From 425bf93e60c75a0b238ca3c6aa968000f89a9271 Mon Sep 17 00:00:00 2001 From: Eric Zhao Date: Sat, 25 Jun 2022 01:38:34 +1000 Subject: [PATCH] feat!: support maintenance_exclusion (#1273) --- README.md | 2 +- autogen/main/cluster.tf.tmpl | 7 +++++++ autogen/main/variables.tf.tmpl | 2 +- autogen/safer-cluster/variables.tf.tmpl | 4 ++-- cluster.tf | 7 +++++++ modules/beta-autopilot-private-cluster/README.md | 2 +- modules/beta-autopilot-private-cluster/cluster.tf | 7 +++++++ modules/beta-autopilot-private-cluster/variables.tf | 2 +- modules/beta-autopilot-public-cluster/README.md | 2 +- modules/beta-autopilot-public-cluster/cluster.tf | 7 +++++++ modules/beta-autopilot-public-cluster/variables.tf | 2 +- modules/beta-private-cluster-update-variant/README.md | 2 +- modules/beta-private-cluster-update-variant/cluster.tf | 7 +++++++ modules/beta-private-cluster-update-variant/variables.tf | 2 +- modules/beta-private-cluster/README.md | 2 +- modules/beta-private-cluster/cluster.tf | 7 +++++++ modules/beta-private-cluster/variables.tf | 2 +- modules/beta-public-cluster-update-variant/README.md | 2 +- modules/beta-public-cluster-update-variant/cluster.tf | 7 +++++++ modules/beta-public-cluster-update-variant/variables.tf | 2 +- modules/beta-public-cluster/README.md | 2 +- modules/beta-public-cluster/cluster.tf | 7 +++++++ modules/beta-public-cluster/variables.tf | 2 +- modules/private-cluster-update-variant/README.md | 2 +- modules/private-cluster-update-variant/cluster.tf | 7 +++++++ modules/private-cluster-update-variant/variables.tf | 2 +- modules/private-cluster/README.md | 2 +- modules/private-cluster/cluster.tf | 7 +++++++ modules/private-cluster/variables.tf | 2 +- modules/safer-cluster-update-variant/README.md | 2 +- modules/safer-cluster-update-variant/variables.tf | 2 +- modules/safer-cluster/README.md | 2 +- modules/safer-cluster/variables.tf | 2 +- variables.tf | 2 +- 34 files changed, 95 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index 0f338e286..b1f8247a3 100644 --- a/README.md +++ b/README.md @@ -161,7 +161,7 @@ Then perform the following commands on the root folder: | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 22a688056..2b1466d37 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -265,6 +265,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 93f2a0192..86ade1f55 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl index 4a337c278..2a7a84db8 100644 --- a/autogen/safer-cluster/variables.tf.tmpl +++ b/autogen/safer-cluster/variables.tf.tmpl @@ -108,9 +108,9 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" - default = [] + default = [] } variable "maintenance_end_time" { diff --git a/cluster.tf b/cluster.tf index 72c7cebf5..3cd0f6f83 100644 --- a/cluster.tf +++ b/cluster.tf @@ -146,6 +146,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 94a3275ed..45d362ed9 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -104,7 +104,7 @@ Then perform the following commands on the root folder: | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 271bf900f..1f1af35d7 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -120,6 +120,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 0a554420c..b67a241ee 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 4c9b0a9a4..255ef58b9 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -95,7 +95,7 @@ Then perform the following commands on the root folder: | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index b61d8a216..f8639d498 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -120,6 +120,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index c35bb86a2..d0bcca1b2 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 48a12f031..35e145544 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -215,7 +215,7 @@ Then perform the following commands on the root folder: | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index b6a86ee05..3a1093e9b 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -231,6 +231,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index a88bd877e..269248636 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index a3ce1ece4..ce001d768 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -193,7 +193,7 @@ Then perform the following commands on the root folder: | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 564a2efa8..8a137d99d 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -231,6 +231,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index a88bd877e..269248636 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 30c05a0a0..1a7f5003e 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -206,7 +206,7 @@ Then perform the following commands on the root folder: | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 5687d0e66..1725a15ce 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -231,6 +231,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index dbd988544..880031233 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 352db8988..5a198e674 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -184,7 +184,7 @@ Then perform the following commands on the root folder: | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 1708c1e43..f20ac3a0a 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -231,6 +231,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index dbd988544..880031233 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index c9e0c619b..a3b0a135e 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -192,7 +192,7 @@ Then perform the following commands on the root folder: | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 9945792aa..1a4cdf5eb 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -146,6 +146,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 2a7ff1efc..2c98a8532 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 7d30994a2..3ded26b96 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -170,7 +170,7 @@ Then perform the following commands on the root folder: | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 18463f322..7b74bf149 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -146,6 +146,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 2a7ff1efc..2c98a8532 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md index c294af489..4ae74f0d6 100644 --- a/modules/safer-cluster-update-variant/README.md +++ b/modules/safer-cluster-update-variant/README.md @@ -235,7 +235,7 @@ For simplicity, we suggest using `roles/container.admin` and | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. The module enforces certain minimum versions to ensure that specific features are available. | `string` | `null` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf index 1c1acf9a1..98a113b0a 100644 --- a/modules/safer-cluster-update-variant/variables.tf +++ b/modules/safer-cluster-update-variant/variables.tf @@ -108,7 +108,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md index c294af489..4ae74f0d6 100644 --- a/modules/safer-cluster/README.md +++ b/modules/safer-cluster/README.md @@ -235,7 +235,7 @@ For simplicity, we suggest using `roles/container.admin` and | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. The module enforces certain minimum versions to ensure that specific features are available. | `string` | `null` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf index 1c1acf9a1..98a113b0a 100644 --- a/modules/safer-cluster/variables.tf +++ b/modules/safer-cluster/variables.tf @@ -108,7 +108,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/variables.tf b/variables.tf index 70684d7d4..1ee699571 100644 --- a/variables.tf +++ b/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] }