simple_zonal (9e92318)
  • add provider_meta for google-beta to ASM submodule (#1186) (9f06ef4)
  • Add required kubernetes provider to ASM module (#1221) (77d08e0)
  • Apply applicable ASM_OPTS in config_map (#1183) (79d604a)
  • ASM module required TF 0.14+ (#1209) (55a1e15)
  • make GKE module cluster_name computed attribute (#1189) (7a09acd)
  • misspellings in comments and min_cpu_platform (#1207) (7553a2b)
  • Remove unnecessary auth files. (#1231) (aa47e23)
  • removed unused variable ip_source_ranges_ssh from example safer_cluster_iap_bastion (#1199) (5197f22)
  • set initial_node_count with remove_default_node_pool (#1228) (151c8c4)
  • set only one of log/mon config or service (#1240) (2316e77)
  • Use fleet_id instead of project_id for hub operations (#1238) (a9a69ed)
  • various fix to address CI issues (#1248) (9e92318)

20.0.0 (2022-03-10)

⚠ BREAKING CHANGES

  • Added gcp_filestore_csi_driver_config to addons config (#1166)
  • Rewrote ASM module, see the upgrade guide for details (#1140)
  • Minimum provider version increased to 4.10.

Features

Bug Fixes

Miscellaneous Chores

19.0.0 (2022-01-31)

⚠ BREAKING CHANGES

  • Change default node image from COS to COS_CONTAINERD (#1122)
  • Add spot vm support to beta clusters (#1131)
  • update TPG version constraints to 4.0 (#1129)
  • TPU firewall rule split into a separate resource

Features

  • Add spot vm support to beta clusters (#1131) (ae0d953)
  • Allow datapath_provider in GA main module (#1084) (3b5ddb9)
  • Change default node image from COS to COS_CONTAINERD (#1122) (e6b9282)
  • update TPG version constraints to 4.0 (#1129) (d494b0f)

Bug Fixes

  • Allow users to specify network tags for the default node pool (#1123) (b8b8547)
  • Create separate firewall rule for egress to TPUs (#1126) (99cfd98)
  • Removed dependency to obsolete template_file by upgrading to templatefile (#1119) (14a0536)

18.0.0 (2021-12-16)

⚠ BREAKING CHANGES

  • safer-cluster modules now use ADVANCED_DATAPATH by default. Set datapath_provider to DATAPATH_PROVIDER_UNSPECIFIED to continue using Dataplane v1.
  • Minimum beta provider version increased to v3.87.0.

Features

  • Added monitoring_enabled_components and logging_enabled_components variables to beta clusters (#1028) (9278265)
  • Make auto_provisioning_defaults a non-beta feature and set min_cpu_platform for auto-provisioned node pools (#1077) (5603718)
  • Use ADVANCED_DATAPATH (aka. Dataplane V2) for safer-cluster modules (#1085) (41a0c83)

17.3.0 (2021-11-23)

Features

Bug Fixes

17.2.0 (2021-11-12)

Features

  • Add beta support for confidential_nodes (#1040) (e105bb5)
  • Added support for specifying min_cpu_platform in node config - … (#1057) (23b5243)

Bug Fixes

  • Document grant_registry_access for Artifact Registry (#1044) (d3ca023)
  • pass REVISION_NAME to downstream install script (#1048) (dd410d7)
  • set image_type, machine_type, and sandboxing on default node pool to comply with validation policies (#1038) (8e92f6e)

17.1.0 (2021-10-27)

Features

  • Add support for CPU quota configs for node pools (#1032) (80252f3)

Bug Fixes

  • add missing required_providers on workload identity module (#1035) (04f7502)
  • adds metadata to the default node pool (#1018) (660ddc9)

17.0.0 (2021-09-28)

⚠ BREAKING CHANGES

  • Minimum beta provider version increased to v3.79.0.

Features

  • Add support for gVisor per node pool (#1001) (850c418)
  • Add support for setting additional pod_range to beta node pools (#984) (9d1274f)
  • Promote authenticator_security_group to GA modules (#989) (6042fd6)

Bug Fixes

16.1.0 (2021-08-14)

Features

  • add enable_namespace_creation flag for ASM module (#968) (8764b76)

Bug Fixes

  • Use provided k8s service account name when setting up workload identity (#972) (e00286f)
  • WI conditionally invoke data source if using external GSA (#974) (b208d5c)

16.0.1 (2021-07-23)

Bug Fixes

  • restore Workload Identity GSA resource name (#960) (8dbda1a)

16.0.0 (2021-07-23)

⚠ BREAKING CHANGES

  • add gpu node autoscaling support (#807) (#944)

Features

  • add gpu node autoscaling support (#807) (#944) (e53a949)
  • ASM CA option without providing CA_CERT maps and adding revision_name flag (#952) (64b782c)
  • Enables an existing GSA to be used when setting up Workload Identity (#955) (712fc54)

15.0.2 (2021-07-02)

Bug Fixes

15.0.1 (2021-06-14)

Bug Fixes

15.0.0 (2021-06-08)

⚠ BREAKING CHANGES

  • Updated ASM terraform module for 1.8 and 1.9 (#895)
  • K8s provider upgrade (#892)
  • Add multi-repo support for Config Sync (#872)
  • Add support for enable_l4_ilb_subsetting flag (#896)
  • For beta modules, support for google-beta provider versions older than v3.63 has been removed.

Features

  • Add multi-repo support for Config Sync (#872) (23da103)
  • Add support for enable_l4_ilb_subsetting flag (#896) (7531f90)
  • Add use local_ssd_ephemeral_count attribute in node_pool config on beta clusters (#902) (9335262)
  • K8s provider upgrade (#892) (9172b3e)
  • Updated ASM terraform module for 1.8 and 1.9 (#895) (e2ba8d2)

Bug Fixes

  • Add ability to impersonate service accounts in kubectl for all submodules (#903) (fc43485)
  • asm destroy (#922) (f3ddbf5)
  • Asm overlay path (#921) (5d3dc52)
  • docs: Describe ADVANCED_DATAPATH in more detail (#907) (c32c5d1)
  • Ensure the ASM module's destroy command removes all ASM components (#918) (00c2b71)
  • switch ASM API and IAM flags to use native resources (#914) (ff71123)

14.3.0 (2021-05-05)

Features

  • Introduce add_master_webhook_firewall_rules flag to add webhooks (#882) (8a5dcb8)
  • workload-identity: add entire GSA in output (#887) (734ce5d)

Bug Fixes

  • Add cluster ID to outputs (#886) (fc34eb6)
  • Remove data google_client_config from all modules as it is no longer used within modules (#875) (687dc71)
  • Remove unused local kubectl wrapper scripts (#876) (110adb6)

14.2.0 (2021-04-16)

Features

  • Add managed ctrl plane option to ASM module (#864) (7034f68)

Bug Fixes

  • Correct ConfigManagement hierarchyController definition (#861) (062bd5e)

14.1.0 (2021-04-01)

Features

  • Default to using cos_containerd image for GKE Sandbox clusters (#854) (1a2c26e)

14.0.1 (2021-03-12)

Bug Fixes

14.0.0 (2021-03-09)

⚠ BREAKING CHANGES

  • Added support for multi-project GKE Hub registration (#840)
  • The network_policy variable now defaults to false.
  • Replaced registry_project_id with registry_project_ids list.
  • Add support for asm v1.8 to the asm module (#824)

Features

  • Add dataplane-v2 provisioning support (#753) (d1fbef4)
  • Add new property to explicitly return GKE private_endpoint for auth module (#841) (1b99c07)
  • Add support for asm v1.8 to the asm module (#824) (923eff4)
  • Added support for multi-project GKE Hub registration (#840) (6dc1eb1)
  • Require actively enabling network policy (#809) (3354205)

Bug Fixes

  • Fix attribution for safer cluster modules (#830) (bb7c3ce)
  • Remove deprecated variable "registry_project_id" (#832) (83eae98)

13.1.0 (2021-02-16)

Features

  • Add support for creating "shadow" firewall rules for logging purposes (#741) (259dbfb)
  • Add support for multiple registry projects (#815) (5562cd6)
  • Add support for TPUs on beta clusters (#810) (fff0078)

Bug Fixes

  • Allow creating zonal clusters when region is not set. (#806) (f32dea7)

13.0.0 (2021-01-29)

⚠ BREAKING CHANGES

  • Minimum Terraform core version increased to 0.13.
  • dynamic operator yaml (#693)
  • Using in-cluster features now requires additional provider configuration. See the upgrade guide for details.

Features

  • Add maintenance exclusions support (#781) (0abbf41)
  • Add nodepool taints to keepers for update-variant (#717) (372a11c)
  • add support for Linux node config (#782) (98826e6)
  • Add Terraform 0.13 constraint and module attribution (#792) (32db990)
  • Add the option to disable Kubernetes SA annotation in workload-identity. (#787) (4e4ce02)
  • dynamic operator yaml (#693) (b1cce30)
  • Hub registration using kubeconfig and labels support (#785) (6a29e62)
  • remove wait for cluster script (#801) (356ed6d)
  • Set auto-provisioned node pools to use configured service account (#639) (4a61f76)
  • Support for ACM for non GKE clusters (#786) (aa551d5)

Bug Fixes

  • Move provider version constraint to required_providers block (#774) (825f287)
  • Remove provider config from module to be TF 0.13 compatible (#777) (81b0a94)

12.4.0 (2021-10-18)

Features

12.3.0 (2020-12-09)

Features

12.2.0 (2020-12-04)

Features

  • Add option for CPU manager policy (#749) (721f846)
  • added notification_config block to beta submodules (#752) (4a85321)
  • Enable ACM feature on hub (#722) (c199dae)
  • Grant roles/artifactregistry.reader to created service account when grant_registry_access is true (#748) (166fb24)

Bug Fixes

  • Make bash scripts more portable by referencing /usr/bin/env (#756) (24d6af6)
  • Remove max Terraform version constraint, allowing 0.14 compatibility (#757) (eb95de9)

12.1.0 (2020-11-10)

Features

  • Add cluster_telemetry var to beta submodules (#728) (e8291f0)
  • Add support for Cloud Run load balancer configuration (#740) (685a2db)
  • Support service account impersonation for wait-for-cluster script (#729) (75a56f1)

Bug Fixes

  • fallback to name if location is not set (#736) (63d7f5e)
  • multiple cluster wait-for-cluster.sh (#734) (6682911)
  • Updating the Binary Authorization submodule to allow Terraform 0.13 (#726) (df98cf9)

12.0.0 (2020-10-16)

⚠ BREAKING CHANGES

  • This is a backwards-incompatible release. See the upgrade guide for details.
  • GKE Hub functionality has been removed from ASM module(#665). Users can leverage Hub module for this functionality.
  • Removed the gcloud_skip_download variable and defaulted to never downloading gcloud. (#712) (f84e838)

Features

  • ACM - Wait for gatekeeper & Hub: expose module_depends_on (#689) (26ea28d)
  • add node_pool_taints to all the modules (#705) (68e8eec)
  • allow passing roles to created Workload Identity service account (#708) (e761dce)
  • Expose service account variable on ASM submodule (#658) (182dded)
  • hub make decode work with -d or --decode (#671) (0b5bd3d)
  • Hub submodule - add option to use existing service account to register clusters. (#678) (9f84cec)
  • Promote previously beta features to GA modules (#709) (2cb4fae), closes #708
  • ACM: fix bug when not using ssh secret type for ACM submodule (#679) (716867c)
  • make wait-for-cluster more robust (#676) (dffb047)

Bug Fixes

  • Correct WI module source in docs (#701) (f31b1f4)
  • Enable auto-upgrade in beta clusters with a release channel (#682) (21f95db)
  • Fix broken link in README.md (#691) (6f0e749)
  • Fix skip_provisioners enabled flag for wait_for_cluster (#669) (e293a43)
  • remove hub from asm module (#670) (6f419c3)
  • set project number for ASM install (#692) (c5d1e4d)
  • Shorten GSA account_id if necessary (#666) (0225458)

11.1.0 (2020-09-04)

Features

  • Add variable disable_default_snat (#625) (19a9e9c)
  • Update fields for ACM and Config Sync to bring them to feature parity (#635) (7fc3b48)

11.0.0 (2020-08-10)

⚠ BREAKING CHANGES

Features

  • Add support for enabling master_global_access, which is turned on by default. (#601) (8a9f904)
  • Allow user to customize ASM install with different directories and versions (#620) (d542c5c)
  • Update modules to use new kubectl module (#602) (794da61)

Bug Fixes

10.0.0 (2020-07-10)

⚠ BREAKING CHANGES

See the upgrade guide for details.

  • The default machine type has been changed to e2-medium. If you want the old default, you should specify it explicitly: machine_type = "n1-standard-2".
  • Pod security policy enablement has been changed to use a simple boolean flag (var. enable_pod_security_policy)

Features

  • add configconnector to safer variant (#581) (4b3f609)
  • Added variable for service dependency in binary_authorization sub module (#584) (e3e5458)
  • Changed default node pool machine type to e2-medium (#597) (1de41ef)

Bug Fixes

  • Compatibility for new asm release with 299.0.0 (#589) (a5213c4)
  • Explicitly specify VPC-native clusters for beta modules. (#598) (d9f7782)
  • Simplified pod security policy interface. (6069ece)
  • Typo in autogen/safer-cluster/README.md (#596) (ebdf57d)

9.4.0 (2020-06-25)

Features

  • Add ASM install submodule (#538) (6ff27f9)
  • Add bool option for automount_service_account_token (#571) (002cfb1)
  • Add firewall support safer-cluster modules (#570) (7ce3c49)

Bug Fixes

9.3.0 (2020-06-11)

Features

  • Add Beta Public Module Update Variant (#546) (d9f1ea8)
  • Add ConfigConnector configuration option (beta) (#547) (672adf9)

Bug Fixes

9.2.0 (2020-05-27)

Features

  • Add submodule for creating a binary authentication attestor (#530) (cc30fbb)
  • Add support for KALM config (#528) (6bf1178)

Bug Fixes

  • Add additional guardrails for disabled workload identity. (#542) (43c4349)

9.1.0 (2020-05-15)

Features

Bug Fixes

  • Update auth module to handle empty clusters (#521) (dd2afca)

9.0.0 (2020-05-07)

⚠ BREAKING CHANGES

See the upgrade guide for details.

  • Beta clusters have changed the default to use the GKE_METADATA_SERVER, to use the old option set node_metadata = "SECURE".
  • Minimum provider change increased to 3.19.
  • The ACM module has been refactored and resources will be recreated. This will show up in Terraform plans but is a safe no-op for Kubernetes.
  • For the safer cluster module, you must now specify release_channel instead of kubernetes_version.

Features

  • [safer-cluster] Replace "kubernetes_version" with "release_channel" (#487) (5791ac1)
  • Add an auth submodule outputting a kubeconfig (#469) (a5ace36)
  • Add config sync module (#493) (c090d5b)
  • Add fully configurable resource usage export block in GA and upgrade GCP provider (#491) (54eca6b)
  • Add GCE PD CSI Driver beta support (#497) (d96afa7)
  • Add support for setting firewall rules (#470) (16bdd6e)
  • Enable GKE_METADATA_SERVER as default node_metadata for beta-clusters (#490) (#512) (8e14762)
  • Expose the grant_registry_access variable in safer-cluster (#509) (0961613)

Bug Fixes

  • Correct identity namespace output for beta clusters (#500) (c783659), closes #489

8.1.0 (2020-04-10)

Features

  • Add peering_name output for private clusters and increase minimum provider version to 3.14 (#484) (ff6b5cc)
  • Add support for enabling Nodelocal dns cache (var.dns_cache) (#477) (de8e1d5)

Bug Fixes

  • Add stackdriver.resourceMetadata.writer role for SA to prevent monitoring errors (#485) (07de70b)

8.0.0 (2020-04-07)

v8.0.0 is a backwards-incompatible release. Please see the upgrading guide.

⚠ BREAKING CHANGES

  • Beta clusters now have Workload Identity enabled by default. To disable Workload Identity, set identity_namespace = null
  • Beta clusters now have shielded nodes enabled by default. To disable, set enable_shielded_nodes = false.

Features

  • Add support for setting var.istio_auth (#462) (fff4272)
  • Added support for specifying autoscaling_profile in var.cluster_autoscaling (#456) (1ac2c5c)
  • Enable WI and shielded nodes by default in beta clusters (#441) (704962b)
  • Rollout default_max_pods_per_node setting to GA modules (#439) (36ddbbb)

Bug Fixes

  • Correct bug in passing var.zones for safer cluster modules (#474) (7660b51)
  • Fix CI for Workload Identity (#460) (025f8b7)
  • Remove unused variable service_account in safer-cluster to avoid confusion (#448) (a30e7cd)
  • update and pin kubernetes provider to >= 1.11.1 (#453) (418d9b3)
  • Use gcloud module for ACM submodule, will force reinstall of ACM (#442) (9737190), closes #454

7.3.0 (2020-02-19)

Features

  • Add enable_kubernetes_alpha flag for beta clusters (#437) (f6f7370)

Bug Fixes

  • Rolled back to basic path routing for networks (#434) (8571f61)

7.2.0 (2020-02-11)

Features

  • Add master_ipv4_cidr_block output for private clusters (#427) (2cc64c8)
  • Allow workload identity submodule to update existing k8s SA. (#430) (51fba38)

Bug Fixes

7.1.0 (2020-02-07)

Features

Bug Fixes

  • Change for_each splat syntax on update variants, closes #414 (#415) (a20425f)
  • If release_channel is active, set min_master_version to null (#412) (4c7b399)
  • Prevents "Invalid index" when creating private cluster (#422) (cc53d1c), closes #419
  • Stop warning about deprecated external references from destroy provisioners. (#420) (c8fde26)

7.0.0 (2020-01-29)

⚠ BREAKING CHANGES

  • Minimum beta provider version increased to 3.1 to allow surge upgrades.
  • Beta clusters now have surge upgrades turned on by default. This behavior can be tuned using the max_surge and max_unavailable inputs.
  • Moves node pool state location to allow using for_each on them, see the upgrade guide for details.

Features

  • Add a service activation module (#146) (658ea51)
  • Enable Surge Upgrades by specifying max_surge and max_unavailable (Beta) (#394) (e4abe78)
  • Move to using for_each for node pools (#257) (7d0c9aa)

Bug Fixes

  • Change pod_security_policy_config type to list(object()) (#408) (a99352a)
  • Removed dependency on jq from wait-for-cluster.sh script (#402) (d2a5e28)

v6.2.0 - 2019-12-27

Fixed

  • Breaking: Changed default logging and monitoring providers to new Stackdriver versions. #384

Changed

  • Updated to support Google Provider version 3.x #381

v6.1.1 - 2019-12-04

Fixed

  • Fix endpoint output for private clusters where private_nodes=false. #365

v6.1.0 - 2019-12-03

Added

  • Support for using a pre-existing Service Account with the ACM submodule. #346

Fixed

  • Compute region output for zonal clusters. #362

v6.0.1 - 2019-12-02

Fixed

  • The required Google provider constraint has been relaxed to ~> 2.18 (>= 2.18, <3.0). #359

v6.0.0 - 2019-11-28

v6.0.0 is a backwards-incompatible release. Please see the upgrading guide.

Added

  • Support for Shielded Nodes beta feature via enabled_shielded_nodes variable. #300
  • Support for setting node_locations on node pools. #303
  • Fix for specifying node_count on node pools when autoscaling is disabled. #311
  • Added submodule for installing Anthos Config Management. #268
  • Support for local_ssd_count in node pool configuration. #339
  • Wait for cluster to be ready before returning endpoint. #340
  • safer-cluster submodule. #315
  • simple_regional_with_networking example. #195
  • release_channel variable for beta submodules. #271
  • The node_locations attribute to the node_pools object for beta submodules. #290
  • private_zonal_with_networking example. #308
  • regional_private_node_pool_oauth_scopes example. #321
  • The cluster_autoscaling variable for beta submodules. #93
  • The master_authorized_networks variable. #354

Changed

  • The node_pool_labels, node_pool_tags, and node_pool_taints variables have defaults and can be overridden within the node_pools object. #3
  • upstream_nameservers variable is typed as a list of strings. #350
  • The network_policy variable defaults to true. #138

Removed

  • Breaking: Removed support for enabling the Kubernetes dashboard, as this is deprecated on GKE. #337
  • Breaking: Removed support for versions of the Google provider and the Google Beta provider older than 2.18. #261
  • Breaking: Removed the master_authorized_networks_config variable. #354

Fixed

  • identity_namespace output depends on the google_container_cluster.primary resource. #301
  • Idempotency of the beta submodules. #326

v5.1.1 - 2019-10-25

Fixed

  • Fixed bug with setting up sandboxing on nodes. #286

v5.1.0 - 2019-10-24

Added

  • Added ability to skip local-exec provisioners. #258
  • Added private and beta private variants which allow node pools to be created before being destroyed. #256
  • Add a parameter registry_project_id to allow connecting to registries in other projects. #273

Changed

  • Made region variable optional for zonal clusters. #247
  • Made default metadata, labels, and tags optional. #282

Fixed

  • Authenticate gcloud in wait-for-cluster.sh using value of GOOGLE_APPLICATION_CREDENTIALS. #284 #285

v5.0.0 - 2019-09-25

v5.0.0 is a backwards-incompatible release. Please see the upgrading guide.

The v5.0.0 module requires using the 2.12 version of the Google provider.

Changed

  • Breaking: Enabled metadata-concealment by default #248
  • All beta functionality removed from non-beta clusters, moved node_pool_taints to beta modules #228

Added

  • Added support for resource usage export config #238
  • Added sandbox_enabled variable to use GKE Sandbox #241
  • Added grant_registry_access variable to grant Container Registry access to created SA #236
  • Support for Intranode Visbiility (IV) and Veritical Pod Autoscaling (VPA) beta features #216
  • Support for Workload Identity beta feature #234
  • Support for Google Groups based RBAC beta feature #217
  • Support for disabling node pool autoscaling by setting autoscaling to false within the node pool variable. #250

Fixed

  • Fixed issue with passing a dynamically created Service Account to the module. #27

v4.1.0 2019-07-24

Added

  • Support for GCE cluster resource_labels. #210

Changed

  • endpoint output depends on cluster and node pool resources to avoid a race condition. #214

v4.0.0 2019-07-12

Changed

  • Supported version of Terraform is 0.12. #177

v3.0.0 - 2019-07-08

v3.0.0 is a breaking release. Refer to the Upgrading to v3.0 guide for details.

Added

  • Add configuration flag for enable BinAuthZ Admission controller #160 #188
  • Add configuration flag for pod_security_policy_config #163 #188
  • Support for a guest accelerator in node pool configuration. #197
  • Support to scale the default node cluster. #149
  • Support for configuring the network policy provider. #159
  • Support for database encryption. #165
  • Submodules for public and private clusters with beta features. #124 #188 #203
  • Support for configuring cluster IPv4 CIDRs. #193
  • Support for configuring IP Masquerade. #187
  • Support for v2.9 of the Google providers. #198
  • Support for upstreamNameservers. #207

Fixed

  • Dropped support for versions of the Google provider earlier than v2.9; these versions multiple incompatibilities with the module. #198

v2.1.0 - 2019-05-30

Added

  • Support for v2.6 and v2.7 of the Google providers. #152
  • deploy_using_private_endpoint variable on private-cluster submodule. #136

Fixed

  • The dependency on jq has been documented in the README. #151

v2.0.1 - 2019-05-01

Fixed

  • Explicitly pinned supported version of Terraform Google provider to 2.3. #148

v2.0.0 - 2019-04-12

v2.0.0 is a breaking release. Refer to the Upgrading to v2.0 guide for details.

Added

  • Add basic_auth_username set to "" by default. #40
  • Add basic_auth_password set to "" by default. #40
  • Add issue_client_certificate set to false by default. #40
  • Add node_pool_oauth_scopes which enables overriding the default node pool OAuth scopes. #94

Changed

  • The service_account variable defaults to "create" which causes a cluster-specific service account to be created.
  • Disabled Basic Authentication by default. #40

v1.0.1 - 2019-04-04

Added

  • Note about using Terraform with private clusters. #121

Changed

  • Optimized dependency between node pools and primary cluster. #77
  • Removed credentials_path variables from examples. #89

Fixed

  • Fix empty zone list. #132

v1.0.0 - 2019-03-25

Version 1.0.0 of this module introduces a breaking change: adding the disable-legacy-endpoints metadata field to all node pools. This metadata is required by GKE and determines whether the /0.1/ and /v1beta1/ paths are available in the nodes' metadata server. If your applications do not require access to the node's metadata server, you can leave the default value of true provided by the module. If your applications require access to the metadata server, be sure to read the linked documentation to see if you need to set the value for this field to false to allow your applications access to the above metadata server paths.

In either case, upgrading to module version v1.0.0 will trigger a recreation of all node pools in the cluster.

Added

  • Allow creation of service accounts. #80
  • Add support for private clusters via submodule. #69
  • Add remove_default_node_pool set to false by default. Fixes #15. #55
  • Allow arbitrary key-value pairs to be set on node pool metadata. #52
  • Add initial_node_count parameter to node_pool block. #60
  • Added disable_legacy_metadata_endpoints parameter. [#114]

Changed

  • Set horizontal_pod_autoscaling to true by default. Fixes #42. #54
  • Update simple-zonal example GKE version to supported version. #49
  • Drop explicit version from simple_zonal example. #74
  • Remove explicit versions from test cases and examples. #62
  • Set up submodule structure for public and private clusters. #61
  • Update the google and google-beta providers to v2.2 #106

Fixed

  • Zonal clusters can now accept a single zone. Fixes #43. #50
  • Fix link to "configure a service account" #73
  • Fix issue with regional cluster roll outs causing version skews #108
  • Fix permanent metadata skew due to disable-legacy-endpoints keys [#114]

v0.4.0 - 2018-12-19

Added

  • Added support for testing with kitchen-terraform. #33
  • Added support for preemptible nodes. #38

Changed

  • Updated default version to 1.10.6. #31

Fixed

  • region argument on google_compute_subnetwork caused errors. #22
  • Added check to wait for GKE cluster to be READY before completing. #46

v0.3.0 - 2018-10-10

Changed

  • Updated network/subnetwork lookup to use data source. #16
  • Make zone configuration optional when creating a regional cluster. #19

v0.2.0 - 2018-09-26

Added

  • Support for configuring master authorized networks. #10
  • Support specifying monitoring and logging services. #9

v0.1.0 - 2018-09-12

Added

  • Initial release of module.