diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
index e78754959..0526d02a7 100644
--- a/autogen/main/cluster.tf.tmpl
+++ b/autogen/main/cluster.tf.tmpl
@@ -306,6 +306,13 @@ resource "google_container_cluster" "primary" {
security_group = authenticator_groups_config.value.security_group
}
}
+
+ notification_config {
+ pubsub {
+ enabled = var.notification_config_topic != "" ? true : false
+ topic = var.notification_config_topic
+ }
+ }
{% endif %}
}
diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
index 428766180..8d1267a29 100644
--- a/autogen/main/variables.tf.tmpl
+++ b/autogen/main/variables.tf.tmpl
@@ -574,3 +574,11 @@ variable "impersonate_service_account" {
description = "An optional service account to impersonate for gcloud commands. If this service account is not specified, the module will use Application Default Credentials."
default = ""
}
+
+{% if beta_cluster %}
+variable "notification_config_topic" {
+ type = string
+ description = "The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}."
+ default = ""
+}
+{% endif %}
diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl
index 7da43df23..8659b82a7 100644
--- a/autogen/main/versions.tf.tmpl
+++ b/autogen/main/versions.tf.tmpl
@@ -19,7 +19,7 @@ terraform {
required_providers {
{% if beta_cluster %}
- google-beta = ">= 3.32.0, <4.0.0"
+ google-beta = ">= 3.42.0, <4.0.0"
{% else %}
google = ">= 3.39.0, <4.0.0"
{% endif %}
diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl
index df2a73a1f..f4e4146b1 100644
--- a/autogen/safer-cluster/main.tf.tmpl
+++ b/autogen/safer-cluster/main.tf.tmpl
@@ -166,4 +166,6 @@ module "gke" {
skip_provisioners = var.skip_provisioners
gce_pd_csi_driver = var.gce_pd_csi_driver
+
+ notification_config_topic = var.notification_config_topic
}
diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl
index 31c696ecb..f085d9193 100644
--- a/autogen/safer-cluster/variables.tf.tmpl
+++ b/autogen/safer-cluster/variables.tf.tmpl
@@ -369,3 +369,9 @@ variable "disable_default_snat" {
description = "Whether to disable the default SNAT to support the private use of public IP addresses"
default = false
}
+
+variable "notification_config_topic" {
+ type = string
+ description = "The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}."
+ default = ""
+}
diff --git a/examples/safer_cluster/main.tf b/examples/safer_cluster/main.tf
index efe5449e4..07668dfd1 100644
--- a/examples/safer_cluster/main.tf
+++ b/examples/safer_cluster/main.tf
@@ -61,8 +61,14 @@ module "gke" {
istio = true
cloudrun = true
+
+ notification_config_topic = google_pubsub_topic.updates.id
}
data "google_client_config" "default" {
}
+resource "google_pubsub_topic" "updates" {
+ name = "cluster-updates-${random_string.suffix.result}"
+ project = var.project_id
+}
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
index 7f042a320..3d6ce9cf4 100644
--- a/modules/beta-private-cluster-update-variant/README.md
+++ b/modules/beta-private-cluster-update-variant/README.md
@@ -214,6 +214,7 @@ Then perform the following commands on the root folder:
| node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | {
"all": [],
"default-node-pool": []
} | no |
| node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | {
"all": [],
"default-node-pool": []
} | no |
| non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` | [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
| no |
+| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
| region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no |
| regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no |
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
index 87476537c..ddd9857f3 100644
--- a/modules/beta-private-cluster-update-variant/cluster.tf
+++ b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -276,6 +276,13 @@ resource "google_container_cluster" "primary" {
security_group = authenticator_groups_config.value.security_group
}
}
+
+ notification_config {
+ pubsub {
+ enabled = var.notification_config_topic != "" ? true : false
+ topic = var.notification_config_topic
+ }
+ }
}
/******************************************
diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
index 84d1e8a3f..09efb45c8 100644
--- a/modules/beta-private-cluster-update-variant/variables.tf
+++ b/modules/beta-private-cluster-update-variant/variables.tf
@@ -556,3 +556,9 @@ variable "impersonate_service_account" {
description = "An optional service account to impersonate for gcloud commands. If this service account is not specified, the module will use Application Default Credentials."
default = ""
}
+
+variable "notification_config_topic" {
+ type = string
+ description = "The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}."
+ default = ""
+}
diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf
index abc3492f1..fd2ca298a 100644
--- a/modules/beta-private-cluster-update-variant/versions.tf
+++ b/modules/beta-private-cluster-update-variant/versions.tf
@@ -18,6 +18,6 @@ terraform {
required_version = ">=0.12.6, <0.14"
required_providers {
- google-beta = ">= 3.32.0, <4.0.0"
+ google-beta = ">= 3.42.0, <4.0.0"
}
}
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
index ec100a6d0..bb1aa4317 100644
--- a/modules/beta-private-cluster/README.md
+++ b/modules/beta-private-cluster/README.md
@@ -192,6 +192,7 @@ Then perform the following commands on the root folder:
| node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | {
"all": [],
"default-node-pool": []
} | no |
| node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | {
"all": [],
"default-node-pool": []
} | no |
| non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` | [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
| no |
+| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
| region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no |
| regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no |
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
index 2d786d145..7bea7d0e2 100644
--- a/modules/beta-private-cluster/cluster.tf
+++ b/modules/beta-private-cluster/cluster.tf
@@ -276,6 +276,13 @@ resource "google_container_cluster" "primary" {
security_group = authenticator_groups_config.value.security_group
}
}
+
+ notification_config {
+ pubsub {
+ enabled = var.notification_config_topic != "" ? true : false
+ topic = var.notification_config_topic
+ }
+ }
}
/******************************************
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
index 84d1e8a3f..09efb45c8 100644
--- a/modules/beta-private-cluster/variables.tf
+++ b/modules/beta-private-cluster/variables.tf
@@ -556,3 +556,9 @@ variable "impersonate_service_account" {
description = "An optional service account to impersonate for gcloud commands. If this service account is not specified, the module will use Application Default Credentials."
default = ""
}
+
+variable "notification_config_topic" {
+ type = string
+ description = "The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}."
+ default = ""
+}
diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf
index abc3492f1..fd2ca298a 100644
--- a/modules/beta-private-cluster/versions.tf
+++ b/modules/beta-private-cluster/versions.tf
@@ -18,6 +18,6 @@ terraform {
required_version = ">=0.12.6, <0.14"
required_providers {
- google-beta = ">= 3.32.0, <4.0.0"
+ google-beta = ">= 3.42.0, <4.0.0"
}
}
diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
index d2af63f9e..9a5ba632a 100644
--- a/modules/beta-public-cluster-update-variant/README.md
+++ b/modules/beta-public-cluster-update-variant/README.md
@@ -203,6 +203,7 @@ Then perform the following commands on the root folder:
| node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | {
"all": [],
"default-node-pool": []
} | no |
| node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | {
"all": [],
"default-node-pool": []
} | no |
| non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` | [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
| no |
+| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
| region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no |
| regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no |
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
index ec089185c..4d130f1f3 100644
--- a/modules/beta-public-cluster-update-variant/cluster.tf
+++ b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -257,6 +257,13 @@ resource "google_container_cluster" "primary" {
security_group = authenticator_groups_config.value.security_group
}
}
+
+ notification_config {
+ pubsub {
+ enabled = var.notification_config_topic != "" ? true : false
+ topic = var.notification_config_topic
+ }
+ }
}
/******************************************
diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf
index d5273b119..9f23b5a2b 100644
--- a/modules/beta-public-cluster-update-variant/variables.tf
+++ b/modules/beta-public-cluster-update-variant/variables.tf
@@ -525,3 +525,9 @@ variable "impersonate_service_account" {
description = "An optional service account to impersonate for gcloud commands. If this service account is not specified, the module will use Application Default Credentials."
default = ""
}
+
+variable "notification_config_topic" {
+ type = string
+ description = "The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}."
+ default = ""
+}
diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf
index abc3492f1..fd2ca298a 100644
--- a/modules/beta-public-cluster-update-variant/versions.tf
+++ b/modules/beta-public-cluster-update-variant/versions.tf
@@ -18,6 +18,6 @@ terraform {
required_version = ">=0.12.6, <0.14"
required_providers {
- google-beta = ">= 3.32.0, <4.0.0"
+ google-beta = ">= 3.42.0, <4.0.0"
}
}
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
index 6451279c1..9ae1a7c00 100644
--- a/modules/beta-public-cluster/README.md
+++ b/modules/beta-public-cluster/README.md
@@ -181,6 +181,7 @@ Then perform the following commands on the root folder:
| node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | {
"all": [],
"default-node-pool": []
} | no |
| node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | {
"all": [],
"default-node-pool": []
} | no |
| non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` | [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
| no |
+| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
| region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no |
| regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no |
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
index 4eaf38978..4b3fd37cd 100644
--- a/modules/beta-public-cluster/cluster.tf
+++ b/modules/beta-public-cluster/cluster.tf
@@ -257,6 +257,13 @@ resource "google_container_cluster" "primary" {
security_group = authenticator_groups_config.value.security_group
}
}
+
+ notification_config {
+ pubsub {
+ enabled = var.notification_config_topic != "" ? true : false
+ topic = var.notification_config_topic
+ }
+ }
}
/******************************************
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
index d5273b119..9f23b5a2b 100644
--- a/modules/beta-public-cluster/variables.tf
+++ b/modules/beta-public-cluster/variables.tf
@@ -525,3 +525,9 @@ variable "impersonate_service_account" {
description = "An optional service account to impersonate for gcloud commands. If this service account is not specified, the module will use Application Default Credentials."
default = ""
}
+
+variable "notification_config_topic" {
+ type = string
+ description = "The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}."
+ default = ""
+}
diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf
index abc3492f1..fd2ca298a 100644
--- a/modules/beta-public-cluster/versions.tf
+++ b/modules/beta-public-cluster/versions.tf
@@ -18,6 +18,6 @@ terraform {
required_version = ">=0.12.6, <0.14"
required_providers {
- google-beta = ">= 3.32.0, <4.0.0"
+ google-beta = ">= 3.42.0, <4.0.0"
}
}
diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf
index 3acc6218b..bd696139c 100644
--- a/modules/private-cluster-update-variant/variables.tf
+++ b/modules/private-cluster-update-variant/variables.tf
@@ -443,3 +443,4 @@ variable "impersonate_service_account" {
description = "An optional service account to impersonate for gcloud commands. If this service account is not specified, the module will use Application Default Credentials."
default = ""
}
+
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
index 3acc6218b..bd696139c 100644
--- a/modules/private-cluster/variables.tf
+++ b/modules/private-cluster/variables.tf
@@ -443,3 +443,4 @@ variable "impersonate_service_account" {
description = "An optional service account to impersonate for gcloud commands. If this service account is not specified, the module will use Application Default Credentials."
default = ""
}
+
diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md
index 99822d913..e9955a8de 100644
--- a/modules/safer-cluster-update-variant/README.md
+++ b/modules/safer-cluster-update-variant/README.md
@@ -244,6 +244,7 @@ For simplicity, we suggest using `roles/container.admin` and
| node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | `map(list(string))` | {
"all": [
"https://www.googleapis.com/auth/cloud-platform"
],
"default-node-pool": []
} | no |
| node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | {
"all": [],
"default-node-pool": []
} | no |
| node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | {
"all": [],
"default-node-pool": []
} | no |
+| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| project\_id | The project ID to host the cluster in | `string` | n/a | yes |
| region | The region to host the cluster in | `string` | n/a | yes |
| regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no |
diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf
index 4505c7e92..55f5d024e 100644
--- a/modules/safer-cluster-update-variant/main.tf
+++ b/modules/safer-cluster-update-variant/main.tf
@@ -162,4 +162,6 @@ module "gke" {
skip_provisioners = var.skip_provisioners
gce_pd_csi_driver = var.gce_pd_csi_driver
+
+ notification_config_topic = var.notification_config_topic
}
diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf
index fdf4e9843..e1c100b72 100644
--- a/modules/safer-cluster-update-variant/variables.tf
+++ b/modules/safer-cluster-update-variant/variables.tf
@@ -369,3 +369,9 @@ variable "disable_default_snat" {
description = "Whether to disable the default SNAT to support the private use of public IP addresses"
default = false
}
+
+variable "notification_config_topic" {
+ type = string
+ description = "The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}."
+ default = ""
+}
diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md
index 99822d913..e9955a8de 100644
--- a/modules/safer-cluster/README.md
+++ b/modules/safer-cluster/README.md
@@ -244,6 +244,7 @@ For simplicity, we suggest using `roles/container.admin` and
| node\_pools\_oauth\_scopes | Map of lists containing node oauth scopes by node-pool name | `map(list(string))` | {
"all": [
"https://www.googleapis.com/auth/cloud-platform"
],
"default-node-pool": []
} | no |
| node\_pools\_tags | Map of lists containing node network tags by node-pool name | `map(list(string))` | {
"all": [],
"default-node-pool": []
} | no |
| node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` | {
"all": [],
"default-node-pool": []
} | no |
+| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| project\_id | The project ID to host the cluster in | `string` | n/a | yes |
| region | The region to host the cluster in | `string` | n/a | yes |
| regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no |
diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf
index f5fd724d3..6f96694fc 100644
--- a/modules/safer-cluster/main.tf
+++ b/modules/safer-cluster/main.tf
@@ -162,4 +162,6 @@ module "gke" {
skip_provisioners = var.skip_provisioners
gce_pd_csi_driver = var.gce_pd_csi_driver
+
+ notification_config_topic = var.notification_config_topic
}
diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf
index fdf4e9843..e1c100b72 100644
--- a/modules/safer-cluster/variables.tf
+++ b/modules/safer-cluster/variables.tf
@@ -369,3 +369,9 @@ variable "disable_default_snat" {
description = "Whether to disable the default SNAT to support the private use of public IP addresses"
default = false
}
+
+variable "notification_config_topic" {
+ type = string
+ description = "The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}."
+ default = ""
+}
diff --git a/variables.tf b/variables.tf
index 40a0b91b2..4b2bb122b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -419,3 +419,4 @@ variable "impersonate_service_account" {
description = "An optional service account to impersonate for gcloud commands. If this service account is not specified, the module will use Application Default Credentials."
default = ""
}
+