diff --git a/README.md b/README.md index bb1208e212..4e34f2c6bb 100644 --- a/README.md +++ b/README.md @@ -148,6 +148,7 @@ Then perform the following commands on the root folder: | dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | +| enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_resource\_consumption\_export | Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. | `bool` | `true` | no | | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no | @@ -168,12 +169,15 @@ Then perform the following commands on the root folder: | ip\_range\_services | The _name_ of the secondary subnet range to use for services | `string` | n/a | yes | | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | +| logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | +| monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | +| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 6ecb3906f2..a52f852659 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -92,8 +92,14 @@ resource "google_container_cluster" "primary" { type = var.cluster_telemetry_type } } +{% endif %} +{% if autopilot_cluster != true %} # only one of logging/monitoring_service or logging/monitoring_config can be specified - logging_service = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? null : var.logging_service + {% if beta_cluster %} + logging_service = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? null : var.logging_service + {% else %} + logging_service = local.logmon_config_is_set ? null : var.logging_service + {% endif %} dynamic "logging_config" { for_each = length(var.logging_enabled_components) > 0 ? [1] : [] @@ -101,12 +107,16 @@ resource "google_container_cluster" "primary" { enable_components = var.logging_enabled_components } } + {% if beta_cluster %} monitoring_service = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? null : var.monitoring_service + {% else %} + monitoring_service = local.logmon_config_is_set ? null : var.monitoring_service + {% endif %} dynamic "monitoring_config" { for_each = length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus ? [1] : [] content { - enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : null + enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : [] dynamic "managed_prometheus" { for_each = var.monitoring_enable_managed_prometheus ? [1] : [] @@ -117,22 +127,6 @@ resource "google_container_cluster" "primary" { } } } -{% else %} - logging_service = var.logging_service - monitoring_service = var.monitoring_service - {% if beta_cluster %} - dynamic "monitoring_config" { - for_each = var.monitoring_enable_managed_prometheus ? [1] : [] - - content { - managed_prometheus { - enabled = var.monitoring_enable_managed_prometheus - } - } - } - {% endif %} -{% endif %} - {% if autopilot_cluster != true %} cluster_autoscaling { enabled = var.cluster_autoscaling.enabled dynamic "auto_provisioning_defaults" { @@ -158,7 +152,7 @@ resource "google_container_cluster" "primary" { } } } - {% endif %} +{% endif %} {% if autopilot_cluster == true %} cluster_autoscaling { dynamic "auto_provisioning_defaults" { @@ -184,9 +178,10 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + {% if beta_cluster %} enable_intranode_visibility = var.enable_intranode_visibility - enable_kubernetes_alpha = var.enable_kubernetes_alpha enable_tpu = var.enable_tpu dynamic "pod_security_policy_config" { diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index 10d09a3d41..cb637d58a7 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -102,6 +102,7 @@ locals { provider = null }] cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus {% endif %} {% if beta_cluster and autopilot_cluster != true %} cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? { @@ -117,7 +118,6 @@ locals { ] : [] cluster_cloudrun_enabled = var.cloudrun gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] - logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus {% endif %} cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 80d24209c2..ff3c153b82 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -651,33 +651,33 @@ variable "timeouts" { error_message = "Only create, update, delete timeouts can be specified." } } -{% if beta_cluster %} - {% if autopilot_cluster != true %} -variable "enable_kubernetes_alpha" { +{% if autopilot_cluster != true %} +variable "monitoring_enable_managed_prometheus" { type = bool - description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." + description = "Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled." default = false } -variable "logging_enabled_components" { +variable "monitoring_enabled_components" { type = list(string) - description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." default = [] } -variable "monitoring_enabled_components" { +variable "logging_enabled_components" { type = list(string) - description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." default = [] } - {% endif %} -variable "monitoring_enable_managed_prometheus" { +variable "enable_kubernetes_alpha" { type = bool - description = "(Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled." + description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." default = false } +{% endif %} +{% if beta_cluster %} {% if autopilot_cluster != true %} variable "istio" { diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index 092d2fe75c..2c36fce02b 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -24,7 +24,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.45.0, < 5.0" + version = ">= 4.46.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/cluster.tf b/cluster.tf index acf5d80954..e0fa17b8af 100644 --- a/cluster.tf +++ b/cluster.tf @@ -71,8 +71,31 @@ resource "google_container_cluster" "primary" { min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null - logging_service = var.logging_service - monitoring_service = var.monitoring_service + # only one of logging/monitoring_service or logging/monitoring_config can be specified + logging_service = local.logmon_config_is_set ? null : var.logging_service + dynamic "logging_config" { + for_each = length(var.logging_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.logging_enabled_components + } + } + monitoring_service = local.logmon_config_is_set ? null : var.monitoring_service + dynamic "monitoring_config" { + for_each = length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus ? [1] : [] + + content { + enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : [] + + dynamic "managed_prometheus" { + for_each = var.monitoring_enable_managed_prometheus ? [1] : [] + + content { + enabled = var.monitoring_enable_managed_prometheus + } + } + } + } cluster_autoscaling { enabled = var.cluster_autoscaling.enabled dynamic "auto_provisioning_defaults" { @@ -105,6 +128,8 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + dynamic "master_authorized_networks_config" { for_each = local.master_authorized_networks_config content { diff --git a/main.tf b/main.tf index f242aa8a4b..41a6e1c3c9 100644 --- a/main.tf +++ b/main.tf @@ -84,6 +84,7 @@ locals { provider = null }] cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index d7a00acbd5..d88ac08f85 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -111,7 +111,6 @@ Then perform the following commands on the root folder: | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | | master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no | -| monitoring\_enable\_managed\_prometheus | (Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index bbf5730160..738af9bf99 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -69,17 +69,6 @@ resource "google_container_cluster" "primary" { min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null - logging_service = var.logging_service - monitoring_service = var.monitoring_service - dynamic "monitoring_config" { - for_each = var.monitoring_enable_managed_prometheus ? [1] : [] - - content { - managed_prometheus { - enabled = var.monitoring_enable_managed_prometheus - } - } - } cluster_autoscaling { dynamic "auto_provisioning_defaults" { for_each = var.create_service_account ? [1] : [] diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 896bea800e..0a96ecb63c 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -423,8 +423,3 @@ variable "timeouts" { } } -variable "monitoring_enable_managed_prometheus" { - type = bool - description = "(Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled." - default = false -} diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index 8aa8b5015a..e0d011de5f 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.45.0, < 5.0" + version = ">= 4.46.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index addb5d5b8a..0ff3b19d62 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -100,7 +100,6 @@ Then perform the following commands on the root folder: | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | -| monitoring\_enable\_managed\_prometheus | (Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 8a127f88e1..880bb7a45d 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -69,17 +69,6 @@ resource "google_container_cluster" "primary" { min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null - logging_service = var.logging_service - monitoring_service = var.monitoring_service - dynamic "monitoring_config" { - for_each = var.monitoring_enable_managed_prometheus ? [1] : [] - - content { - managed_prometheus { - enabled = var.monitoring_enable_managed_prometheus - } - } - } cluster_autoscaling { dynamic "auto_provisioning_defaults" { for_each = var.create_service_account ? [1] : [] diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index 61304cf07c..dd0abfccfb 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -393,8 +393,3 @@ variable "timeouts" { } } -variable "monitoring_enable_managed_prometheus" { - type = bool - description = "(Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled." - default = false -} diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index 4660c27a48..5c1a49a6ad 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.45.0, < 5.0" + version = ">= 4.46.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 840550f7d9..9bb5cf1300 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -227,7 +227,7 @@ Then perform the following commands on the root folder: | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | | master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no | -| monitoring\_enable\_managed\_prometheus | (Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | +| monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | | monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 68a5b8a496..d702d95710 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -97,7 +97,7 @@ resource "google_container_cluster" "primary" { for_each = length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus ? [1] : [] content { - enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : null + enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : [] dynamic "managed_prometheus" { for_each = var.monitoring_enable_managed_prometheus ? [1] : [] @@ -142,8 +142,9 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + enable_intranode_visibility = var.enable_intranode_visibility - enable_kubernetes_alpha = var.enable_kubernetes_alpha enable_tpu = var.enable_tpu dynamic "pod_security_policy_config" { diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index c7ad1f3c91..73521f01ec 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -85,6 +85,7 @@ locals { provider = null }] cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? { load_balancer_type = var.cloudrun_load_balancer_type } : {} @@ -98,7 +99,6 @@ locals { ] : [] cluster_cloudrun_enabled = var.cloudrun gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] - logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 9caf72d49d..a1c33bb503 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -624,27 +624,27 @@ variable "timeouts" { } } -variable "enable_kubernetes_alpha" { +variable "monitoring_enable_managed_prometheus" { type = bool - description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." + description = "Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled." default = false } -variable "logging_enabled_components" { +variable "monitoring_enabled_components" { type = list(string) - description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." default = [] } -variable "monitoring_enabled_components" { +variable "logging_enabled_components" { type = list(string) - description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." default = [] } -variable "monitoring_enable_managed_prometheus" { +variable "enable_kubernetes_alpha" { type = bool - description = "(Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled." + description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." default = false } diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index 41d7da6de2..ef70d94a7c 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.45.0, < 5.0" + version = ">= 4.46.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 40606fd57e..6f46c9ae45 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -205,7 +205,7 @@ Then perform the following commands on the root folder: | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | | master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no | -| monitoring\_enable\_managed\_prometheus | (Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | +| monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | | monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index f2aeec2a6d..df0379fd1b 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -97,7 +97,7 @@ resource "google_container_cluster" "primary" { for_each = length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus ? [1] : [] content { - enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : null + enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : [] dynamic "managed_prometheus" { for_each = var.monitoring_enable_managed_prometheus ? [1] : [] @@ -142,8 +142,9 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + enable_intranode_visibility = var.enable_intranode_visibility - enable_kubernetes_alpha = var.enable_kubernetes_alpha enable_tpu = var.enable_tpu dynamic "pod_security_policy_config" { diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index c7ad1f3c91..73521f01ec 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -85,6 +85,7 @@ locals { provider = null }] cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? { load_balancer_type = var.cloudrun_load_balancer_type } : {} @@ -98,7 +99,6 @@ locals { ] : [] cluster_cloudrun_enabled = var.cloudrun gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] - logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 9caf72d49d..a1c33bb503 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -624,27 +624,27 @@ variable "timeouts" { } } -variable "enable_kubernetes_alpha" { +variable "monitoring_enable_managed_prometheus" { type = bool - description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." + description = "Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled." default = false } -variable "logging_enabled_components" { +variable "monitoring_enabled_components" { type = list(string) - description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." default = [] } -variable "monitoring_enabled_components" { +variable "logging_enabled_components" { type = list(string) - description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." default = [] } -variable "monitoring_enable_managed_prometheus" { +variable "enable_kubernetes_alpha" { type = bool - description = "(Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled." + description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." default = false } diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 1ebe76708d..b7ba568fcd 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.45.0, < 5.0" + version = ">= 4.46.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 2e59231919..58e14ec261 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -216,7 +216,7 @@ Then perform the following commands on the root folder: | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | -| monitoring\_enable\_managed\_prometheus | (Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | +| monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | | monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index fd5e4675bb..8480a0bfbb 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -97,7 +97,7 @@ resource "google_container_cluster" "primary" { for_each = length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus ? [1] : [] content { - enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : null + enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : [] dynamic "managed_prometheus" { for_each = var.monitoring_enable_managed_prometheus ? [1] : [] @@ -142,8 +142,9 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + enable_intranode_visibility = var.enable_intranode_visibility - enable_kubernetes_alpha = var.enable_kubernetes_alpha enable_tpu = var.enable_tpu dynamic "pod_security_policy_config" { diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf index 02195dd004..eac0840002 100644 --- a/modules/beta-public-cluster-update-variant/main.tf +++ b/modules/beta-public-cluster-update-variant/main.tf @@ -85,6 +85,7 @@ locals { provider = null }] cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? { load_balancer_type = var.cloudrun_load_balancer_type } : {} @@ -98,7 +99,6 @@ locals { ] : [] cluster_cloudrun_enabled = var.cloudrun gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] - logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index cfb3a51c60..85dfbd4325 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -594,27 +594,27 @@ variable "timeouts" { } } -variable "enable_kubernetes_alpha" { +variable "monitoring_enable_managed_prometheus" { type = bool - description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." + description = "Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled." default = false } -variable "logging_enabled_components" { +variable "monitoring_enabled_components" { type = list(string) - description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." default = [] } -variable "monitoring_enabled_components" { +variable "logging_enabled_components" { type = list(string) - description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." default = [] } -variable "monitoring_enable_managed_prometheus" { +variable "enable_kubernetes_alpha" { type = bool - description = "(Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled." + description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." default = false } diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index c73ab8d4ca..8424866415 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.45.0, < 5.0" + version = ">= 4.46.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 1268aafbfa..fd174ff940 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -194,7 +194,7 @@ Then perform the following commands on the root folder: | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | -| monitoring\_enable\_managed\_prometheus | (Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | +| monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | | monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 7eb7269fb2..904a53c8a2 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -97,7 +97,7 @@ resource "google_container_cluster" "primary" { for_each = length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus ? [1] : [] content { - enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : null + enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : [] dynamic "managed_prometheus" { for_each = var.monitoring_enable_managed_prometheus ? [1] : [] @@ -142,8 +142,9 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + enable_intranode_visibility = var.enable_intranode_visibility - enable_kubernetes_alpha = var.enable_kubernetes_alpha enable_tpu = var.enable_tpu dynamic "pod_security_policy_config" { diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index 02195dd004..eac0840002 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -85,6 +85,7 @@ locals { provider = null }] cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? { load_balancer_type = var.cloudrun_load_balancer_type } : {} @@ -98,7 +99,6 @@ locals { ] : [] cluster_cloudrun_enabled = var.cloudrun gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] - logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index cfb3a51c60..85dfbd4325 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -594,27 +594,27 @@ variable "timeouts" { } } -variable "enable_kubernetes_alpha" { +variable "monitoring_enable_managed_prometheus" { type = bool - description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." + description = "Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled." default = false } -variable "logging_enabled_components" { +variable "monitoring_enabled_components" { type = list(string) - description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." default = [] } -variable "monitoring_enabled_components" { +variable "logging_enabled_components" { type = list(string) - description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." default = [] } -variable "monitoring_enable_managed_prometheus" { +variable "enable_kubernetes_alpha" { type = bool - description = "(Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled." + description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." default = false } diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index b8779bc6fd..147446d22a 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.45.0, < 5.0" + version = ">= 4.46.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 03b265ace3..ed0579ab0e 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -177,6 +177,7 @@ Then perform the following commands on the root folder: | dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | +| enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_private\_endpoint | (Beta) Whether the master's internal IP address is used as the cluster endpoint | `bool` | `false` | no | | enable\_private\_nodes | (Beta) Whether nodes have internal IP addresses only | `bool` | `false` | no | @@ -199,6 +200,7 @@ Then perform the following commands on the root folder: | ip\_range\_services | The _name_ of the secondary subnet range to use for services | `string` | n/a | yes | | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | +| logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | @@ -207,6 +209,8 @@ Then perform the following commands on the root folder: | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | | master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no | +| monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | +| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 38a176fc0c..48775f35b0 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -71,8 +71,31 @@ resource "google_container_cluster" "primary" { min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null - logging_service = var.logging_service - monitoring_service = var.monitoring_service + # only one of logging/monitoring_service or logging/monitoring_config can be specified + logging_service = local.logmon_config_is_set ? null : var.logging_service + dynamic "logging_config" { + for_each = length(var.logging_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.logging_enabled_components + } + } + monitoring_service = local.logmon_config_is_set ? null : var.monitoring_service + dynamic "monitoring_config" { + for_each = length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus ? [1] : [] + + content { + enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : [] + + dynamic "managed_prometheus" { + for_each = var.monitoring_enable_managed_prometheus ? [1] : [] + + content { + enabled = var.monitoring_enable_managed_prometheus + } + } + } + } cluster_autoscaling { enabled = var.cluster_autoscaling.enabled dynamic "auto_provisioning_defaults" { @@ -105,6 +128,8 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + dynamic "master_authorized_networks_config" { for_each = local.master_authorized_networks_config content { diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index 3776e924fe..4f9a4f7ab2 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -84,6 +84,7 @@ locals { provider = null }] cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index fc5bad76f1..c2deafdfed 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -594,3 +594,27 @@ variable "timeouts" { error_message = "Only create, update, delete timeouts can be specified." } } + +variable "monitoring_enable_managed_prometheus" { + type = bool + description = "Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled." + default = false +} + +variable "monitoring_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + default = [] +} + +variable "logging_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + default = [] +} + +variable "enable_kubernetes_alpha" { + type = bool + description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." + default = false +} diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index dee1ca0128..c0f5d07acb 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -155,6 +155,7 @@ Then perform the following commands on the root folder: | dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | +| enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_private\_endpoint | (Beta) Whether the master's internal IP address is used as the cluster endpoint | `bool` | `false` | no | | enable\_private\_nodes | (Beta) Whether nodes have internal IP addresses only | `bool` | `false` | no | @@ -177,6 +178,7 @@ Then perform the following commands on the root folder: | ip\_range\_services | The _name_ of the secondary subnet range to use for services | `string` | n/a | yes | | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | +| logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | @@ -185,6 +187,8 @@ Then perform the following commands on the root folder: | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | | master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no | +| monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | +| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 28378512a9..f5ffb39fbd 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -71,8 +71,31 @@ resource "google_container_cluster" "primary" { min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null - logging_service = var.logging_service - monitoring_service = var.monitoring_service + # only one of logging/monitoring_service or logging/monitoring_config can be specified + logging_service = local.logmon_config_is_set ? null : var.logging_service + dynamic "logging_config" { + for_each = length(var.logging_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.logging_enabled_components + } + } + monitoring_service = local.logmon_config_is_set ? null : var.monitoring_service + dynamic "monitoring_config" { + for_each = length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus ? [1] : [] + + content { + enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : [] + + dynamic "managed_prometheus" { + for_each = var.monitoring_enable_managed_prometheus ? [1] : [] + + content { + enabled = var.monitoring_enable_managed_prometheus + } + } + } + } cluster_autoscaling { enabled = var.cluster_autoscaling.enabled dynamic "auto_provisioning_defaults" { @@ -105,6 +128,8 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + dynamic "master_authorized_networks_config" { for_each = local.master_authorized_networks_config content { diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index 3776e924fe..4f9a4f7ab2 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -84,6 +84,7 @@ locals { provider = null }] cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index fc5bad76f1..c2deafdfed 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -594,3 +594,27 @@ variable "timeouts" { error_message = "Only create, update, delete timeouts can be specified." } } + +variable "monitoring_enable_managed_prometheus" { + type = bool + description = "Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled." + default = false +} + +variable "monitoring_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + default = [] +} + +variable "logging_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + default = [] +} + +variable "enable_kubernetes_alpha" { + type = bool + description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." + default = false +} diff --git a/variables.tf b/variables.tf index b11853ce44..923b7215d2 100644 --- a/variables.tf +++ b/variables.tf @@ -564,3 +564,27 @@ variable "timeouts" { error_message = "Only create, update, delete timeouts can be specified." } } + +variable "monitoring_enable_managed_prometheus" { + type = bool + description = "Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled." + default = false +} + +variable "monitoring_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + default = [] +} + +variable "logging_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + default = [] +} + +variable "enable_kubernetes_alpha" { + type = bool + description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." + default = false +}