diff --git a/README.md b/README.md index 38ef75d186..4e34f2c6bb 100644 --- a/README.md +++ b/README.md @@ -148,6 +148,7 @@ Then perform the following commands on the root folder: | dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | +| enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_resource\_consumption\_export | Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. | `bool` | `true` | no | | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 55f67a9c7a..53c041c3bb 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -178,9 +178,10 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + {% if beta_cluster %} enable_intranode_visibility = var.enable_intranode_visibility - enable_kubernetes_alpha = var.enable_kubernetes_alpha enable_tpu = var.enable_tpu dynamic "pod_security_policy_config" { diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index ac42c648c9..be50ce8b0c 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -224,10 +224,10 @@ locals { # BETA features cluster_istio_enabled = ! local.cluster_output_istio_disabled cluster_dns_cache_enabled = var.dns_cache + cluster_telemetry_type_is_set = var.cluster_telemetry_type != null cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled cluster_intranode_visibility_enabled = local.cluster_output_intranode_visbility_enabled confidential_node_config = var.enable_confidential_nodes == true ? [{ enabled = true }] : [] - cluster_telemetry_type_is_set = var.cluster_telemetry_type != null # /BETA features {% endif %} diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 5d4034b5dc..0261b202fe 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -333,7 +333,6 @@ variable "cluster_telemetry_type" { default = null } {% endif %} - variable "logging_service" { type = string description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none" @@ -670,17 +669,14 @@ variable "logging_enabled_components" { description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." default = [] } -{% endif %} - -{% if beta_cluster %} - {% if autopilot_cluster != true %} variable "enable_kubernetes_alpha" { type = bool description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." default = false } - {% endif %} +{% endif %} +{% if beta_cluster %} {% if autopilot_cluster != true %} variable "istio" { diff --git a/cluster.tf b/cluster.tf index aeb402ec34..e0fa17b8af 100644 --- a/cluster.tf +++ b/cluster.tf @@ -128,6 +128,8 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + dynamic "master_authorized_networks_config" { for_each = local.master_authorized_networks_config content { diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf index 7d74f4b92d..68da9939ce 100644 --- a/modules/beta-autopilot-private-cluster/main.tf +++ b/modules/beta-autopilot-private-cluster/main.tf @@ -128,10 +128,10 @@ locals { # BETA features cluster_istio_enabled = !local.cluster_output_istio_disabled cluster_dns_cache_enabled = var.dns_cache + cluster_telemetry_type_is_set = var.cluster_telemetry_type != null cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled cluster_intranode_visibility_enabled = local.cluster_output_intranode_visbility_enabled confidential_node_config = var.enable_confidential_nodes == true ? [{ enabled = true }] : [] - cluster_telemetry_type_is_set = var.cluster_telemetry_type != null # /BETA features diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index f26f4726b9..828d6942aa 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -208,7 +208,6 @@ variable "cluster_telemetry_type" { description = "Available options include ENABLED, DISABLED, and SYSTEM_ONLY" default = null } - variable "logging_service" { type = string description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none" @@ -423,4 +422,3 @@ variable "timeouts" { } } - diff --git a/modules/beta-autopilot-public-cluster/main.tf b/modules/beta-autopilot-public-cluster/main.tf index 064b2bfd98..c4984c2362 100644 --- a/modules/beta-autopilot-public-cluster/main.tf +++ b/modules/beta-autopilot-public-cluster/main.tf @@ -127,10 +127,10 @@ locals { # BETA features cluster_istio_enabled = !local.cluster_output_istio_disabled cluster_dns_cache_enabled = var.dns_cache + cluster_telemetry_type_is_set = var.cluster_telemetry_type != null cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled cluster_intranode_visibility_enabled = local.cluster_output_intranode_visbility_enabled confidential_node_config = var.enable_confidential_nodes == true ? [{ enabled = true }] : [] - cluster_telemetry_type_is_set = var.cluster_telemetry_type != null # /BETA features diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index d36d52e8e2..353add3720 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -208,7 +208,6 @@ variable "cluster_telemetry_type" { description = "Available options include ENABLED, DISABLED, and SYSTEM_ONLY" default = null } - variable "logging_service" { type = string description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none" @@ -393,4 +392,3 @@ variable "timeouts" { } } - diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 6e9979f80a..d702d95710 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -142,8 +142,9 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + enable_intranode_visibility = var.enable_intranode_visibility - enable_kubernetes_alpha = var.enable_kubernetes_alpha enable_tpu = var.enable_tpu dynamic "pod_security_policy_config" { diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index 8756e85304..60b38a567a 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -183,10 +183,10 @@ locals { # BETA features cluster_istio_enabled = !local.cluster_output_istio_disabled cluster_dns_cache_enabled = var.dns_cache + cluster_telemetry_type_is_set = var.cluster_telemetry_type != null cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled cluster_intranode_visibility_enabled = local.cluster_output_intranode_visbility_enabled confidential_node_config = var.enable_confidential_nodes == true ? [{ enabled = true }] : [] - cluster_telemetry_type_is_set = var.cluster_telemetry_type != null # /BETA features diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 2765c9d88b..f0a05417ec 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -321,7 +321,6 @@ variable "cluster_telemetry_type" { description = "Available options include ENABLED, DISABLED, and SYSTEM_ONLY" default = null } - variable "logging_service" { type = string description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none" @@ -642,7 +641,6 @@ variable "logging_enabled_components" { default = [] } - variable "enable_kubernetes_alpha" { type = bool description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 0595a2e1dd..df0379fd1b 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -142,8 +142,9 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + enable_intranode_visibility = var.enable_intranode_visibility - enable_kubernetes_alpha = var.enable_kubernetes_alpha enable_tpu = var.enable_tpu dynamic "pod_security_policy_config" { diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 8756e85304..60b38a567a 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -183,10 +183,10 @@ locals { # BETA features cluster_istio_enabled = !local.cluster_output_istio_disabled cluster_dns_cache_enabled = var.dns_cache + cluster_telemetry_type_is_set = var.cluster_telemetry_type != null cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled cluster_intranode_visibility_enabled = local.cluster_output_intranode_visbility_enabled confidential_node_config = var.enable_confidential_nodes == true ? [{ enabled = true }] : [] - cluster_telemetry_type_is_set = var.cluster_telemetry_type != null # /BETA features diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 2765c9d88b..f0a05417ec 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -321,7 +321,6 @@ variable "cluster_telemetry_type" { description = "Available options include ENABLED, DISABLED, and SYSTEM_ONLY" default = null } - variable "logging_service" { type = string description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none" @@ -642,7 +641,6 @@ variable "logging_enabled_components" { default = [] } - variable "enable_kubernetes_alpha" { type = bool description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 09f065d919..8480a0bfbb 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -142,8 +142,9 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + enable_intranode_visibility = var.enable_intranode_visibility - enable_kubernetes_alpha = var.enable_kubernetes_alpha enable_tpu = var.enable_tpu dynamic "pod_security_policy_config" { diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf index 444139bccf..ee21a074bb 100644 --- a/modules/beta-public-cluster-update-variant/main.tf +++ b/modules/beta-public-cluster-update-variant/main.tf @@ -182,10 +182,10 @@ locals { # BETA features cluster_istio_enabled = !local.cluster_output_istio_disabled cluster_dns_cache_enabled = var.dns_cache + cluster_telemetry_type_is_set = var.cluster_telemetry_type != null cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled cluster_intranode_visibility_enabled = local.cluster_output_intranode_visbility_enabled confidential_node_config = var.enable_confidential_nodes == true ? [{ enabled = true }] : [] - cluster_telemetry_type_is_set = var.cluster_telemetry_type != null # /BETA features diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 5a2219248b..a35a3ca65e 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -321,7 +321,6 @@ variable "cluster_telemetry_type" { description = "Available options include ENABLED, DISABLED, and SYSTEM_ONLY" default = null } - variable "logging_service" { type = string description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none" @@ -612,7 +611,6 @@ variable "logging_enabled_components" { default = [] } - variable "enable_kubernetes_alpha" { type = bool description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index ee05208821..904a53c8a2 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -142,8 +142,9 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + enable_intranode_visibility = var.enable_intranode_visibility - enable_kubernetes_alpha = var.enable_kubernetes_alpha enable_tpu = var.enable_tpu dynamic "pod_security_policy_config" { diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index 444139bccf..ee21a074bb 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -182,10 +182,10 @@ locals { # BETA features cluster_istio_enabled = !local.cluster_output_istio_disabled cluster_dns_cache_enabled = var.dns_cache + cluster_telemetry_type_is_set = var.cluster_telemetry_type != null cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled cluster_intranode_visibility_enabled = local.cluster_output_intranode_visbility_enabled confidential_node_config = var.enable_confidential_nodes == true ? [{ enabled = true }] : [] - cluster_telemetry_type_is_set = var.cluster_telemetry_type != null # /BETA features diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 5a2219248b..a35a3ca65e 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -321,7 +321,6 @@ variable "cluster_telemetry_type" { description = "Available options include ENABLED, DISABLED, and SYSTEM_ONLY" default = null } - variable "logging_service" { type = string description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none" @@ -612,7 +611,6 @@ variable "logging_enabled_components" { default = [] } - variable "enable_kubernetes_alpha" { type = bool description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 26f038c829..ed0579ab0e 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -177,6 +177,7 @@ Then perform the following commands on the root folder: | dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | +| enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_private\_endpoint | (Beta) Whether the master's internal IP address is used as the cluster endpoint | `bool` | `false` | no | | enable\_private\_nodes | (Beta) Whether nodes have internal IP addresses only | `bool` | `false` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 8777099b44..48775f35b0 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -128,6 +128,8 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + dynamic "master_authorized_networks_config" { for_each = local.master_authorized_networks_config content { diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 41c319e98d..5a1e7b0aed 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -303,7 +303,6 @@ variable "configure_ip_masq" { default = false } - variable "logging_service" { type = string description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none" @@ -614,3 +613,8 @@ variable "logging_enabled_components" { default = [] } +variable "enable_kubernetes_alpha" { + type = bool + description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." + default = false +} diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index ac2e671cfb..c0f5d07acb 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -155,6 +155,7 @@ Then perform the following commands on the root folder: | dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | +| enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_private\_endpoint | (Beta) Whether the master's internal IP address is used as the cluster endpoint | `bool` | `false` | no | | enable\_private\_nodes | (Beta) Whether nodes have internal IP addresses only | `bool` | `false` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index ed42c5be16..f5ffb39fbd 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -128,6 +128,8 @@ resource "google_container_cluster" "primary" { } } + enable_kubernetes_alpha = var.enable_kubernetes_alpha + dynamic "master_authorized_networks_config" { for_each = local.master_authorized_networks_config content { diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 41c319e98d..5a1e7b0aed 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -303,7 +303,6 @@ variable "configure_ip_masq" { default = false } - variable "logging_service" { type = string description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none" @@ -614,3 +613,8 @@ variable "logging_enabled_components" { default = [] } +variable "enable_kubernetes_alpha" { + type = bool + description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." + default = false +} diff --git a/variables.tf b/variables.tf index 41fe96358b..5fe6fa991d 100644 --- a/variables.tf +++ b/variables.tf @@ -303,7 +303,6 @@ variable "configure_ip_masq" { default = false } - variable "logging_service" { type = string description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none" @@ -584,3 +583,8 @@ variable "logging_enabled_components" { default = [] } +variable "enable_kubernetes_alpha" { + type = bool + description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." + default = false +}