diff --git a/README.md b/README.md
index eca742a64..ee07f25fc 100644
--- a/README.md
+++ b/README.md
@@ -149,6 +149,7 @@ Then perform the following commands on the root folder:
| database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | [
{
"key_name": "",
"state": "DECRYPTED"
}
]
| no |
| datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no |
| default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no |
+| deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no |
| description | The description of the cluster | `string` | `""` | no |
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
| disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no |
@@ -331,7 +332,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
- [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
#### Terraform and Plugins
- [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP][terraform-provider-google] v4.51
+- [Terraform Provider for GCP][terraform-provider-google] v5
#### gcloud
Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/autogen/main/README.md b/autogen/main/README.md
index 4283fc896..049165f61 100644
--- a/autogen/main/README.md
+++ b/autogen/main/README.md
@@ -272,9 +272,9 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
#### Terraform and Plugins
- [Terraform](https://www.terraform.io/downloads.html) 1.3+
{% if beta_cluster %}
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5
{% else %}
-- [Terraform Provider for GCP][terraform-provider-google] v4.51
+- [Terraform Provider for GCP][terraform-provider-google] v5
{% endif %}
#### gcloud
Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
index 83c5ca00e..b4a78f53b 100644
--- a/autogen/main/cluster.tf.tmpl
+++ b/autogen/main/cluster.tf.tmpl
@@ -31,10 +31,12 @@ resource "google_container_cluster" "primary" {
project = var.project_id
resource_labels = var.cluster_resource_labels
- location = local.location
- node_locations = local.node_locations
- cluster_ipv4_cidr = var.cluster_ipv4_cidr
- network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ location = local.location
+ node_locations = local.node_locations
+ cluster_ipv4_cidr = var.cluster_ipv4_cidr
+ network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ deletion_protection = var.deletion_protection
+
{% if autopilot_cluster != true %}
dynamic "network_policy" {
for_each = local.cluster_network_policy
diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
index b3ef4a3ef..bbc76e46e 100644
--- a/autogen/main/variables.tf.tmpl
+++ b/autogen/main/variables.tf.tmpl
@@ -592,6 +592,12 @@ variable "notification_config_topic" {
default = ""
}
+variable "deletion_protection" {
+ type = bool
+ description = "Whether or not to allow Terraform to destroy the cluster."
+ default = true
+}
+
{% if beta_cluster %}
variable "enable_tpu" {
type = bool
diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl
index e6b22da2c..6bf2b5245 100644
--- a/autogen/main/versions.tf.tmpl
+++ b/autogen/main/versions.tf.tmpl
@@ -24,11 +24,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
@@ -46,7 +46,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl
index ffb2b5b87..3146875d4 100644
--- a/autogen/safer-cluster/main.tf.tmpl
+++ b/autogen/safer-cluster/main.tf.tmpl
@@ -24,14 +24,15 @@ module "gke" {
{% else %}
source = "../beta-private-cluster/"
{% endif %}
- project_id = var.project_id
- name = var.name
- description = var.description
- regional = var.regional
- region = var.region
- zones = var.zones
- network = var.network
- network_project_id = var.network_project_id
+ project_id = var.project_id
+ name = var.name
+ description = var.description
+ regional = var.regional
+ region = var.region
+ zones = var.zones
+ network = var.network
+ network_project_id = var.network_project_id
+ deletion_protection = var.deletion_protection
// We need to enforce a minimum Kubernetes Version to ensure
// that the necessary security features are enabled.
diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl
index 5ee525162..0f21e99a4 100644
--- a/autogen/safer-cluster/variables.tf.tmpl
+++ b/autogen/safer-cluster/variables.tf.tmpl
@@ -520,3 +520,9 @@ variable "workload_config_audit_mode" {
type = string
default = "DISABLED"
}
+
+variable "deletion_protection" {
+ type = bool
+ description = "Whether or not to allow Terraform to destroy the cluster."
+ default = true
+}
diff --git a/cluster.tf b/cluster.tf
index 63a4ddfc7..a8d6f4a38 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -27,10 +27,12 @@ resource "google_container_cluster" "primary" {
project = var.project_id
resource_labels = var.cluster_resource_labels
- location = local.location
- node_locations = local.node_locations
- cluster_ipv4_cidr = var.cluster_ipv4_cidr
- network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ location = local.location
+ node_locations = local.node_locations
+ cluster_ipv4_cidr = var.cluster_ipv4_cidr
+ network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ deletion_protection = var.deletion_protection
+
dynamic "network_policy" {
for_each = local.cluster_network_policy
diff --git a/docs/upgrading_to_v29.0.md b/docs/upgrading_to_v29.0.md
index 33407ec2e..e9aaa2e05 100644
--- a/docs/upgrading_to_v29.0.md
+++ b/docs/upgrading_to_v29.0.md
@@ -2,6 +2,41 @@
The v29.0 release of *kubernetes-engine* is a backwards incompatible
release.
+### Google Cloud Platform Provider upgrade
+The Terraform Kubernetes Engine Module now requires version 5.0 or higher of the Google Cloud Platform Providers.
+
+```diff
+terraform {
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+- version = "~> 4.0"
++ version = "~> 5.0"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+- version = "~> 4.0"
++ version = "~> 5.0"
+ }
+
+ }
+}
+```
+
+### Deletion Protection
+The Terraform Kubernetes Engine Module now includes the `deletion_protection` option which defaults to `true`. To delete your cluster you should specify it explicitly to `false`:
+
+```diff
+ module "gke" {
+- source = "terraform-google-modules/kubernetes-engine/google"
+- version = "~> 28.0"
++ source = "terraform-google-modules/kubernetes-engine/google"
++ version = "~> 29.0"
+...
++ deletion_protection = false
+}
+```
+
### Update variant random ID keepers updated
The v29.0 release updates the keepers for the update variant modules. This will force a recreation of the nodepools.
diff --git a/examples/acm-terraform-blog-part1/terraform/providers.tf b/examples/acm-terraform-blog-part1/terraform/providers.tf
index 18b791005..691a20eaa 100644
--- a/examples/acm-terraform-blog-part1/terraform/providers.tf
+++ b/examples/acm-terraform-blog-part1/terraform/providers.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google-beta = {
- source = "hashicorp/google-beta"
- version = ">= 3.73.0"
+ source = "hashicorp/google-beta"
}
}
}
diff --git a/examples/acm-terraform-blog-part2/terraform/providers.tf b/examples/acm-terraform-blog-part2/terraform/providers.tf
index 18b791005..691a20eaa 100644
--- a/examples/acm-terraform-blog-part2/terraform/providers.tf
+++ b/examples/acm-terraform-blog-part2/terraform/providers.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google-beta = {
- source = "hashicorp/google-beta"
- version = ">= 3.73.0"
+ source = "hashicorp/google-beta"
}
}
}
diff --git a/examples/acm-terraform-blog-part3/terraform/providers.tf b/examples/acm-terraform-blog-part3/terraform/providers.tf
index 72c26199b..691a20eaa 100644
--- a/examples/acm-terraform-blog-part3/terraform/providers.tf
+++ b/examples/acm-terraform-blog-part3/terraform/providers.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google-beta = {
- source = "hashicorp/google-beta"
- version = ">= 4.27.0, < 5.0"
+ source = "hashicorp/google-beta"
}
}
}
diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf
index 87c79fdf2..0f8790c23 100644
--- a/examples/deploy_service/main.tf
+++ b/examples/deploy_service/main.tf
@@ -38,6 +38,7 @@ module "gke" {
ip_range_services = var.ip_range_services
create_service_account = false
service_account = var.compute_engine_service_account
+ deletion_protection = false
}
resource "kubernetes_pod" "nginx-example" {
diff --git a/examples/deploy_service/versions.tf b/examples/deploy_service/versions.tf
index e8fbb1aad..61934a306 100644
--- a/examples/deploy_service/versions.tf
+++ b/examples/deploy_service/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/disable_client_cert/main.tf b/examples/disable_client_cert/main.tf
index 8696ffc0d..aa11abfba 100644
--- a/examples/disable_client_cert/main.tf
+++ b/examples/disable_client_cert/main.tf
@@ -40,4 +40,5 @@ module "gke" {
create_service_account = false
service_account = var.compute_engine_service_account
issue_client_certificate = false
+ deletion_protection = false
}
diff --git a/examples/disable_client_cert/versions.tf b/examples/disable_client_cert/versions.tf
index e8fbb1aad..61934a306 100644
--- a/examples/disable_client_cert/versions.tf
+++ b/examples/disable_client_cert/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf
index a21c5f093..cacc05197 100644
--- a/examples/node_pool/main.tf
+++ b/examples/node_pool/main.tf
@@ -40,6 +40,7 @@ module "gke" {
remove_default_node_pool = false
disable_legacy_metadata_endpoints = false
cluster_autoscaling = var.cluster_autoscaling
+ deletion_protection = false
node_pools = [
{
diff --git a/examples/node_pool/versions.tf b/examples/node_pool/versions.tf
index 68ef07184..12bdc8a77 100644
--- a/examples/node_pool/versions.tf
+++ b/examples/node_pool/versions.tf
@@ -20,8 +20,7 @@ terraform {
source = "hashicorp/google"
}
google-beta = {
- source = "hashicorp/google-beta"
- version = "~> 4.0"
+ source = "hashicorp/google-beta"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/node_pool_update_variant/main.tf b/examples/node_pool_update_variant/main.tf
index 7fd842f7a..fc3f418dc 100644
--- a/examples/node_pool_update_variant/main.tf
+++ b/examples/node_pool_update_variant/main.tf
@@ -48,6 +48,7 @@ module "gke" {
enable_private_endpoint = true
enable_private_nodes = true
master_ipv4_cidr_block = "172.16.0.0/28"
+ deletion_protection = false
master_authorized_networks = [
{
diff --git a/examples/node_pool_update_variant/versions.tf b/examples/node_pool_update_variant/versions.tf
index e8fbb1aad..61934a306 100644
--- a/examples/node_pool_update_variant/versions.tf
+++ b/examples/node_pool_update_variant/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/node_pool_update_variant_beta/main.tf b/examples/node_pool_update_variant_beta/main.tf
index b9710fca1..7d33e7c1c 100644
--- a/examples/node_pool_update_variant_beta/main.tf
+++ b/examples/node_pool_update_variant_beta/main.tf
@@ -53,6 +53,7 @@ module "gke" {
enable_private_endpoint = true
enable_private_nodes = true
master_ipv4_cidr_block = "172.16.0.0/28"
+ deletion_protection = false
master_authorized_networks = [
{
diff --git a/examples/node_pool_update_variant_beta/versions.tf b/examples/node_pool_update_variant_beta/versions.tf
index 68ef07184..12bdc8a77 100644
--- a/examples/node_pool_update_variant_beta/versions.tf
+++ b/examples/node_pool_update_variant_beta/versions.tf
@@ -20,8 +20,7 @@ terraform {
source = "hashicorp/google"
}
google-beta = {
- source = "hashicorp/google-beta"
- version = "~> 4.0"
+ source = "hashicorp/google-beta"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/node_pool_update_variant_public_beta/main.tf b/examples/node_pool_update_variant_public_beta/main.tf
index f369cfb7d..4b223b5eb 100644
--- a/examples/node_pool_update_variant_public_beta/main.tf
+++ b/examples/node_pool_update_variant_public_beta/main.tf
@@ -49,6 +49,7 @@ module "gke" {
ip_range_services = var.ip_range_services
create_service_account = false
service_account = var.compute_engine_service_account
+ deletion_protection = false
master_authorized_networks = [
{
diff --git a/examples/node_pool_update_variant_public_beta/versions.tf b/examples/node_pool_update_variant_public_beta/versions.tf
index 68ef07184..12bdc8a77 100644
--- a/examples/node_pool_update_variant_public_beta/versions.tf
+++ b/examples/node_pool_update_variant_public_beta/versions.tf
@@ -20,8 +20,7 @@ terraform {
source = "hashicorp/google"
}
google-beta = {
- source = "hashicorp/google-beta"
- version = "~> 4.0"
+ source = "hashicorp/google-beta"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/private_zonal_with_networking/main.tf b/examples/private_zonal_with_networking/main.tf
index e4398ffb1..689615515 100644
--- a/examples/private_zonal_with_networking/main.tf
+++ b/examples/private_zonal_with_networking/main.tf
@@ -24,7 +24,7 @@ provider "kubernetes" {
module "gcp-network" {
source = "terraform-google-modules/network/google"
- version = ">= 4.0.1"
+ version = ">= 7.5"
project_id = var.project_id
network_name = var.network
@@ -75,6 +75,7 @@ module "gke" {
enable_private_endpoint = true
enable_private_nodes = true
master_ipv4_cidr_block = "172.16.0.0/28"
+ deletion_protection = false
master_authorized_networks = [
{
diff --git a/examples/regional_private_node_pool_oauth_scopes/main.tf b/examples/regional_private_node_pool_oauth_scopes/main.tf
index d5c14d880..bf1fc7013 100644
--- a/examples/regional_private_node_pool_oauth_scopes/main.tf
+++ b/examples/regional_private_node_pool_oauth_scopes/main.tf
@@ -32,6 +32,7 @@ module "gke" {
service_account = "create"
remove_default_node_pool = true
disable_legacy_metadata_endpoints = true
+ deletion_protection = false
master_authorized_networks = [
{
diff --git a/examples/regional_private_node_pool_oauth_scopes/network.tf b/examples/regional_private_node_pool_oauth_scopes/network.tf
index 290ec14ec..87da02257 100644
--- a/examples/regional_private_node_pool_oauth_scopes/network.tf
+++ b/examples/regional_private_node_pool_oauth_scopes/network.tf
@@ -16,7 +16,7 @@
module "gke-network" {
source = "terraform-google-modules/network/google"
- version = ">= 4.0.1"
+ version = ">= 7.5"
project_id = var.project_id
network_name = "random-gke-network"
diff --git a/examples/regional_private_node_pool_oauth_scopes/versions.tf b/examples/regional_private_node_pool_oauth_scopes/versions.tf
index 551261c44..12bdc8a77 100644
--- a/examples/regional_private_node_pool_oauth_scopes/versions.tf
+++ b/examples/regional_private_node_pool_oauth_scopes/versions.tf
@@ -17,12 +17,10 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
google-beta = {
- source = "hashicorp/google-beta"
- version = "~> 4.0"
+ source = "hashicorp/google-beta"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/safer_cluster/main.tf b/examples/safer_cluster/main.tf
index 4913bd199..bf0037cea 100644
--- a/examples/safer_cluster/main.tf
+++ b/examples/safer_cluster/main.tf
@@ -65,6 +65,7 @@ module "gke" {
firewall_inbound_ports = ["9443", "15017"]
kubernetes_version = random_shuffle.version.result[0]
release_channel = "UNSPECIFIED"
+ deletion_protection = false
master_authorized_networks = [
{
diff --git a/examples/safer_cluster/network.tf b/examples/safer_cluster/network.tf
index 48fededa4..883fc86e7 100644
--- a/examples/safer_cluster/network.tf
+++ b/examples/safer_cluster/network.tf
@@ -16,7 +16,7 @@
module "gcp-network" {
source = "terraform-google-modules/network/google"
- version = ">= 4.0.1"
+ version = ">= 7.5"
project_id = var.project_id
network_name = local.network_name
diff --git a/examples/safer_cluster/versions.tf b/examples/safer_cluster/versions.tf
index 60030dba2..400992904 100644
--- a/examples/safer_cluster/versions.tf
+++ b/examples/safer_cluster/versions.tf
@@ -18,19 +18,17 @@ terraform {
required_version = ">= 0.13"
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
google-beta = {
- source = "hashicorp/google-beta"
- version = "~> 4.0"
+ source = "hashicorp/google-beta"
}
kubernetes = {
source = "hashicorp/kubernetes"
}
random = {
source = "hashicorp/random"
- version = "~> 3.0"
+ version = ">= 3.0"
}
}
}
diff --git a/examples/safer_cluster_iap_bastion/bastion.tf b/examples/safer_cluster_iap_bastion/bastion.tf
index 13506d2e9..c4213b4f7 100644
--- a/examples/safer_cluster_iap_bastion/bastion.tf
+++ b/examples/safer_cluster_iap_bastion/bastion.tf
@@ -21,7 +21,7 @@ locals {
module "bastion" {
source = "terraform-google-modules/bastion-host/google"
- version = "~> 5.0"
+ version = "~> 6.0"
network = module.vpc.network_self_link
subnet = module.vpc.subnets_self_links[0]
diff --git a/examples/safer_cluster_iap_bastion/cluster.tf b/examples/safer_cluster_iap_bastion/cluster.tf
index d0be299f3..7731c758e 100644
--- a/examples/safer_cluster_iap_bastion/cluster.tf
+++ b/examples/safer_cluster_iap_bastion/cluster.tf
@@ -25,6 +25,7 @@ module "gke" {
ip_range_pods = module.vpc.subnets_secondary_ranges[0][0].range_name
ip_range_services = module.vpc.subnets_secondary_ranges[0][1].range_name
enable_private_endpoint = false
+ deletion_protection = false
master_authorized_networks = [{
cidr_block = "${module.bastion.ip_address}/32"
display_name = "Bastion Host"
diff --git a/examples/safer_cluster_iap_bastion/kms.tf b/examples/safer_cluster_iap_bastion/kms.tf
index 93dea01c0..1ca442d9d 100644
--- a/examples/safer_cluster_iap_bastion/kms.tf
+++ b/examples/safer_cluster_iap_bastion/kms.tf
@@ -16,7 +16,7 @@
module "kms" {
source = "terraform-google-modules/kms/google"
- version = "~> 2.2.1"
+ version = "~> 2.2.3"
project_id = var.project_id
location = var.region
keyring = "gke-keyring"
diff --git a/examples/safer_cluster_iap_bastion/network.tf b/examples/safer_cluster_iap_bastion/network.tf
index 554d61a05..f06384c58 100644
--- a/examples/safer_cluster_iap_bastion/network.tf
+++ b/examples/safer_cluster_iap_bastion/network.tf
@@ -17,7 +17,7 @@
module "vpc" {
source = "terraform-google-modules/network/google"
- version = ">= 4.0.1"
+ version = ">= 7.5"
project_id = module.enabled_google_apis.project_id
network_name = var.network_name
@@ -49,7 +49,7 @@ module "vpc" {
module "cloud-nat" {
source = "terraform-google-modules/cloud-nat/google"
- version = "~> 4.0"
+ version = "~> 5.0"
project_id = module.enabled_google_apis.project_id
region = var.region
router = "safer-router"
diff --git a/examples/safer_cluster_iap_bastion/versions.tf b/examples/safer_cluster_iap_bastion/versions.tf
index 551261c44..12bdc8a77 100644
--- a/examples/safer_cluster_iap_bastion/versions.tf
+++ b/examples/safer_cluster_iap_bastion/versions.tf
@@ -17,12 +17,10 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
google-beta = {
- source = "hashicorp/google-beta"
- version = "~> 4.0"
+ source = "hashicorp/google-beta"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf
index 72cba631b..43d115e77 100644
--- a/examples/shared_vpc/main.tf
+++ b/examples/shared_vpc/main.tf
@@ -40,4 +40,5 @@ module "gke" {
service_account = var.compute_engine_service_account
add_cluster_firewall_rules = true
firewall_inbound_ports = ["9443", "15017"]
+ deletion_protection = false
}
diff --git a/examples/shared_vpc/versions.tf b/examples/shared_vpc/versions.tf
index e8fbb1aad..61934a306 100644
--- a/examples/shared_vpc/versions.tf
+++ b/examples/shared_vpc/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_autopilot_private/main.tf b/examples/simple_autopilot_private/main.tf
index f732e5ec7..7a5046326 100644
--- a/examples/simple_autopilot_private/main.tf
+++ b/examples/simple_autopilot_private/main.tf
@@ -49,6 +49,7 @@ module "gke" {
enable_private_nodes = true
master_ipv4_cidr_block = "172.16.0.0/28"
network_tags = [local.cluster_type]
+ deletion_protection = false
master_authorized_networks = [
{
diff --git a/examples/simple_autopilot_private/network.tf b/examples/simple_autopilot_private/network.tf
index 1a4161bea..436d47186 100644
--- a/examples/simple_autopilot_private/network.tf
+++ b/examples/simple_autopilot_private/network.tf
@@ -16,7 +16,7 @@
module "gcp-network" {
source = "terraform-google-modules/network/google"
- version = ">= 4.0.1"
+ version = ">= 7.5"
project_id = var.project_id
network_name = local.network_name
diff --git a/examples/simple_autopilot_private/versions.tf b/examples/simple_autopilot_private/versions.tf
index 210a18748..4c9261fce 100644
--- a/examples/simple_autopilot_private/versions.tf
+++ b/examples/simple_autopilot_private/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_autopilot_private_non_default_sa/main.tf b/examples/simple_autopilot_private_non_default_sa/main.tf
index cacdf508f..cd61608e4 100644
--- a/examples/simple_autopilot_private_non_default_sa/main.tf
+++ b/examples/simple_autopilot_private_non_default_sa/main.tf
@@ -48,6 +48,7 @@ module "gke" {
enable_private_endpoint = true
enable_private_nodes = true
master_ipv4_cidr_block = "172.16.0.0/28"
+ deletion_protection = false
master_authorized_networks = [
{
diff --git a/examples/simple_autopilot_private_non_default_sa/network.tf b/examples/simple_autopilot_private_non_default_sa/network.tf
index 9f3689370..c5d35d953 100644
--- a/examples/simple_autopilot_private_non_default_sa/network.tf
+++ b/examples/simple_autopilot_private_non_default_sa/network.tf
@@ -16,7 +16,7 @@
module "gcp-network" {
source = "terraform-google-modules/network/google"
- version = ">= 4.0.1"
+ version = ">= 7.5"
project_id = var.project_id
network_name = local.network_name
diff --git a/examples/simple_autopilot_private_non_default_sa/versions.tf b/examples/simple_autopilot_private_non_default_sa/versions.tf
index 210a18748..4c9261fce 100644
--- a/examples/simple_autopilot_private_non_default_sa/versions.tf
+++ b/examples/simple_autopilot_private_non_default_sa/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_autopilot_public/main.tf b/examples/simple_autopilot_public/main.tf
index 8d3214686..3a673fa08 100644
--- a/examples/simple_autopilot_public/main.tf
+++ b/examples/simple_autopilot_public/main.tf
@@ -45,4 +45,5 @@ module "gke" {
release_channel = "REGULAR"
enable_vertical_pod_autoscaling = true
network_tags = [local.cluster_type]
+ deletion_protection = false
}
diff --git a/examples/simple_autopilot_public/network.tf b/examples/simple_autopilot_public/network.tf
index 1a4161bea..436d47186 100644
--- a/examples/simple_autopilot_public/network.tf
+++ b/examples/simple_autopilot_public/network.tf
@@ -16,7 +16,7 @@
module "gcp-network" {
source = "terraform-google-modules/network/google"
- version = ">= 4.0.1"
+ version = ">= 7.5"
project_id = var.project_id
network_name = local.network_name
diff --git a/examples/simple_autopilot_public/versions.tf b/examples/simple_autopilot_public/versions.tf
index 210a18748..4c9261fce 100644
--- a/examples/simple_autopilot_public/versions.tf
+++ b/examples/simple_autopilot_public/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf
index 33a1fdaf7..d26114ead 100644
--- a/examples/simple_regional/main.tf
+++ b/examples/simple_regional/main.tf
@@ -41,4 +41,5 @@ module "gke" {
enable_cost_allocation = true
enable_binary_authorization = var.enable_binary_authorization
gcs_fuse_csi_driver = true
+ deletion_protection = false
}
diff --git a/examples/simple_regional/versions.tf b/examples/simple_regional/versions.tf
index e8fbb1aad..61934a306 100644
--- a/examples/simple_regional/versions.tf
+++ b/examples/simple_regional/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_regional_beta/main.tf b/examples/simple_regional_beta/main.tf
index 6131cff65..a572d3396 100644
--- a/examples/simple_regional_beta/main.tf
+++ b/examples/simple_regional_beta/main.tf
@@ -51,6 +51,7 @@ module "gke" {
release_channel = "REGULAR"
logging_enabled_components = ["SYSTEM_COMPONENTS"]
monitoring_enabled_components = ["SYSTEM_COMPONENTS"]
+ deletion_protection = false
# Disable workload identity
identity_namespace = null
diff --git a/examples/simple_regional_beta/versions.tf b/examples/simple_regional_beta/versions.tf
index 9d7a49648..6dfcbcb74 100644
--- a/examples/simple_regional_beta/versions.tf
+++ b/examples/simple_regional_beta/versions.tf
@@ -21,8 +21,7 @@ terraform {
source = "hashicorp/google"
}
google-beta = {
- source = "hashicorp/google-beta"
- version = "~> 4.0"
+ source = "hashicorp/google-beta"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_regional_private/main.tf b/examples/simple_regional_private/main.tf
index 15c24d8ed..ad85a3774 100644
--- a/examples/simple_regional_private/main.tf
+++ b/examples/simple_regional_private/main.tf
@@ -49,6 +49,7 @@ module "gke" {
master_ipv4_cidr_block = "172.16.0.0/28"
default_max_pods_per_node = 20
remove_default_node_pool = true
+ deletion_protection = false
node_pools = [
{
diff --git a/examples/simple_regional_private/versions.tf b/examples/simple_regional_private/versions.tf
index e8fbb1aad..61934a306 100644
--- a/examples/simple_regional_private/versions.tf
+++ b/examples/simple_regional_private/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf
index c34645d67..bc439415f 100644
--- a/examples/simple_regional_private_beta/main.tf
+++ b/examples/simple_regional_private_beta/main.tf
@@ -46,6 +46,7 @@ module "gke" {
enable_private_endpoint = true
enable_private_nodes = true
master_ipv4_cidr_block = "172.16.0.0/28"
+ deletion_protection = false
master_authorized_networks = [
{
diff --git a/examples/simple_regional_private_beta/versions.tf b/examples/simple_regional_private_beta/versions.tf
index bd6eb4f18..6dfcbcb74 100644
--- a/examples/simple_regional_private_beta/versions.tf
+++ b/examples/simple_regional_private_beta/versions.tf
@@ -18,12 +18,10 @@ terraform {
required_version = ">= 0.13"
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
google-beta = {
- source = "hashicorp/google-beta"
- version = "~> 4.0"
+ source = "hashicorp/google-beta"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_regional_private_with_cluster_version/main.tf b/examples/simple_regional_private_with_cluster_version/main.tf
index 87b415afb..065e0f42e 100644
--- a/examples/simple_regional_private_with_cluster_version/main.tf
+++ b/examples/simple_regional_private_with_cluster_version/main.tf
@@ -50,6 +50,7 @@ module "gke" {
master_ipv4_cidr_block = "172.16.0.0/28"
default_max_pods_per_node = 20
remove_default_node_pool = true
+ deletion_protection = false
node_pools = [
{
diff --git a/examples/simple_regional_private_with_cluster_version/versions.tf b/examples/simple_regional_private_with_cluster_version/versions.tf
index e8fbb1aad..61934a306 100644
--- a/examples/simple_regional_private_with_cluster_version/versions.tf
+++ b/examples/simple_regional_private_with_cluster_version/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_regional_with_gateway_api/main.tf b/examples/simple_regional_with_gateway_api/main.tf
index e7a4e78ff..ad778840f 100644
--- a/examples/simple_regional_with_gateway_api/main.tf
+++ b/examples/simple_regional_with_gateway_api/main.tf
@@ -41,4 +41,5 @@ module "gke" {
enable_cost_allocation = true
enable_binary_authorization = var.enable_binary_authorization
gateway_api_channel = var.gateway_api_channel
+ deletion_protection = false
}
diff --git a/examples/simple_regional_with_gateway_api/versions.tf b/examples/simple_regional_with_gateway_api/versions.tf
index e8fbb1aad..61934a306 100644
--- a/examples/simple_regional_with_gateway_api/versions.tf
+++ b/examples/simple_regional_with_gateway_api/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_regional_with_kubeconfig/main.tf b/examples/simple_regional_with_kubeconfig/main.tf
index b0aecd4fc..0c35a3a0e 100644
--- a/examples/simple_regional_with_kubeconfig/main.tf
+++ b/examples/simple_regional_with_kubeconfig/main.tf
@@ -38,6 +38,7 @@ module "gke" {
ip_range_services = var.ip_range_services
create_service_account = false
service_account = var.compute_engine_service_account
+ deletion_protection = false
}
module "gke_auth" {
diff --git a/examples/simple_regional_with_kubeconfig/versions.tf b/examples/simple_regional_with_kubeconfig/versions.tf
index e8fbb1aad..61934a306 100644
--- a/examples/simple_regional_with_kubeconfig/versions.tf
+++ b/examples/simple_regional_with_kubeconfig/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_regional_with_networking/main.tf b/examples/simple_regional_with_networking/main.tf
index 48cfb8325..b9bcec330 100644
--- a/examples/simple_regional_with_networking/main.tf
+++ b/examples/simple_regional_with_networking/main.tf
@@ -24,7 +24,7 @@ provider "kubernetes" {
module "gcp-network" {
source = "terraform-google-modules/network/google"
- version = ">= 4.0.1"
+ version = ">= 7.5"
project_id = var.project_id
network_name = var.network
@@ -62,4 +62,5 @@ module "gke" {
ip_range_pods = var.ip_range_pods_name
ip_range_services = var.ip_range_services_name
create_service_account = true
+ deletion_protection = false
}
diff --git a/examples/simple_regional_with_networking/versions.tf b/examples/simple_regional_with_networking/versions.tf
index e8fbb1aad..61934a306 100644
--- a/examples/simple_regional_with_networking/versions.tf
+++ b/examples/simple_regional_with_networking/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_windows_node_pool/main.tf b/examples/simple_windows_node_pool/main.tf
index 611c9b09b..4ff9dc6fd 100644
--- a/examples/simple_windows_node_pool/main.tf
+++ b/examples/simple_windows_node_pool/main.tf
@@ -43,6 +43,7 @@ module "gke" {
remove_default_node_pool = true
service_account = "create"
release_channel = "REGULAR"
+ deletion_protection = false
node_pools = [
{
diff --git a/examples/simple_windows_node_pool/versions.tf b/examples/simple_windows_node_pool/versions.tf
index 9d7a49648..6dfcbcb74 100644
--- a/examples/simple_windows_node_pool/versions.tf
+++ b/examples/simple_windows_node_pool/versions.tf
@@ -21,8 +21,7 @@ terraform {
source = "hashicorp/google"
}
google-beta = {
- source = "hashicorp/google-beta"
- version = "~> 4.0"
+ source = "hashicorp/google-beta"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_zonal_private/main.tf b/examples/simple_zonal_private/main.tf
index e845f41ca..1dbe43df7 100644
--- a/examples/simple_zonal_private/main.tf
+++ b/examples/simple_zonal_private/main.tf
@@ -48,6 +48,7 @@ module "gke" {
enable_private_endpoint = true
enable_private_nodes = true
master_ipv4_cidr_block = "172.16.0.0/28"
+ deletion_protection = false
master_authorized_networks = [
{
diff --git a/examples/simple_zonal_private/versions.tf b/examples/simple_zonal_private/versions.tf
index e8fbb1aad..61934a306 100644
--- a/examples/simple_zonal_private/versions.tf
+++ b/examples/simple_zonal_private/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_zonal_with_acm/main.tf b/examples/simple_zonal_with_acm/main.tf
index 31d374a60..d57d2edf2 100644
--- a/examples/simple_zonal_with_acm/main.tf
+++ b/examples/simple_zonal_with_acm/main.tf
@@ -44,7 +44,8 @@ module "gke" {
ip_range_pods = google_compute_subnetwork.main.secondary_ip_range[0].range_name
ip_range_services = google_compute_subnetwork.main.secondary_ip_range[1].range_name
- service_account = "create"
+ service_account = "create"
+ deletion_protection = false
node_pools = [
{
name = "acm-node-pool"
diff --git a/examples/simple_zonal_with_acm/versions.tf b/examples/simple_zonal_with_acm/versions.tf
index 591f74220..eb80e4fc6 100644
--- a/examples/simple_zonal_with_acm/versions.tf
+++ b/examples/simple_zonal_with_acm/versions.tf
@@ -17,12 +17,11 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
- version = "~> 2.10"
+ version = ">= 2.10"
}
random = {
source = "hashicorp/random"
diff --git a/examples/simple_zonal_with_asm/main.tf b/examples/simple_zonal_with_asm/main.tf
index 97aa499dc..1c26f6b20 100644
--- a/examples/simple_zonal_with_asm/main.tf
+++ b/examples/simple_zonal_with_asm/main.tf
@@ -41,6 +41,7 @@ module "gke" {
network_policy = false
cluster_resource_labels = { "mesh_id" : "proj-${data.google_project.project.number}" }
identity_namespace = "${var.project_id}.svc.id.goog"
+ deletion_protection = false
node_pools = [
{
name = "asm-node-pool"
@@ -61,4 +62,5 @@ module "asm" {
enable_cni = true
enable_fleet_registration = true
enable_mesh_feature = true
+
}
diff --git a/examples/simple_zonal_with_asm/versions.tf b/examples/simple_zonal_with_asm/versions.tf
index bd6eb4f18..6dfcbcb74 100644
--- a/examples/simple_zonal_with_asm/versions.tf
+++ b/examples/simple_zonal_with_asm/versions.tf
@@ -18,12 +18,10 @@ terraform {
required_version = ">= 0.13"
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
google-beta = {
- source = "hashicorp/google-beta"
- version = "~> 4.0"
+ source = "hashicorp/google-beta"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_zonal_with_hub/main.tf b/examples/simple_zonal_with_hub/main.tf
index 09e0bd59c..db47ffe9a 100644
--- a/examples/simple_zonal_with_hub/main.tf
+++ b/examples/simple_zonal_with_hub/main.tf
@@ -40,7 +40,8 @@ module "gke" {
ip_range_pods = google_compute_subnetwork.main.secondary_ip_range[0].range_name
ip_range_services = google_compute_subnetwork.main.secondary_ip_range[1].range_name
- service_account = "create"
+ service_account = "create"
+ deletion_protection = false
node_pools = [
{
name = "node-pool"
diff --git a/examples/simple_zonal_with_hub/versions.tf b/examples/simple_zonal_with_hub/versions.tf
index e8fbb1aad..61934a306 100644
--- a/examples/simple_zonal_with_hub/versions.tf
+++ b/examples/simple_zonal_with_hub/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/simple_zonal_with_hub_kubeconfig/versions.tf b/examples/simple_zonal_with_hub_kubeconfig/versions.tf
index d03a5c98f..5fa034cfc 100644
--- a/examples/simple_zonal_with_hub_kubeconfig/versions.tf
+++ b/examples/simple_zonal_with_hub_kubeconfig/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kind = {
source = "kyma-incubator/kind"
diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf
index 808f4b436..79c6f2d8a 100644
--- a/examples/stub_domains/main.tf
+++ b/examples/stub_domains/main.tf
@@ -37,6 +37,7 @@ module "gke" {
ip_range_services = var.ip_range_services
service_account = var.compute_engine_service_account
create_service_account = false
+ deletion_protection = false
configure_ip_masq = true
diff --git a/examples/stub_domains/versions.tf b/examples/stub_domains/versions.tf
index e8fbb1aad..61934a306 100644
--- a/examples/stub_domains/versions.tf
+++ b/examples/stub_domains/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/stub_domains_private/main.tf b/examples/stub_domains_private/main.tf
index 3a04cfbe3..5f54705e4 100644
--- a/examples/stub_domains_private/main.tf
+++ b/examples/stub_domains_private/main.tf
@@ -42,6 +42,7 @@ module "gke" {
deploy_using_private_endpoint = true
enable_private_endpoint = false
enable_private_nodes = true
+ deletion_protection = false
master_authorized_networks = [
{
diff --git a/examples/stub_domains_private/versions.tf b/examples/stub_domains_private/versions.tf
index e8fbb1aad..61934a306 100644
--- a/examples/stub_domains_private/versions.tf
+++ b/examples/stub_domains_private/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/stub_domains_upstream_nameservers/main.tf b/examples/stub_domains_upstream_nameservers/main.tf
index d9aa82bab..65be8b4c9 100644
--- a/examples/stub_domains_upstream_nameservers/main.tf
+++ b/examples/stub_domains_upstream_nameservers/main.tf
@@ -37,6 +37,7 @@ module "gke" {
ip_range_services = var.ip_range_services
create_service_account = false
service_account = var.compute_engine_service_account
+ deletion_protection = false
configure_ip_masq = true
diff --git a/examples/stub_domains_upstream_nameservers/versions.tf b/examples/stub_domains_upstream_nameservers/versions.tf
index 424ba9ae7..3a0cc5515 100644
--- a/examples/stub_domains_upstream_nameservers/versions.tf
+++ b/examples/stub_domains_upstream_nameservers/versions.tf
@@ -18,8 +18,7 @@ terraform {
required_version = ">= 0.13"
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/upstream_nameservers/main.tf b/examples/upstream_nameservers/main.tf
index df8954c3b..644878bd0 100644
--- a/examples/upstream_nameservers/main.tf
+++ b/examples/upstream_nameservers/main.tf
@@ -40,4 +40,5 @@ module "gke" {
configure_ip_masq = true
upstream_nameservers = ["8.8.8.8", "8.8.4.4"]
+ deletion_protection = false
}
diff --git a/examples/upstream_nameservers/versions.tf b/examples/upstream_nameservers/versions.tf
index 424ba9ae7..3a0cc5515 100644
--- a/examples/upstream_nameservers/versions.tf
+++ b/examples/upstream_nameservers/versions.tf
@@ -18,8 +18,7 @@ terraform {
required_version = ">= 0.13"
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/workload_identity/main.tf b/examples/workload_identity/main.tf
index 4ea51c67a..2fd515989 100644
--- a/examples/workload_identity/main.tf
+++ b/examples/workload_identity/main.tf
@@ -38,6 +38,7 @@ module "gke" {
remove_default_node_pool = true
service_account = "create"
node_metadata = "GKE_METADATA"
+ deletion_protection = false
node_pools = [
{
name = "wi-pool"
diff --git a/examples/workload_identity/versions.tf b/examples/workload_identity/versions.tf
index e8fbb1aad..61934a306 100644
--- a/examples/workload_identity/versions.tf
+++ b/examples/workload_identity/versions.tf
@@ -17,8 +17,7 @@
terraform {
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.0"
+ source = "hashicorp/google"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/examples/workload_metadata_config/main.tf b/examples/workload_metadata_config/main.tf
index a1443f285..770ab9645 100644
--- a/examples/workload_metadata_config/main.tf
+++ b/examples/workload_metadata_config/main.tf
@@ -50,6 +50,7 @@ module "gke" {
enable_private_nodes = true
master_ipv4_cidr_block = "172.16.0.0/28"
node_metadata = "GKE_METADATA"
+ deletion_protection = false
master_authorized_networks = [
{
diff --git a/examples/workload_metadata_config/versions.tf b/examples/workload_metadata_config/versions.tf
index 9d7a49648..6dfcbcb74 100644
--- a/examples/workload_metadata_config/versions.tf
+++ b/examples/workload_metadata_config/versions.tf
@@ -21,8 +21,7 @@ terraform {
source = "hashicorp/google"
}
google-beta = {
- source = "hashicorp/google-beta"
- version = "~> 4.0"
+ source = "hashicorp/google-beta"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/acm/versions.tf b/modules/acm/versions.tf
index 4dd1d8b3b..965bacd6e 100644
--- a/modules/acm/versions.tf
+++ b/modules/acm/versions.tf
@@ -29,11 +29,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.32.0, < 5.0"
+ version = ">= 4.32.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.32.0, < 5.0"
+ version = ">= 4.32.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/asm/versions.tf b/modules/asm/versions.tf
index f628eb7d1..df1f47ae4 100644
--- a/modules/asm/versions.tf
+++ b/modules/asm/versions.tf
@@ -26,12 +26,12 @@ terraform {
google = {
source = "hashicorp/google"
# Avoid v4.49 and v4.50 for https://github.com/hashicorp/terraform-provider-google/issues/13507
- version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 5.0"
+ version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
# Avoid v4.49 and v4.50 for https://github.com/hashicorp/terraform-provider-google/issues/13507
- version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 5.0"
+ version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 6"
}
}
diff --git a/modules/auth/versions.tf b/modules/auth/versions.tf
index 9293f58e4..14c6e1803 100644
--- a/modules/auth/versions.tf
+++ b/modules/auth/versions.tf
@@ -21,7 +21,7 @@ terraform {
google = {
source = "hashicorp/google"
# Avoid v4.49 and v4.50 for https://github.com/hashicorp/terraform-provider-google/issues/13507
- version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 5.0"
+ version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 6"
}
}
diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md
index c2f326a07..d07c96ba6 100644
--- a/modules/beta-autopilot-private-cluster/README.md
+++ b/modules/beta-autopilot-private-cluster/README.md
@@ -81,6 +81,7 @@ Then perform the following commands on the root folder:
| configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no |
| create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no |
| database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | [
{
"key_name": "",
"state": "DECRYPTED"
}
]
| no |
+| deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no |
| deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | `bool` | `false` | no |
| description | The description of the cluster | `string` | `""` | no |
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
@@ -194,7 +195,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
- [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
#### Terraform and Plugins
- [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5
#### gcloud
Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf
index c21394721..62f7e174e 100644
--- a/modules/beta-autopilot-private-cluster/cluster.tf
+++ b/modules/beta-autopilot-private-cluster/cluster.tf
@@ -27,10 +27,12 @@ resource "google_container_cluster" "primary" {
project = var.project_id
resource_labels = var.cluster_resource_labels
- location = local.location
- node_locations = local.node_locations
- cluster_ipv4_cidr = var.cluster_ipv4_cidr
- network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ location = local.location
+ node_locations = local.node_locations
+ cluster_ipv4_cidr = var.cluster_ipv4_cidr
+ network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ deletion_protection = var.deletion_protection
+
dynamic "release_channel" {
for_each = local.release_channel
diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf
index f30c037ac..bf6494953 100644
--- a/modules/beta-autopilot-private-cluster/variables.tf
+++ b/modules/beta-autopilot-private-cluster/variables.tf
@@ -416,6 +416,12 @@ variable "notification_config_topic" {
default = ""
}
+variable "deletion_protection" {
+ type = bool
+ description = "Whether or not to allow Terraform to destroy the cluster."
+ default = true
+}
+
variable "enable_tpu" {
type = bool
description = "Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive!"
diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf
index b54731b25..c83240d24 100644
--- a/modules/beta-autopilot-private-cluster/versions.tf
+++ b/modules/beta-autopilot-private-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md
index 15bd0b50d..6214c27a0 100644
--- a/modules/beta-autopilot-public-cluster/README.md
+++ b/modules/beta-autopilot-public-cluster/README.md
@@ -75,6 +75,7 @@ Then perform the following commands on the root folder:
| configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no |
| create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no |
| database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | [
{
"key_name": "",
"state": "DECRYPTED"
}
]
| no |
+| deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no |
| description | The description of the cluster | `string` | `""` | no |
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
| dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `true` | no |
@@ -181,7 +182,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
- [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
#### Terraform and Plugins
- [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5
#### gcloud
Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf
index 762ed302e..b7466a440 100644
--- a/modules/beta-autopilot-public-cluster/cluster.tf
+++ b/modules/beta-autopilot-public-cluster/cluster.tf
@@ -27,10 +27,12 @@ resource "google_container_cluster" "primary" {
project = var.project_id
resource_labels = var.cluster_resource_labels
- location = local.location
- node_locations = local.node_locations
- cluster_ipv4_cidr = var.cluster_ipv4_cidr
- network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ location = local.location
+ node_locations = local.node_locations
+ cluster_ipv4_cidr = var.cluster_ipv4_cidr
+ network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ deletion_protection = var.deletion_protection
+
dynamic "release_channel" {
for_each = local.release_channel
diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf
index 7df45dbc9..6329fcd5c 100644
--- a/modules/beta-autopilot-public-cluster/variables.tf
+++ b/modules/beta-autopilot-public-cluster/variables.tf
@@ -386,6 +386,12 @@ variable "notification_config_topic" {
default = ""
}
+variable "deletion_protection" {
+ type = bool
+ description = "Whether or not to allow Terraform to destroy the cluster."
+ default = true
+}
+
variable "enable_tpu" {
type = bool
description = "Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive!"
diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf
index cc52cfb0c..62890efef 100644
--- a/modules/beta-autopilot-public-cluster/versions.tf
+++ b/modules/beta-autopilot-public-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
index 00e73921a..3133216c3 100644
--- a/modules/beta-private-cluster-update-variant/README.md
+++ b/modules/beta-private-cluster-update-variant/README.md
@@ -184,6 +184,7 @@ Then perform the following commands on the root folder:
| database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | [
{
"key_name": "",
"state": "DECRYPTED"
}
]
| no |
| datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no |
| default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no |
+| deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no |
| deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | `bool` | `false` | no |
| description | The description of the cluster | `string` | `""` | no |
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
@@ -402,7 +403,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
- [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
#### Terraform and Plugins
- [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5
#### gcloud
Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
index 741b70219..87edc410f 100644
--- a/modules/beta-private-cluster-update-variant/cluster.tf
+++ b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -27,10 +27,12 @@ resource "google_container_cluster" "primary" {
project = var.project_id
resource_labels = var.cluster_resource_labels
- location = local.location
- node_locations = local.node_locations
- cluster_ipv4_cidr = var.cluster_ipv4_cidr
- network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ location = local.location
+ node_locations = local.node_locations
+ cluster_ipv4_cidr = var.cluster_ipv4_cidr
+ network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ deletion_protection = var.deletion_protection
+
dynamic "network_policy" {
for_each = local.cluster_network_policy
diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
index aa51f0628..69cd142d8 100644
--- a/modules/beta-private-cluster-update-variant/variables.tf
+++ b/modules/beta-private-cluster-update-variant/variables.tf
@@ -561,6 +561,12 @@ variable "notification_config_topic" {
default = ""
}
+variable "deletion_protection" {
+ type = bool
+ description = "Whether or not to allow Terraform to destroy the cluster."
+ default = true
+}
+
variable "enable_tpu" {
type = bool
description = "Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive!"
diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf
index a7cd79e65..ae11c8aa8 100644
--- a/modules/beta-private-cluster-update-variant/versions.tf
+++ b/modules/beta-private-cluster-update-variant/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
index 038feab52..8664b78ef 100644
--- a/modules/beta-private-cluster/README.md
+++ b/modules/beta-private-cluster/README.md
@@ -162,6 +162,7 @@ Then perform the following commands on the root folder:
| database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | [
{
"key_name": "",
"state": "DECRYPTED"
}
]
| no |
| datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no |
| default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no |
+| deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no |
| deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | `bool` | `false` | no |
| description | The description of the cluster | `string` | `""` | no |
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
@@ -380,7 +381,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
- [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
#### Terraform and Plugins
- [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5
#### gcloud
Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
index d019533f0..048c45233 100644
--- a/modules/beta-private-cluster/cluster.tf
+++ b/modules/beta-private-cluster/cluster.tf
@@ -27,10 +27,12 @@ resource "google_container_cluster" "primary" {
project = var.project_id
resource_labels = var.cluster_resource_labels
- location = local.location
- node_locations = local.node_locations
- cluster_ipv4_cidr = var.cluster_ipv4_cidr
- network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ location = local.location
+ node_locations = local.node_locations
+ cluster_ipv4_cidr = var.cluster_ipv4_cidr
+ network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ deletion_protection = var.deletion_protection
+
dynamic "network_policy" {
for_each = local.cluster_network_policy
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
index aa51f0628..69cd142d8 100644
--- a/modules/beta-private-cluster/variables.tf
+++ b/modules/beta-private-cluster/variables.tf
@@ -561,6 +561,12 @@ variable "notification_config_topic" {
default = ""
}
+variable "deletion_protection" {
+ type = bool
+ description = "Whether or not to allow Terraform to destroy the cluster."
+ default = true
+}
+
variable "enable_tpu" {
type = bool
description = "Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive!"
diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf
index 18b79d6b9..b637837ae 100644
--- a/modules/beta-private-cluster/versions.tf
+++ b/modules/beta-private-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
index 1e3e3c9d9..b9e5f8136 100644
--- a/modules/beta-public-cluster-update-variant/README.md
+++ b/modules/beta-public-cluster-update-variant/README.md
@@ -178,6 +178,7 @@ Then perform the following commands on the root folder:
| database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | [
{
"key_name": "",
"state": "DECRYPTED"
}
]
| no |
| datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no |
| default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no |
+| deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no |
| description | The description of the cluster | `string` | `""` | no |
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
| disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no |
@@ -390,7 +391,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
- [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
#### Terraform and Plugins
- [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5
#### gcloud
Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
index c62265430..c0fe6d89d 100644
--- a/modules/beta-public-cluster-update-variant/cluster.tf
+++ b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -27,10 +27,12 @@ resource "google_container_cluster" "primary" {
project = var.project_id
resource_labels = var.cluster_resource_labels
- location = local.location
- node_locations = local.node_locations
- cluster_ipv4_cidr = var.cluster_ipv4_cidr
- network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ location = local.location
+ node_locations = local.node_locations
+ cluster_ipv4_cidr = var.cluster_ipv4_cidr
+ network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ deletion_protection = var.deletion_protection
+
dynamic "network_policy" {
for_each = local.cluster_network_policy
diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf
index 120876600..461e0e4f4 100644
--- a/modules/beta-public-cluster-update-variant/variables.tf
+++ b/modules/beta-public-cluster-update-variant/variables.tf
@@ -531,6 +531,12 @@ variable "notification_config_topic" {
default = ""
}
+variable "deletion_protection" {
+ type = bool
+ description = "Whether or not to allow Terraform to destroy the cluster."
+ default = true
+}
+
variable "enable_tpu" {
type = bool
description = "Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive!"
diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf
index 97e209265..0c96ef78c 100644
--- a/modules/beta-public-cluster-update-variant/versions.tf
+++ b/modules/beta-public-cluster-update-variant/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
index 4d8cb1206..94b8f8be5 100644
--- a/modules/beta-public-cluster/README.md
+++ b/modules/beta-public-cluster/README.md
@@ -156,6 +156,7 @@ Then perform the following commands on the root folder:
| database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | [
{
"key_name": "",
"state": "DECRYPTED"
}
]
| no |
| datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no |
| default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no |
+| deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no |
| description | The description of the cluster | `string` | `""` | no |
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
| disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no |
@@ -368,7 +369,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
- [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
#### Terraform and Plugins
- [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5
#### gcloud
Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
index 1885e5085..5f2b3615e 100644
--- a/modules/beta-public-cluster/cluster.tf
+++ b/modules/beta-public-cluster/cluster.tf
@@ -27,10 +27,12 @@ resource "google_container_cluster" "primary" {
project = var.project_id
resource_labels = var.cluster_resource_labels
- location = local.location
- node_locations = local.node_locations
- cluster_ipv4_cidr = var.cluster_ipv4_cidr
- network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ location = local.location
+ node_locations = local.node_locations
+ cluster_ipv4_cidr = var.cluster_ipv4_cidr
+ network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ deletion_protection = var.deletion_protection
+
dynamic "network_policy" {
for_each = local.cluster_network_policy
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
index 120876600..461e0e4f4 100644
--- a/modules/beta-public-cluster/variables.tf
+++ b/modules/beta-public-cluster/variables.tf
@@ -531,6 +531,12 @@ variable "notification_config_topic" {
default = ""
}
+variable "deletion_protection" {
+ type = bool
+ description = "Whether or not to allow Terraform to destroy the cluster."
+ default = true
+}
+
variable "enable_tpu" {
type = bool
description = "Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive!"
diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf
index b3871e81e..606d39ee9 100644
--- a/modules/beta-public-cluster/versions.tf
+++ b/modules/beta-public-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/binary-authorization/versions.tf b/modules/binary-authorization/versions.tf
index 92dfff669..d7882fc9d 100644
--- a/modules/binary-authorization/versions.tf
+++ b/modules/binary-authorization/versions.tf
@@ -20,11 +20,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "< 5.0"
+ version = "< 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = "< 5.0"
+ version = "< 6"
}
}
provider_meta "google" {
diff --git a/modules/fleet-membership/versions.tf b/modules/fleet-membership/versions.tf
index 9b92c56c5..228add6a4 100644
--- a/modules/fleet-membership/versions.tf
+++ b/modules/fleet-membership/versions.tf
@@ -22,12 +22,12 @@ terraform {
google = {
source = "hashicorp/google"
# Avoid v4.49 and v4.50 for https://github.com/hashicorp/terraform-provider-google/issues/13507
- version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 5.0"
+ version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
# Avoid v4.49 and v4.50 for https://github.com/hashicorp/terraform-provider-google/issues/13507
- version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 5.0"
+ version = ">= 4.47.0, != 4.49.0, != 4.50.0, < 6"
}
}
diff --git a/modules/hub-legacy/versions.tf b/modules/hub-legacy/versions.tf
index 9dda131b4..9ff542b71 100644
--- a/modules/hub-legacy/versions.tf
+++ b/modules/hub-legacy/versions.tf
@@ -20,11 +20,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "< 5.0"
+ version = "< 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = "< 5.0"
+ version = "< 6"
}
}
provider_meta "google" {
diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md
index 15a49d4e2..e17f5dc79 100644
--- a/modules/private-cluster-update-variant/README.md
+++ b/modules/private-cluster-update-variant/README.md
@@ -177,6 +177,7 @@ Then perform the following commands on the root folder:
| database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | [
{
"key_name": "",
"state": "DECRYPTED"
}
]
| no |
| datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no |
| default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no |
+| deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no |
| deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | `bool` | `false` | no |
| description | The description of the cluster | `string` | `""` | no |
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
@@ -366,7 +367,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
- [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
#### Terraform and Plugins
- [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP][terraform-provider-google] v4.51
+- [Terraform Provider for GCP][terraform-provider-google] v5
#### gcloud
Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
index 41a7e2f35..8d47a9ddb 100644
--- a/modules/private-cluster-update-variant/cluster.tf
+++ b/modules/private-cluster-update-variant/cluster.tf
@@ -27,10 +27,12 @@ resource "google_container_cluster" "primary" {
project = var.project_id
resource_labels = var.cluster_resource_labels
- location = local.location
- node_locations = local.node_locations
- cluster_ipv4_cidr = var.cluster_ipv4_cidr
- network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ location = local.location
+ node_locations = local.node_locations
+ cluster_ipv4_cidr = var.cluster_ipv4_cidr
+ network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ deletion_protection = var.deletion_protection
+
dynamic "network_policy" {
for_each = local.cluster_network_policy
diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf
index a7acb4d2e..81b91e3b3 100644
--- a/modules/private-cluster-update-variant/variables.tf
+++ b/modules/private-cluster-update-variant/variables.tf
@@ -530,6 +530,12 @@ variable "notification_config_topic" {
default = ""
}
+variable "deletion_protection" {
+ type = bool
+ description = "Whether or not to allow Terraform to destroy the cluster."
+ default = true
+}
+
variable "network_policy" {
type = bool
description = "Enable network policy addon"
diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf
index dd78320bc..d2bf3cdac 100644
--- a/modules/private-cluster-update-variant/versions.tf
+++ b/modules/private-cluster-update-variant/versions.tf
@@ -21,7 +21,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md
index 25688b62b..5c50f77b9 100644
--- a/modules/private-cluster/README.md
+++ b/modules/private-cluster/README.md
@@ -155,6 +155,7 @@ Then perform the following commands on the root folder:
| database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | [
{
"key_name": "",
"state": "DECRYPTED"
}
]
| no |
| datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no |
| default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no |
+| deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no |
| deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | `bool` | `false` | no |
| description | The description of the cluster | `string` | `""` | no |
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
@@ -344,7 +345,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
- [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
#### Terraform and Plugins
- [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP][terraform-provider-google] v4.51
+- [Terraform Provider for GCP][terraform-provider-google] v5
#### gcloud
Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
index 406c1933c..d14d8b970 100644
--- a/modules/private-cluster/cluster.tf
+++ b/modules/private-cluster/cluster.tf
@@ -27,10 +27,12 @@ resource "google_container_cluster" "primary" {
project = var.project_id
resource_labels = var.cluster_resource_labels
- location = local.location
- node_locations = local.node_locations
- cluster_ipv4_cidr = var.cluster_ipv4_cidr
- network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ location = local.location
+ node_locations = local.node_locations
+ cluster_ipv4_cidr = var.cluster_ipv4_cidr
+ network = "projects/${local.network_project_id}/global/networks/${var.network}"
+ deletion_protection = var.deletion_protection
+
dynamic "network_policy" {
for_each = local.cluster_network_policy
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
index a7acb4d2e..81b91e3b3 100644
--- a/modules/private-cluster/variables.tf
+++ b/modules/private-cluster/variables.tf
@@ -530,6 +530,12 @@ variable "notification_config_topic" {
default = ""
}
+variable "deletion_protection" {
+ type = bool
+ description = "Whether or not to allow Terraform to destroy the cluster."
+ default = true
+}
+
variable "network_policy" {
type = bool
description = "Enable network policy addon"
diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf
index c323f025f..839c25d53 100644
--- a/modules/private-cluster/versions.tf
+++ b/modules/private-cluster/versions.tf
@@ -21,7 +21,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md
index a0093c693..8aa383cec 100644
--- a/modules/safer-cluster-update-variant/README.md
+++ b/modules/safer-cluster-update-variant/README.md
@@ -214,6 +214,7 @@ For simplicity, we suggest using `roles/container.admin` and
| database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | [
{
"key_name": "",
"state": "DECRYPTED"
}
]
| no |
| datapath\_provider | The desired datapath provider for this cluster. By default, `ADVANCED_DATAPATH` enables Dataplane-V2 feature. `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation as a fallback since upgrading to V2 requires a cluster re-creation. | `string` | `"ADVANCED_DATAPATH"` | no |
| default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no |
+| deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no |
| description | The description of the cluster | `string` | `""` | no |
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
| dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `false` | no |
diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf
index 4579d88fd..3da128f44 100644
--- a/modules/safer-cluster-update-variant/main.tf
+++ b/modules/safer-cluster-update-variant/main.tf
@@ -19,15 +19,16 @@
// The safer-cluster module is based on a private cluster, with a several
// settings set to recommended values by default.
module "gke" {
- source = "../beta-private-cluster-update-variant/"
- project_id = var.project_id
- name = var.name
- description = var.description
- regional = var.regional
- region = var.region
- zones = var.zones
- network = var.network
- network_project_id = var.network_project_id
+ source = "../beta-private-cluster-update-variant/"
+ project_id = var.project_id
+ name = var.name
+ description = var.description
+ regional = var.regional
+ region = var.region
+ zones = var.zones
+ network = var.network
+ network_project_id = var.network_project_id
+ deletion_protection = var.deletion_protection
// We need to enforce a minimum Kubernetes Version to ensure
// that the necessary security features are enabled.
diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf
index c0434025f..2b51a9754 100644
--- a/modules/safer-cluster-update-variant/variables.tf
+++ b/modules/safer-cluster-update-variant/variables.tf
@@ -520,3 +520,9 @@ variable "workload_config_audit_mode" {
type = string
default = "DISABLED"
}
+
+variable "deletion_protection" {
+ type = bool
+ description = "Whether or not to allow Terraform to destroy the cluster."
+ default = true
+}
diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md
index a0093c693..8aa383cec 100644
--- a/modules/safer-cluster/README.md
+++ b/modules/safer-cluster/README.md
@@ -214,6 +214,7 @@ For simplicity, we suggest using `roles/container.admin` and
| database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | [
{
"key_name": "",
"state": "DECRYPTED"
}
]
| no |
| datapath\_provider | The desired datapath provider for this cluster. By default, `ADVANCED_DATAPATH` enables Dataplane-V2 feature. `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation as a fallback since upgrading to V2 requires a cluster re-creation. | `string` | `"ADVANCED_DATAPATH"` | no |
| default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no |
+| deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no |
| description | The description of the cluster | `string` | `""` | no |
| disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
| dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `false` | no |
diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf
index c5232566e..67a3a54ed 100644
--- a/modules/safer-cluster/main.tf
+++ b/modules/safer-cluster/main.tf
@@ -19,15 +19,16 @@
// The safer-cluster module is based on a private cluster, with a several
// settings set to recommended values by default.
module "gke" {
- source = "../beta-private-cluster/"
- project_id = var.project_id
- name = var.name
- description = var.description
- regional = var.regional
- region = var.region
- zones = var.zones
- network = var.network
- network_project_id = var.network_project_id
+ source = "../beta-private-cluster/"
+ project_id = var.project_id
+ name = var.name
+ description = var.description
+ regional = var.regional
+ region = var.region
+ zones = var.zones
+ network = var.network
+ network_project_id = var.network_project_id
+ deletion_protection = var.deletion_protection
// We need to enforce a minimum Kubernetes Version to ensure
// that the necessary security features are enabled.
diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf
index c0434025f..2b51a9754 100644
--- a/modules/safer-cluster/variables.tf
+++ b/modules/safer-cluster/variables.tf
@@ -520,3 +520,9 @@ variable "workload_config_audit_mode" {
type = string
default = "DISABLED"
}
+
+variable "deletion_protection" {
+ type = bool
+ description = "Whether or not to allow Terraform to destroy the cluster."
+ default = true
+}
diff --git a/modules/workload-identity/versions.tf b/modules/workload-identity/versions.tf
index a539b9cdd..20ff4c50e 100644
--- a/modules/workload-identity/versions.tf
+++ b/modules/workload-identity/versions.tf
@@ -21,7 +21,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 3.39.0, < 5.0"
+ version = ">= 3.39.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/test/setup/versions.tf b/test/setup/versions.tf
index 7a5756099..8b79042d8 100644
--- a/test/setup/versions.tf
+++ b/test/setup/versions.tf
@@ -18,12 +18,10 @@ terraform {
required_version = ">= 0.13"
required_providers {
google = {
- source = "hashicorp/google"
- version = "~> 4.1"
+ source = "hashicorp/google"
}
google-beta = {
- source = "hashicorp/google-beta"
- version = "~> 4.45"
+ source = "hashicorp/google-beta"
}
random = {
source = "hashicorp/random"
diff --git a/variables.tf b/variables.tf
index 1cb3055c3..13c6ba804 100644
--- a/variables.tf
+++ b/variables.tf
@@ -500,6 +500,12 @@ variable "notification_config_topic" {
default = ""
}
+variable "deletion_protection" {
+ type = bool
+ description = "Whether or not to allow Terraform to destroy the cluster."
+ default = true
+}
+
variable "network_policy" {
type = bool
description = "Enable network policy addon"
diff --git a/versions.tf b/versions.tf
index dc299651d..a6233b06e 100644
--- a/versions.tf
+++ b/versions.tf
@@ -21,7 +21,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 5.0.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"