From 47b5ff67595b090446d563c406fca89d8f1f7c1e Mon Sep 17 00:00:00 2001 From: Eric Zhao Date: Tue, 9 Aug 2022 12:01:44 +1000 Subject: [PATCH] feat!: promote notification config & dns to ga (#1327) * feat: support notification config &dns in ga * feat: support notification config &dns in ga --- README.md | 2 ++ autogen/main/cluster.tf.tmpl | 11 +++++------ autogen/main/variables.tf.tmpl | 6 ++---- cluster.tf | 11 +++++++++++ modules/beta-autopilot-private-cluster/README.md | 2 +- modules/beta-autopilot-private-cluster/cluster.tf | 1 + modules/beta-autopilot-private-cluster/variables.tf | 2 +- modules/beta-autopilot-public-cluster/README.md | 2 +- modules/beta-autopilot-public-cluster/cluster.tf | 1 + modules/beta-autopilot-public-cluster/variables.tf | 2 +- .../beta-private-cluster-update-variant/README.md | 2 +- .../beta-private-cluster-update-variant/cluster.tf | 9 +++++---- .../beta-private-cluster-update-variant/variables.tf | 2 +- modules/beta-private-cluster/README.md | 2 +- modules/beta-private-cluster/cluster.tf | 9 +++++---- modules/beta-private-cluster/variables.tf | 2 +- modules/beta-public-cluster-update-variant/README.md | 2 +- .../beta-public-cluster-update-variant/cluster.tf | 9 +++++---- .../beta-public-cluster-update-variant/variables.tf | 2 +- modules/beta-public-cluster/README.md | 2 +- modules/beta-public-cluster/cluster.tf | 9 +++++---- modules/beta-public-cluster/variables.tf | 2 +- modules/private-cluster-update-variant/README.md | 2 ++ modules/private-cluster-update-variant/cluster.tf | 11 +++++++++++ modules/private-cluster-update-variant/variables.tf | 12 ++++++++++++ modules/private-cluster/README.md | 2 ++ modules/private-cluster/cluster.tf | 11 +++++++++++ modules/private-cluster/variables.tf | 12 ++++++++++++ variables.tf | 12 ++++++++++++ 29 files changed, 116 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index 6d70bb087..1e742fd33 100644 --- a/README.md +++ b/README.md @@ -146,6 +146,7 @@ Then perform the following commands on the root folder: | description | The description of the cluster | `string` | `""` | no | | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no | | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no | +| dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_resource\_consumption\_export | Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. | `bool` | `true` | no | @@ -185,6 +186,7 @@ Then perform the following commands on the root folder: | node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | 
{
  "all": [],
  "default-node-pool": []
}
| no | | node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | 
{
  "all": [],
  "default-node-pool": []
}
| no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` | 
[
  "10.0.0.0/8",
  "172.16.0.0/12",
  "192.168.0.0/16"
]
| no | +| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 9c7108100..5f68a77d2 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -211,11 +211,16 @@ resource "google_container_cluster" "primary" { disabled = !var.horizontal_pod_autoscaling } + {% if autopilot_cluster != true %} network_policy_config { disabled = !var.network_policy } + dns_cache_config { + enabled = var.dns_cache + } + gcp_filestore_csi_driver_config { enabled = var.filestore_csi_driver } @@ -235,10 +240,6 @@ resource "google_container_cluster" "primary" { } } - dns_cache_config { - enabled = var.dns_cache - } - dynamic "gce_persistent_disk_csi_driver_config" { for_each = local.cluster_gce_pd_csi_config @@ -462,14 +463,12 @@ resource "google_container_cluster" "primary" { } } - {% if beta_cluster %} notification_config { pubsub { enabled = var.notification_config_topic != "" ? true : false topic = var.notification_config_topic } } - {% endif %} } {% if autopilot_cluster != true %} /****************************************** diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 7cc07c857..4d6ca38cb 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -401,18 +401,16 @@ variable "master_global_access_enabled" { } {% endif %} {% endif %} -{% if beta_cluster %} variable "dns_cache" { type = bool - description = "(Beta) The status of the NodeLocal DNSCache addon." + description = "The status of the NodeLocal DNSCache addon." {% if autopilot_cluster == true %} default = true {% else %} default = false {% endif %} } -{% endif %} variable "authenticator_security_group" { type = string @@ -482,13 +480,13 @@ variable "disable_default_snat" { default = false } -{% if beta_cluster %} variable "notification_config_topic" { type = string description = "The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}." default = "" } +{% if beta_cluster %} variable "enable_tpu" { type = bool description = "Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive!" diff --git a/cluster.tf b/cluster.tf index d63244a6a..a6be1e50e 100644 --- a/cluster.tf +++ b/cluster.tf @@ -118,10 +118,15 @@ resource "google_container_cluster" "primary" { disabled = !var.horizontal_pod_autoscaling } + network_policy_config { disabled = !var.network_policy } + dns_cache_config { + enabled = var.dns_cache + } + gcp_filestore_csi_driver_config { enabled = var.filestore_csi_driver } @@ -278,6 +283,12 @@ resource "google_container_cluster" "primary" { } } + notification_config { + pubsub { + enabled = var.notification_config_topic != "" ? true : false + topic = var.notification_config_topic + } + } } /****************************************** Create Container Cluster node pools diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index f4dc735b6..fca9d502e 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -82,7 +82,7 @@ Then perform the following commands on the root folder: | deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | `bool` | `false` | no | | description | The description of the cluster | `string` | `""` | no | | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no | -| dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `true` | no | +| dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `true` | no | | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_private\_endpoint | (Beta) Whether the master's internal IP address is used as the cluster endpoint | `bool` | `false` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 08d06c247..e633e6546 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -97,6 +97,7 @@ resource "google_container_cluster" "primary" { disabled = !var.horizontal_pod_autoscaling } + } datapath_provider = var.datapath_provider diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 12109590f..e717a8045 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -291,7 +291,7 @@ variable "master_global_access_enabled" { variable "dns_cache" { type = bool - description = "(Beta) The status of the NodeLocal DNSCache addon." + description = "The status of the NodeLocal DNSCache addon." default = true } diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 975fb058a..ef5ef4120 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -75,7 +75,7 @@ Then perform the following commands on the root folder: | datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no | | description | The description of the cluster | `string` | `""` | no | | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no | -| dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `true` | no | +| dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `true` | no | | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_resource\_consumption\_export | Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. | `bool` | `true` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index e9e1e034e..4faa0daeb 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -97,6 +97,7 @@ resource "google_container_cluster" "primary" { disabled = !var.horizontal_pod_autoscaling } + } datapath_provider = var.datapath_provider diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index c0888cbf0..175291cac 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -260,7 +260,7 @@ variable "skip_provisioners" { variable "dns_cache" { type = bool - description = "(Beta) The status of the NodeLocal DNSCache addon." + description = "The status of the NodeLocal DNSCache addon." default = true } diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index d8ba23f22..a4e7b7c88 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -183,7 +183,7 @@ Then perform the following commands on the root folder: | description | The description of the cluster | `string` | `""` | no | | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no | | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no | -| dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | +| dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 0b094cd00..c021af1f6 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -174,10 +174,15 @@ resource "google_container_cluster" "primary" { disabled = !var.horizontal_pod_autoscaling } + network_policy_config { disabled = !var.network_policy } + dns_cache_config { + enabled = var.dns_cache + } + gcp_filestore_csi_driver_config { enabled = var.filestore_csi_driver } @@ -195,10 +200,6 @@ resource "google_container_cluster" "primary" { } } - dns_cache_config { - enabled = var.dns_cache - } - dynamic "gce_persistent_disk_csi_driver_config" { for_each = local.cluster_gce_pd_csi_config diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index b82f62ab3..94ef3de29 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -388,7 +388,7 @@ variable "master_global_access_enabled" { variable "dns_cache" { type = bool - description = "(Beta) The status of the NodeLocal DNSCache addon." + description = "The status of the NodeLocal DNSCache addon." default = false } diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 942f40642..02db4e155 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -161,7 +161,7 @@ Then perform the following commands on the root folder: | description | The description of the cluster | `string` | `""` | no | | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no | | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no | -| dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | +| dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 97ac128e4..fed5ed5b7 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -174,10 +174,15 @@ resource "google_container_cluster" "primary" { disabled = !var.horizontal_pod_autoscaling } + network_policy_config { disabled = !var.network_policy } + dns_cache_config { + enabled = var.dns_cache + } + gcp_filestore_csi_driver_config { enabled = var.filestore_csi_driver } @@ -195,10 +200,6 @@ resource "google_container_cluster" "primary" { } } - dns_cache_config { - enabled = var.dns_cache - } - dynamic "gce_persistent_disk_csi_driver_config" { for_each = local.cluster_gce_pd_csi_config diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index b82f62ab3..94ef3de29 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -388,7 +388,7 @@ variable "master_global_access_enabled" { variable "dns_cache" { type = bool - description = "(Beta) The status of the NodeLocal DNSCache addon." + description = "The status of the NodeLocal DNSCache addon." default = false } diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 6395dd02b..9a26ee6c2 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -176,7 +176,7 @@ Then perform the following commands on the root folder: | description | The description of the cluster | `string` | `""` | no | | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no | | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no | -| dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | +| dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 9a10cf15d..9bc1020c9 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -174,10 +174,15 @@ resource "google_container_cluster" "primary" { disabled = !var.horizontal_pod_autoscaling } + network_policy_config { disabled = !var.network_policy } + dns_cache_config { + enabled = var.dns_cache + } + gcp_filestore_csi_driver_config { enabled = var.filestore_csi_driver } @@ -195,10 +200,6 @@ resource "google_container_cluster" "primary" { } } - dns_cache_config { - enabled = var.dns_cache - } - dynamic "gce_persistent_disk_csi_driver_config" { for_each = local.cluster_gce_pd_csi_config diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 7822eefd7..1a88cb019 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -357,7 +357,7 @@ variable "skip_provisioners" { variable "dns_cache" { type = bool - description = "(Beta) The status of the NodeLocal DNSCache addon." + description = "The status of the NodeLocal DNSCache addon." default = false } diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 11ff3121b..78205b71d 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -154,7 +154,7 @@ Then perform the following commands on the root folder: | description | The description of the cluster | `string` | `""` | no | | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no | | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no | -| dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | +| dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index e0c42b8d6..a44396fe1 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -174,10 +174,15 @@ resource "google_container_cluster" "primary" { disabled = !var.horizontal_pod_autoscaling } + network_policy_config { disabled = !var.network_policy } + dns_cache_config { + enabled = var.dns_cache + } + gcp_filestore_csi_driver_config { enabled = var.filestore_csi_driver } @@ -195,10 +200,6 @@ resource "google_container_cluster" "primary" { } } - dns_cache_config { - enabled = var.dns_cache - } - dynamic "gce_persistent_disk_csi_driver_config" { for_each = local.cluster_gce_pd_csi_config diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 7822eefd7..1a88cb019 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -357,7 +357,7 @@ variable "skip_provisioners" { variable "dns_cache" { type = bool - description = "(Beta) The status of the NodeLocal DNSCache addon." + description = "The status of the NodeLocal DNSCache addon." default = false } diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index bb76fc337..307631698 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -175,6 +175,7 @@ Then perform the following commands on the root folder: | description | The description of the cluster | `string` | `""` | no | | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no | | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no | +| dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_private\_endpoint | (Beta) Whether the master's internal IP address is used as the cluster endpoint | `bool` | `false` | no | @@ -217,6 +218,7 @@ Then perform the following commands on the root folder: | node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | 
{
  "all": [],
  "default-node-pool": []
}
| no | | node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | 
{
  "all": [],
  "default-node-pool": []
}
| no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` | 
[
  "10.0.0.0/8",
  "172.16.0.0/12",
  "192.168.0.0/16"
]
| no | +| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 06182fffb..f5e49e190 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -118,10 +118,15 @@ resource "google_container_cluster" "primary" { disabled = !var.horizontal_pod_autoscaling } + network_policy_config { disabled = !var.network_policy } + dns_cache_config { + enabled = var.dns_cache + } + gcp_filestore_csi_driver_config { enabled = var.filestore_csi_driver } @@ -291,6 +296,12 @@ resource "google_container_cluster" "primary" { } } + notification_config { + pubsub { + enabled = var.notification_config_topic != "" ? true : false + topic = var.notification_config_topic + } + } } /****************************************** Create Container Cluster node pools diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index bfb8725b7..d8358185c 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -360,6 +360,12 @@ variable "master_ipv4_cidr_block" { default = "10.0.0.0/28" } +variable "dns_cache" { + type = bool + description = "The status of the NodeLocal DNSCache addon." + default = false +} + variable "authenticator_security_group" { type = string description = "The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com" @@ -421,6 +427,12 @@ variable "disable_default_snat" { default = false } +variable "notification_config_topic" { + type = string + description = "The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}." + default = "" +} + variable "network_policy" { type = bool description = "Enable network policy addon" diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 79ba373ee..6fba8a2d1 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -153,6 +153,7 @@ Then perform the following commands on the root folder: | description | The description of the cluster | `string` | `""` | no | | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no | | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no | +| dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_private\_endpoint | (Beta) Whether the master's internal IP address is used as the cluster endpoint | `bool` | `false` | no | @@ -195,6 +196,7 @@ Then perform the following commands on the root folder: | node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | 
{
  "all": [],
  "default-node-pool": []
}
| no | | node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | 
{
  "all": [],
  "default-node-pool": []
}
| no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` | 
[
  "10.0.0.0/8",
  "172.16.0.0/12",
  "192.168.0.0/16"
]
| no | +| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 61b68da73..10aab672e 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -118,10 +118,15 @@ resource "google_container_cluster" "primary" { disabled = !var.horizontal_pod_autoscaling } + network_policy_config { disabled = !var.network_policy } + dns_cache_config { + enabled = var.dns_cache + } + gcp_filestore_csi_driver_config { enabled = var.filestore_csi_driver } @@ -291,6 +296,12 @@ resource "google_container_cluster" "primary" { } } + notification_config { + pubsub { + enabled = var.notification_config_topic != "" ? true : false + topic = var.notification_config_topic + } + } } /****************************************** Create Container Cluster node pools diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index bfb8725b7..d8358185c 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -360,6 +360,12 @@ variable "master_ipv4_cidr_block" { default = "10.0.0.0/28" } +variable "dns_cache" { + type = bool + description = "The status of the NodeLocal DNSCache addon." + default = false +} + variable "authenticator_security_group" { type = string description = "The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com" @@ -421,6 +427,12 @@ variable "disable_default_snat" { default = false } +variable "notification_config_topic" { + type = string + description = "The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}." + default = "" +} + variable "network_policy" { type = bool description = "Enable network policy addon" diff --git a/variables.tf b/variables.tf index 4d6f9a36b..f3b13c565 100644 --- a/variables.tf +++ b/variables.tf @@ -336,6 +336,12 @@ variable "skip_provisioners" { default = false } +variable "dns_cache" { + type = bool + description = "The status of the NodeLocal DNSCache addon." + default = false +} + variable "authenticator_security_group" { type = string description = "The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com" @@ -397,6 +403,12 @@ variable "disable_default_snat" { default = false } +variable "notification_config_topic" { + type = string + description = "The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}." + default = "" +} + variable "network_policy" { type = bool description = "Enable network policy addon"