Add network policy

Author: Sébastien GLON

google/resource_container_cluster.go

@@ -129,6 +129,22 @@ func resourceContainerCluster() *schema.Resource {
 								},
 							},
 						},
+						"network_policy": {
+							Type:     schema.TypeList,
+							Optional: true,
+							ForceNew: true,
+							MaxItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"disabled": {
+										Type:     schema.TypeBool,
+										Default:  true,
+										Optional: true,
+										ForceNew: true,
+									},
+								},
+							},
+						},
 					},
 				},
 			},
@@ -813,6 +829,14 @@ func expandClusterAddonsConfig(configured interface{}) *container.AddonsConfig {
 			ForceSendFields: []string{"Disabled"},
 		}
 	}
+
+	if v, ok := config["network_policy"]; ok && len(v.([]interface{})) > 0 {
+		addon := v.([]interface{})[0].(map[string]interface{})
+		ac.NetworkPolicyConfig = &container.NetworkPolicyConfig{
+			Disabled:        addon["disabled"].(bool),
+			ForceSendFields: []string{"Disabled"},
+		}
+	}
 	return ac
 }
 

google/resource_container_cluster_test.go

@@ -667,9 +667,14 @@ func testAccCheckContainerCluster(n string) resource.TestCheckFunc {
 		if cluster.AddonsConfig != nil && cluster.AddonsConfig.KubernetesDashboard != nil {
 			kubernetesDashboardDisabled = cluster.AddonsConfig.KubernetesDashboard.Disabled
 		}
+		networkPolicyDisabled := false
+		if cluster.AddonsConfig != nil && cluster.AddonsConfig.NetworkPolicyConfig != nil {
+			networkPolicyDisabled = cluster.AddonsConfig.NetworkPolicyConfig.Disabled
+		}
 		clusterTests = append(clusterTests, clusterTestField{"addons_config.0.http_load_balancing.0.disabled", httpLoadBalancingDisabled})
 		clusterTests = append(clusterTests, clusterTestField{"addons_config.0.horizontal_pod_autoscaling.0.disabled", horizontalPodAutoscalingDisabled})
 		clusterTests = append(clusterTests, clusterTestField{"addons_config.0.kubernetes_dashboard.0.disabled", kubernetesDashboardDisabled})
+		clusterTests = append(clusterTests, clusterTestField{"addons_config.0.network_policy.0.disabled", networkPolicyDisabled})
 
 		for i, np := range cluster.NodePools {
 			prefix := fmt.Sprintf("node_pool.%d.", i)
@@ -876,6 +881,7 @@ resource "google_container_cluster" "primary" {
 	addons_config {
 		http_load_balancing { disabled = true }
 		kubernetes_dashboard { disabled = true }
+		network_policy { disabled = true }
 	}
 }`, clusterName)
 }
@@ -891,6 +897,7 @@ resource "google_container_cluster" "primary" {
 		http_load_balancing { disabled = false }
 		kubernetes_dashboard { disabled = true }
 		horizontal_pod_autoscaling { disabled = true }
+		network_policy { disabled = false }
 	}
 }`, clusterName)
 }

website/docs/r/container_cluster.html.markdown

@@ -201,6 +201,48 @@ The `node_config` block supports:
 * `service_account` - (Optional) The service account to be used by the Node VMs.
     If not specified, the "default" service account is used.
 
+* `min_cpu_platform` - (Optional) Minimum CPU platform to be used by this instance.
+    The instance may be scheduled on the specified or newer CPU platform. Applicable
+    values are the friendly names of CPU platforms, such as `Intel Haswell`. See the
+    [official documentation](https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform)
+    for more information.
+
+**Addons Config** supports the following addons:
+
+* `http_load_balancing` - (Optional) The status of the HTTP Load Balancing
+    add-on. It is enabled by default; set `disabled = true` to disable.
+
+* `horizontal_pod_autoscaling` - (Optional) The status of the Horizontal Pod
+    Autoscaling addon. It is enabled by default; set `disabled = true` to
+    disable.
+
+* `kubernetes_dashboard` - (Optional) The status of the Kubernetes Dashboard
+    add-on. It is enabled by default; set `disabled = true` to disable.
+
+* `network_policy` - (Optional) The status of the Network Policy
+    add-on. It is disable by default; set `disabled = false` to enable.
+
+This example `addons_config` disables both addons:
+
+```
+addons_config {
+  http_load_balancing {
+    disabled = true
+  }
+  horizontal_pod_autoscaling {
+    disabled = true
+  }
+}
+```
+
+**Node Pool** supports the following arguments:
+
+* `initial_node_count` - (Required) The initial node count for the pool.
+
+* `name` - (Optional) The name of the node pool. If left blank, Terraform will
+    auto-generate a unique name.
+>>>>>>> Add network policy
+
 * `tags` - (Optional) The list of instance tags applied to all nodes. Tags are used to identify 
     valid sources or targets for network firewalls.