From 4a97f90e323f37d7c9105699da2ce99437b04e3a Mon Sep 17 00:00:00 2001 From: Jan Larwig Date: Mon, 26 Dec 2022 11:46:38 +0100 Subject: [PATCH] add gateway api support --- README.md | 2 + autogen/main/cluster.tf.tmpl | 9 +++ autogen/main/main.tf.tmpl | 1 + autogen/main/outputs.tf.tmpl | 5 ++ autogen/main/variables.tf.tmpl | 6 ++ autogen/main/versions.tf.tmpl | 2 +- cluster.tf | 9 +++ examples/deploy_service/README.md | 1 + examples/disable_client_cert/README.md | 1 + examples/node_pool/README.md | 1 + examples/shared_vpc/README.md | 1 + examples/simple_regional/README.md | 1 + examples/simple_regional_private/README.md | 1 + .../README.md | 48 +++++++++++ .../simple_regional_with_gateway_api/main.tf | 45 +++++++++++ .../outputs.tf | 40 ++++++++++ .../test_outputs.tf | 1 + .../variables.tf | 64 +++++++++++++++ .../versions.tf | 28 +++++++ examples/simple_zonal_private/README.md | 1 + examples/stub_domains/README.md | 1 + main.tf | 3 +- .../beta-autopilot-private-cluster/README.md | 2 + .../beta-autopilot-private-cluster/cluster.tf | 9 +++ .../beta-autopilot-private-cluster/main.tf | 3 +- .../beta-autopilot-private-cluster/outputs.tf | 5 ++ .../variables.tf | 6 ++ .../beta-autopilot-public-cluster/README.md | 2 + .../beta-autopilot-public-cluster/cluster.tf | 9 +++ modules/beta-autopilot-public-cluster/main.tf | 3 +- .../beta-autopilot-public-cluster/outputs.tf | 5 ++ .../variables.tf | 6 ++ .../README.md | 2 + .../cluster.tf | 9 +++ .../main.tf | 3 +- .../outputs.tf | 5 ++ .../variables.tf | 6 ++ modules/beta-private-cluster/README.md | 2 + modules/beta-private-cluster/cluster.tf | 9 +++ modules/beta-private-cluster/main.tf | 3 +- modules/beta-private-cluster/outputs.tf | 5 ++ modules/beta-private-cluster/variables.tf | 6 ++ .../README.md | 2 + .../cluster.tf | 9 +++ .../main.tf | 3 +- .../outputs.tf | 5 ++ .../variables.tf | 6 ++ modules/beta-public-cluster/README.md | 2 + modules/beta-public-cluster/cluster.tf | 9 +++ modules/beta-public-cluster/main.tf | 3 +- modules/beta-public-cluster/outputs.tf | 5 ++ modules/beta-public-cluster/variables.tf | 6 ++ .../private-cluster-update-variant/README.md | 2 + .../private-cluster-update-variant/cluster.tf | 9 +++ .../private-cluster-update-variant/main.tf | 3 +- .../private-cluster-update-variant/outputs.tf | 5 ++ .../variables.tf | 6 ++ .../versions.tf | 2 +- modules/private-cluster/README.md | 2 + modules/private-cluster/cluster.tf | 9 +++ modules/private-cluster/main.tf | 3 +- modules/private-cluster/outputs.tf | 5 ++ modules/private-cluster/variables.tf | 6 ++ modules/private-cluster/versions.tf | 2 +- outputs.tf | 5 ++ test/fixtures/all_examples/test_outputs.tf | 5 ++ .../example.tf | 23 ++++++ .../outputs.tf | 79 +++++++++++++++++++ .../variables.tf | 30 +++++++ variables.tf | 6 ++ versions.tf | 2 +- 71 files changed, 612 insertions(+), 13 deletions(-) create mode 100644 examples/simple_regional_with_gateway_api/README.md create mode 100644 examples/simple_regional_with_gateway_api/main.tf create mode 100644 examples/simple_regional_with_gateway_api/outputs.tf create mode 120000 examples/simple_regional_with_gateway_api/test_outputs.tf create mode 100644 examples/simple_regional_with_gateway_api/variables.tf create mode 100644 examples/simple_regional_with_gateway_api/versions.tf create mode 100644 test/fixtures/simple_regional_with_gateway_api/example.tf create mode 100644 test/fixtures/simple_regional_with_gateway_api/outputs.tf create mode 100644 test/fixtures/simple_regional_with_gateway_api/variables.tf diff --git a/README.md b/README.md index de217ce126..6bdbf1a62a 100644 --- a/README.md +++ b/README.md @@ -155,6 +155,7 @@ Then perform the following commands on the root folder: | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | | http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no | @@ -212,6 +213,7 @@ Then perform the following commands on the root folder: | ca\_certificate | Cluster ca certificate (base64 encoded) | | cluster\_id | Cluster ID | | endpoint | Cluster endpoint | +| gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | | identity\_namespace | Workload Identity pool | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 3abf6b0f80..3aa4d593ec 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -53,6 +53,15 @@ resource "google_container_cluster" "primary" { channel = release_channel.value.channel } } + + dynamic "release_channel" { + for_each = local.gateway_api_channel + + content { + channel = gateway_api_channel.value.channel + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index 77239915b3..30fad01517 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -57,6 +57,7 @@ locals { {% endif %} release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + gateway_api_channel = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] {% if autopilot_cluster != true %} autoscaling_resource_limits = var.cluster_autoscaling.enabled ? concat([{ diff --git a/autogen/main/outputs.tf.tmpl b/autogen/main/outputs.tf.tmpl index 9c002d0fdf..d22e8bd087 100644 --- a/autogen/main/outputs.tf.tmpl +++ b/autogen/main/outputs.tf.tmpl @@ -158,6 +158,11 @@ output "release_channel" { value = var.release_channel } +output "gateway_api_channel" { + description = "The gateway api channel of this cluster." + value = var.gateway_api_channel +} + output "identity_namespace" { description = "Workload Identity pool" value = length(local.cluster_workload_identity_config) > 0 ? local.cluster_workload_identity_config[0].workload_pool : null diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 554bbd87ac..9e751c872d 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -444,6 +444,12 @@ variable "release_channel" { default = null } +variable "gateway_api_channel" { + type = string + description = "The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`." + default = null +} + variable "add_cluster_firewall_rules" { type = bool description = "Create additional firewall rules" diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index a85658bdee..f1a94c854e 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -38,7 +38,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.36.0, < 5.0" + version = ">= 4.47.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/cluster.tf b/cluster.tf index 8b9e802489..59f6baf66e 100644 --- a/cluster.tf +++ b/cluster.tf @@ -47,6 +47,15 @@ resource "google_container_cluster" "primary" { channel = release_channel.value.channel } } + + dynamic "release_channel" { + for_each = local.gateway_api_channel + + content { + channel = gateway_api_channel.value.channel + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/examples/deploy_service/README.md b/examples/deploy_service/README.md index 4e59320724..4c1fe8c570 100644 --- a/examples/deploy_service/README.md +++ b/examples/deploy_service/README.md @@ -29,6 +29,7 @@ It will: | ca\_certificate | n/a | | client\_token | n/a | | cluster\_name | Cluster name | +| gateway\_api\_channel | The gateway api channel of this cluster | | ip\_range\_pods | The secondary IP range used for pods | | ip\_range\_services | The secondary IP range used for services | | kubernetes\_endpoint | n/a | diff --git a/examples/disable_client_cert/README.md b/examples/disable_client_cert/README.md index 78c0fa501b..c94fa3f31b 100644 --- a/examples/disable_client_cert/README.md +++ b/examples/disable_client_cert/README.md @@ -27,6 +27,7 @@ This example illustrates how to create a simple cluster and disable deprecated s | ca\_certificate | n/a | | client\_token | n/a | | cluster\_name | Cluster name | +| gateway\_api\_channel | The gateway api channel of this cluster | | ip\_range\_pods | The secondary IP range used for pods | | ip\_range\_services | The secondary IP range used for services | | kubernetes\_endpoint | n/a | diff --git a/examples/node_pool/README.md b/examples/node_pool/README.md index 48d27a1e9c..c198e393e5 100644 --- a/examples/node_pool/README.md +++ b/examples/node_pool/README.md @@ -25,6 +25,7 @@ This example illustrates how to create a cluster with multiple custom node-pool | ca\_certificate | n/a | | client\_token | n/a | | cluster\_name | Cluster name | +| gateway\_api\_channel | The gateway api channel of this cluster | | ip\_range\_pods | The secondary IP range used for pods | | ip\_range\_services | The secondary IP range used for services | | kubernetes\_endpoint | n/a | diff --git a/examples/shared_vpc/README.md b/examples/shared_vpc/README.md index 774d0b065c..fd3fd76c72 100644 --- a/examples/shared_vpc/README.md +++ b/examples/shared_vpc/README.md @@ -24,6 +24,7 @@ This example illustrates how to create a simple cluster where the host network i | ca\_certificate | n/a | | client\_token | n/a | | cluster\_name | Cluster name | +| gateway\_api\_channel | The gateway api channel of this cluster | | ip\_range\_pods | The secondary IP range used for pods | | ip\_range\_services | The secondary IP range used for services | | kubernetes\_endpoint | n/a | diff --git a/examples/simple_regional/README.md b/examples/simple_regional/README.md index fdb4cba6ed..b67702b0fc 100644 --- a/examples/simple_regional/README.md +++ b/examples/simple_regional/README.md @@ -25,6 +25,7 @@ This example illustrates how to create a simple cluster. | ca\_certificate | n/a | | client\_token | n/a | | cluster\_name | Cluster name | +| gateway\_api\_channel | The gateway api channel of this cluster | | ip\_range\_pods | The secondary IP range used for pods | | ip\_range\_services | The secondary IP range used for services | | kubernetes\_endpoint | n/a | diff --git a/examples/simple_regional_private/README.md b/examples/simple_regional_private/README.md index d3336b512e..743b67954b 100644 --- a/examples/simple_regional_private/README.md +++ b/examples/simple_regional_private/README.md @@ -23,6 +23,7 @@ This example illustrates how to create a simple private cluster. | ca\_certificate | n/a | | client\_token | n/a | | cluster\_name | Cluster name | +| gateway\_api\_channel | The gateway api channel of this cluster | | ip\_range\_pods | The secondary IP range used for pods | | ip\_range\_services | The secondary IP range used for services | | kubernetes\_endpoint | n/a | diff --git a/examples/simple_regional_with_gateway_api/README.md b/examples/simple_regional_with_gateway_api/README.md new file mode 100644 index 0000000000..59f1ec2b65 --- /dev/null +++ b/examples/simple_regional_with_gateway_api/README.md @@ -0,0 +1,48 @@ +# Simple Regional Cluster + +This example illustrates how to create a simple cluster. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| cluster\_name\_suffix | A suffix to append to the default cluster name | `string` | `""` | no | +| compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | `any` | n/a | yes | +| enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | +| gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | n/a | yes | +| ip\_range\_pods | The secondary ip range to use for pods | `any` | n/a | yes | +| ip\_range\_services | The secondary ip range to use for services | `any` | n/a | yes | +| network | The VPC network to host the cluster in | `any` | n/a | yes | +| project\_id | The project ID to host the cluster in | `any` | n/a | yes | +| region | The region to host the cluster in | `any` | n/a | yes | +| skip\_provisioners | Flag to skip local-exec provisioners | `bool` | `false` | no | +| subnetwork | The subnetwork to host the cluster in | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| ca\_certificate | n/a | +| client\_token | n/a | +| cluster\_name | Cluster name | +| gateway\_api\_channel | The gateway api channel of this cluster | +| ip\_range\_pods | The secondary IP range used for pods | +| ip\_range\_services | The secondary IP range used for services | +| kubernetes\_endpoint | n/a | +| location | n/a | +| master\_kubernetes\_version | The master Kubernetes version | +| network | n/a | +| project\_id | n/a | +| region | n/a | +| service\_account | The default service account used for running nodes. | +| subnetwork | n/a | +| zones | List of zones in which the cluster resides | + + + +To provision this example, run the following from within this directory: +- `terraform init` to get the plugins +- `terraform plan` to see the infrastructure plan +- `terraform apply` to apply the infrastructure build +- `terraform destroy` to destroy the built infrastructure diff --git a/examples/simple_regional_with_gateway_api/main.tf b/examples/simple_regional_with_gateway_api/main.tf new file mode 100644 index 0000000000..ea3e518312 --- /dev/null +++ b/examples/simple_regional_with_gateway_api/main.tf @@ -0,0 +1,45 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + cluster_type = "simple-regional" +} + +data "google_client_config" "default" {} + +provider "kubernetes" { + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + +module "gke" { + source = "../../" + project_id = var.project_id + name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" + regional = true + region = var.region + network = var.network + subnetwork = var.subnetwork + ip_range_pods = var.ip_range_pods + ip_range_services = var.ip_range_services + create_service_account = false + service_account = var.compute_engine_service_account + enable_cost_allocation = true + enable_binary_authorization = var.enable_binary_authorization + skip_provisioners = var.skip_provisioners + gateway_api_channel = var.gateway_api_channel +} diff --git a/examples/simple_regional_with_gateway_api/outputs.tf b/examples/simple_regional_with_gateway_api/outputs.tf new file mode 100644 index 0000000000..02a7f39a01 --- /dev/null +++ b/examples/simple_regional_with_gateway_api/outputs.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "kubernetes_endpoint" { + sensitive = true + value = module.gke.endpoint +} + +output "client_token" { + sensitive = true + value = base64encode(data.google_client_config.default.access_token) +} + +output "ca_certificate" { + value = module.gke.ca_certificate +} + +output "service_account" { + description = "The default service account used for running nodes." + value = module.gke.service_account +} + +output "gateway_api_channel" { + description = "The gateway api channel of this cluster." + value = module.gke.gateway_api_channel +} + diff --git a/examples/simple_regional_with_gateway_api/test_outputs.tf b/examples/simple_regional_with_gateway_api/test_outputs.tf new file mode 120000 index 0000000000..17b34213ba --- /dev/null +++ b/examples/simple_regional_with_gateway_api/test_outputs.tf @@ -0,0 +1 @@ +../../test/fixtures/all_examples/test_outputs.tf \ No newline at end of file diff --git a/examples/simple_regional_with_gateway_api/variables.tf b/examples/simple_regional_with_gateway_api/variables.tf new file mode 100644 index 0000000000..c111a748e8 --- /dev/null +++ b/examples/simple_regional_with_gateway_api/variables.tf @@ -0,0 +1,64 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the cluster in" +} + +variable "cluster_name_suffix" { + description = "A suffix to append to the default cluster name" + default = "" +} + +variable "region" { + description = "The region to host the cluster in" +} + +variable "network" { + description = "The VPC network to host the cluster in" +} + +variable "subnetwork" { + description = "The subnetwork to host the cluster in" +} + +variable "ip_range_pods" { + description = "The secondary ip range to use for pods" +} + +variable "ip_range_services" { + description = "The secondary ip range to use for services" +} + +variable "compute_engine_service_account" { + description = "Service account to associate to the nodes in the cluster" +} + +variable "skip_provisioners" { + type = bool + description = "Flag to skip local-exec provisioners" + default = false +} + +variable "enable_binary_authorization" { + description = "Enable BinAuthZ Admission controller" + default = false +} + +variable "gateway_api_channel" { + type = string + description = "The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`." +} diff --git a/examples/simple_regional_with_gateway_api/versions.tf b/examples/simple_regional_with_gateway_api/versions.tf new file mode 100644 index 0000000000..4360c9d2c5 --- /dev/null +++ b/examples/simple_regional_with_gateway_api/versions.tf @@ -0,0 +1,28 @@ +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_providers { + google = { + source = "hashicorp/google" + version = ">= 4.47.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + } + } + required_version = ">= 0.13" +} diff --git a/examples/simple_zonal_private/README.md b/examples/simple_zonal_private/README.md index 5758a62f28..e8bc7d6ba5 100644 --- a/examples/simple_zonal_private/README.md +++ b/examples/simple_zonal_private/README.md @@ -24,6 +24,7 @@ This example illustrates how to create a simple private cluster in a single zone | ca\_certificate | n/a | | client\_token | n/a | | cluster\_name | Cluster name | +| gateway\_api\_channel | The gateway api channel of this cluster | | ip\_range\_pods | The secondary IP range used for pods | | ip\_range\_services | The secondary IP range used for services | | kubernetes\_endpoint | n/a | diff --git a/examples/stub_domains/README.md b/examples/stub_domains/README.md index 1f250f8f2b..46171a8d76 100644 --- a/examples/stub_domains/README.md +++ b/examples/stub_domains/README.md @@ -28,6 +28,7 @@ It will: | ca\_certificate | n/a | | client\_token | n/a | | cluster\_name | Cluster name | +| gateway\_api\_channel | The gateway api channel of this cluster | | ip\_range\_pods | The secondary IP range used for pods | | ip\_range\_services | The secondary IP range used for services | | kubernetes\_endpoint | n/a | diff --git a/main.tf b/main.tf index 83caf0fbda..a1ee42a585 100644 --- a/main.tf +++ b/main.tf @@ -50,7 +50,8 @@ locals { windows_node_pool_names = [for np in toset(var.windows_node_pools) : np.name] windows_node_pools = zipmap(local.windows_node_pool_names, tolist(toset(var.windows_node_pools))) - release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + gateway_api_channel = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] autoscaling_resource_limits = var.cluster_autoscaling.enabled ? concat([{ resource_type = "cpu" diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index edc894d1fe..a651ac4393 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -92,6 +92,7 @@ Then perform the following commands on the root folder: | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | | http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no | @@ -142,6 +143,7 @@ Then perform the following commands on the root folder: | cluster\_id | Cluster ID | | dns\_cache\_enabled | Whether DNS Cache enabled | | endpoint | Cluster endpoint | +| gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | | identity\_namespace | Workload Identity pool | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index d61138267d..888270510c 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -39,6 +39,15 @@ resource "google_container_cluster" "primary" { channel = release_channel.value.channel } } + + dynamic "release_channel" { + for_each = local.gateway_api_channel + + content { + channel = gateway_api_channel.value.channel + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf index 613be8b4ff..68f8ac1c39 100644 --- a/modules/beta-autopilot-private-cluster/main.tf +++ b/modules/beta-autopilot-private-cluster/main.tf @@ -45,7 +45,8 @@ locals { master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version master_version = var.regional ? local.master_version_regional : local.master_version_zonal - release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + gateway_api_channel = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] diff --git a/modules/beta-autopilot-private-cluster/outputs.tf b/modules/beta-autopilot-private-cluster/outputs.tf index c0a333f39c..a56e4b4faf 100644 --- a/modules/beta-autopilot-private-cluster/outputs.tf +++ b/modules/beta-autopilot-private-cluster/outputs.tf @@ -129,6 +129,11 @@ output "release_channel" { value = var.release_channel } +output "gateway_api_channel" { + description = "The gateway api channel of this cluster." + value = var.gateway_api_channel +} + output "identity_namespace" { description = "Workload Identity pool" value = length(local.cluster_workload_identity_config) > 0 ? local.cluster_workload_identity_config[0].workload_pool : null diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 88267be7d8..1597a3f8b1 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -323,6 +323,12 @@ variable "release_channel" { default = null } +variable "gateway_api_channel" { + type = string + description = "The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`." + default = null +} + variable "add_cluster_firewall_rules" { type = bool description = "Create additional firewall rules" diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 14c6eb91f3..e300129e2e 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -83,6 +83,7 @@ Then perform the following commands on the root folder: | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | | http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no | @@ -131,6 +132,7 @@ Then perform the following commands on the root folder: | cluster\_id | Cluster ID | | dns\_cache\_enabled | Whether DNS Cache enabled | | endpoint | Cluster endpoint | +| gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | | identity\_namespace | Workload Identity pool | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index aa78edc45b..3611de8e78 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -39,6 +39,15 @@ resource "google_container_cluster" "primary" { channel = release_channel.value.channel } } + + dynamic "release_channel" { + for_each = local.gateway_api_channel + + content { + channel = gateway_api_channel.value.channel + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/beta-autopilot-public-cluster/main.tf b/modules/beta-autopilot-public-cluster/main.tf index 1e69f09336..2058728e9e 100644 --- a/modules/beta-autopilot-public-cluster/main.tf +++ b/modules/beta-autopilot-public-cluster/main.tf @@ -45,7 +45,8 @@ locals { master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version master_version = var.regional ? local.master_version_regional : local.master_version_zonal - release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + gateway_api_channel = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] diff --git a/modules/beta-autopilot-public-cluster/outputs.tf b/modules/beta-autopilot-public-cluster/outputs.tf index 5ce92e94da..533f818844 100644 --- a/modules/beta-autopilot-public-cluster/outputs.tf +++ b/modules/beta-autopilot-public-cluster/outputs.tf @@ -129,6 +129,11 @@ output "release_channel" { value = var.release_channel } +output "gateway_api_channel" { + description = "The gateway api channel of this cluster." + value = var.gateway_api_channel +} + output "identity_namespace" { description = "Workload Identity pool" value = length(local.cluster_workload_identity_config) > 0 ? local.cluster_workload_identity_config[0].workload_pool : null diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index e465277f65..8473ac5385 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -293,6 +293,12 @@ variable "release_channel" { default = null } +variable "gateway_api_channel" { + type = string + description = "The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`." + default = null +} + variable "add_cluster_firewall_rules" { type = bool description = "Create additional firewall rules" diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 80b7d787a4..a240d6ccad 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -201,6 +201,7 @@ Then perform the following commands on the root folder: | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no | | gke\_backup\_agent\_config | (Beta) Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | @@ -272,6 +273,7 @@ Then perform the following commands on the root folder: | cluster\_id | Cluster ID | | dns\_cache\_enabled | Whether DNS Cache enabled | | endpoint | Cluster endpoint | +| gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | | identity\_namespace | Workload Identity pool | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 65ad656374..3dba90060b 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -47,6 +47,15 @@ resource "google_container_cluster" "primary" { channel = release_channel.value.channel } } + + dynamic "release_channel" { + for_each = local.gateway_api_channel + + content { + channel = gateway_api_channel.value.channel + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index 7f44dcec3b..b8787c39c5 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -50,7 +50,8 @@ locals { windows_node_pool_names = [for np in toset(var.windows_node_pools) : np.name] windows_node_pools = zipmap(local.windows_node_pool_names, tolist(toset(var.windows_node_pools))) - release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + gateway_api_channel = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] autoscaling_resource_limits = var.cluster_autoscaling.enabled ? concat([{ resource_type = "cpu" diff --git a/modules/beta-private-cluster-update-variant/outputs.tf b/modules/beta-private-cluster-update-variant/outputs.tf index afc6c55618..abdf16f900 100644 --- a/modules/beta-private-cluster-update-variant/outputs.tf +++ b/modules/beta-private-cluster-update-variant/outputs.tf @@ -148,6 +148,11 @@ output "release_channel" { value = var.release_channel } +output "gateway_api_channel" { + description = "The gateway api channel of this cluster." + value = var.gateway_api_channel +} + output "identity_namespace" { description = "Workload Identity pool" value = length(local.cluster_workload_identity_config) > 0 ? local.cluster_workload_identity_config[0].workload_pool : null diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index de952e9195..8cf1d13db6 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -426,6 +426,12 @@ variable "release_channel" { default = null } +variable "gateway_api_channel" { + type = string + description = "The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`." + default = null +} + variable "add_cluster_firewall_rules" { type = bool description = "Create additional firewall rules" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 06f0beb5c6..27922390d8 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -179,6 +179,7 @@ Then perform the following commands on the root folder: | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no | | gke\_backup\_agent\_config | (Beta) Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | @@ -250,6 +251,7 @@ Then perform the following commands on the root folder: | cluster\_id | Cluster ID | | dns\_cache\_enabled | Whether DNS Cache enabled | | endpoint | Cluster endpoint | +| gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | | identity\_namespace | Workload Identity pool | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 91210d6847..3b50a86fff 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -47,6 +47,15 @@ resource "google_container_cluster" "primary" { channel = release_channel.value.channel } } + + dynamic "release_channel" { + for_each = local.gateway_api_channel + + content { + channel = gateway_api_channel.value.channel + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 7f44dcec3b..b8787c39c5 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -50,7 +50,8 @@ locals { windows_node_pool_names = [for np in toset(var.windows_node_pools) : np.name] windows_node_pools = zipmap(local.windows_node_pool_names, tolist(toset(var.windows_node_pools))) - release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + gateway_api_channel = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] autoscaling_resource_limits = var.cluster_autoscaling.enabled ? concat([{ resource_type = "cpu" diff --git a/modules/beta-private-cluster/outputs.tf b/modules/beta-private-cluster/outputs.tf index afc6c55618..abdf16f900 100644 --- a/modules/beta-private-cluster/outputs.tf +++ b/modules/beta-private-cluster/outputs.tf @@ -148,6 +148,11 @@ output "release_channel" { value = var.release_channel } +output "gateway_api_channel" { + description = "The gateway api channel of this cluster." + value = var.gateway_api_channel +} + output "identity_namespace" { description = "Workload Identity pool" value = length(local.cluster_workload_identity_config) > 0 ? local.cluster_workload_identity_config[0].workload_pool : null diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index de952e9195..8cf1d13db6 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -426,6 +426,12 @@ variable "release_channel" { default = null } +variable "gateway_api_channel" { + type = string + description = "The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`." + default = null +} + variable "add_cluster_firewall_rules" { type = bool description = "Create additional firewall rules" diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index edd667ad70..2a53fe962a 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -192,6 +192,7 @@ Then perform the following commands on the root folder: | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no | | gke\_backup\_agent\_config | (Beta) Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | @@ -261,6 +262,7 @@ Then perform the following commands on the root folder: | cluster\_id | Cluster ID | | dns\_cache\_enabled | Whether DNS Cache enabled | | endpoint | Cluster endpoint | +| gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | | identity\_namespace | Workload Identity pool | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 86ab23a8bf..f30e320db3 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -47,6 +47,15 @@ resource "google_container_cluster" "primary" { channel = release_channel.value.channel } } + + dynamic "release_channel" { + for_each = local.gateway_api_channel + + content { + channel = gateway_api_channel.value.channel + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf index 94d950d0e2..c4aa59f48e 100644 --- a/modules/beta-public-cluster-update-variant/main.tf +++ b/modules/beta-public-cluster-update-variant/main.tf @@ -50,7 +50,8 @@ locals { windows_node_pool_names = [for np in toset(var.windows_node_pools) : np.name] windows_node_pools = zipmap(local.windows_node_pool_names, tolist(toset(var.windows_node_pools))) - release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + gateway_api_channel = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] autoscaling_resource_limits = var.cluster_autoscaling.enabled ? concat([{ resource_type = "cpu" diff --git a/modules/beta-public-cluster-update-variant/outputs.tf b/modules/beta-public-cluster-update-variant/outputs.tf index 31556abecd..ed73acae2e 100644 --- a/modules/beta-public-cluster-update-variant/outputs.tf +++ b/modules/beta-public-cluster-update-variant/outputs.tf @@ -148,6 +148,11 @@ output "release_channel" { value = var.release_channel } +output "gateway_api_channel" { + description = "The gateway api channel of this cluster." + value = var.gateway_api_channel +} + output "identity_namespace" { description = "Workload Identity pool" value = length(local.cluster_workload_identity_config) > 0 ? local.cluster_workload_identity_config[0].workload_pool : null diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 65ced56983..4b7dc2121f 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -396,6 +396,12 @@ variable "release_channel" { default = null } +variable "gateway_api_channel" { + type = string + description = "The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`." + default = null +} + variable "add_cluster_firewall_rules" { type = bool description = "Create additional firewall rules" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 66fd8e6fc4..4f2f64be0f 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -170,6 +170,7 @@ Then perform the following commands on the root folder: | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no | | gke\_backup\_agent\_config | (Beta) Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | @@ -239,6 +240,7 @@ Then perform the following commands on the root folder: | cluster\_id | Cluster ID | | dns\_cache\_enabled | Whether DNS Cache enabled | | endpoint | Cluster endpoint | +| gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | | identity\_namespace | Workload Identity pool | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 1d17b229ed..296d2f6af6 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -47,6 +47,15 @@ resource "google_container_cluster" "primary" { channel = release_channel.value.channel } } + + dynamic "release_channel" { + for_each = local.gateway_api_channel + + content { + channel = gateway_api_channel.value.channel + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index 94d950d0e2..c4aa59f48e 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -50,7 +50,8 @@ locals { windows_node_pool_names = [for np in toset(var.windows_node_pools) : np.name] windows_node_pools = zipmap(local.windows_node_pool_names, tolist(toset(var.windows_node_pools))) - release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + gateway_api_channel = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] autoscaling_resource_limits = var.cluster_autoscaling.enabled ? concat([{ resource_type = "cpu" diff --git a/modules/beta-public-cluster/outputs.tf b/modules/beta-public-cluster/outputs.tf index 31556abecd..ed73acae2e 100644 --- a/modules/beta-public-cluster/outputs.tf +++ b/modules/beta-public-cluster/outputs.tf @@ -148,6 +148,11 @@ output "release_channel" { value = var.release_channel } +output "gateway_api_channel" { + description = "The gateway api channel of this cluster." + value = var.gateway_api_channel +} + output "identity_namespace" { description = "Workload Identity pool" value = length(local.cluster_workload_identity_config) > 0 ? local.cluster_workload_identity_config[0].workload_pool : null diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 65ced56983..4b7dc2121f 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -396,6 +396,12 @@ variable "release_channel" { default = null } +variable "gateway_api_channel" { + type = string + description = "The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`." + default = null +} + variable "add_cluster_firewall_rules" { type = bool description = "Create additional firewall rules" diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 9e282c0021..db8f92483c 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -186,6 +186,7 @@ Then perform the following commands on the root folder: | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | | http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no | @@ -245,6 +246,7 @@ Then perform the following commands on the root folder: | ca\_certificate | Cluster ca certificate (base64 encoded) | | cluster\_id | Cluster ID | | endpoint | Cluster endpoint | +| gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | | identity\_namespace | Workload Identity pool | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 0d177c90ef..9115ef175c 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -47,6 +47,15 @@ resource "google_container_cluster" "primary" { channel = release_channel.value.channel } } + + dynamic "release_channel" { + for_each = local.gateway_api_channel + + content { + channel = gateway_api_channel.value.channel + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index b5a546d874..9fd8820a59 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -50,7 +50,8 @@ locals { windows_node_pool_names = [for np in toset(var.windows_node_pools) : np.name] windows_node_pools = zipmap(local.windows_node_pool_names, tolist(toset(var.windows_node_pools))) - release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + gateway_api_channel = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] autoscaling_resource_limits = var.cluster_autoscaling.enabled ? concat([{ resource_type = "cpu" diff --git a/modules/private-cluster-update-variant/outputs.tf b/modules/private-cluster-update-variant/outputs.tf index c3436263f2..28350e722b 100644 --- a/modules/private-cluster-update-variant/outputs.tf +++ b/modules/private-cluster-update-variant/outputs.tf @@ -148,6 +148,11 @@ output "release_channel" { value = var.release_channel } +output "gateway_api_channel" { + description = "The gateway api channel of this cluster." + value = var.gateway_api_channel +} + output "identity_namespace" { description = "Workload Identity pool" value = length(local.cluster_workload_identity_config) > 0 ? local.cluster_workload_identity_config[0].workload_pool : null diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index c3d3bb511d..b11ce7f95c 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -407,6 +407,12 @@ variable "release_channel" { default = null } +variable "gateway_api_channel" { + type = string + description = "The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`." + default = null +} + variable "add_cluster_firewall_rules" { type = bool description = "Create additional firewall rules" diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index d59900d203..8fba8fefb7 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.36.0, < 5.0" + version = ">= 4.47.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index a336389570..8bdf9dad7b 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -164,6 +164,7 @@ Then perform the following commands on the root folder: | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | | http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no | @@ -223,6 +224,7 @@ Then perform the following commands on the root folder: | ca\_certificate | Cluster ca certificate (base64 encoded) | | cluster\_id | Cluster ID | | endpoint | Cluster endpoint | +| gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | | identity\_namespace | Workload Identity pool | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index f8dd0b8cee..030784da78 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -47,6 +47,15 @@ resource "google_container_cluster" "primary" { channel = release_channel.value.channel } } + + dynamic "release_channel" { + for_each = local.gateway_api_channel + + content { + channel = gateway_api_channel.value.channel + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index b5a546d874..9fd8820a59 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -50,7 +50,8 @@ locals { windows_node_pool_names = [for np in toset(var.windows_node_pools) : np.name] windows_node_pools = zipmap(local.windows_node_pool_names, tolist(toset(var.windows_node_pools))) - release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] + gateway_api_channel = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] autoscaling_resource_limits = var.cluster_autoscaling.enabled ? concat([{ resource_type = "cpu" diff --git a/modules/private-cluster/outputs.tf b/modules/private-cluster/outputs.tf index c3436263f2..28350e722b 100644 --- a/modules/private-cluster/outputs.tf +++ b/modules/private-cluster/outputs.tf @@ -148,6 +148,11 @@ output "release_channel" { value = var.release_channel } +output "gateway_api_channel" { + description = "The gateway api channel of this cluster." + value = var.gateway_api_channel +} + output "identity_namespace" { description = "Workload Identity pool" value = length(local.cluster_workload_identity_config) > 0 ? local.cluster_workload_identity_config[0].workload_pool : null diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index c3d3bb511d..b11ce7f95c 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -407,6 +407,12 @@ variable "release_channel" { default = null } +variable "gateway_api_channel" { + type = string + description = "The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`." + default = null +} + variable "add_cluster_firewall_rules" { type = bool description = "Create additional firewall rules" diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index f914717b7d..5d0dbd5486 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.36.0, < 5.0" + version = ">= 4.47.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/outputs.tf b/outputs.tf index 7e3fb254c6..ca55e48b8e 100644 --- a/outputs.tf +++ b/outputs.tf @@ -148,6 +148,11 @@ output "release_channel" { value = var.release_channel } +output "gateway_api_channel" { + description = "The gateway api channel of this cluster." + value = var.gateway_api_channel +} + output "identity_namespace" { description = "Workload Identity pool" value = length(local.cluster_workload_identity_config) > 0 ? local.cluster_workload_identity_config[0].workload_pool : null diff --git a/test/fixtures/all_examples/test_outputs.tf b/test/fixtures/all_examples/test_outputs.tf index e64c40e477..7b2198a5d5 100755 --- a/test/fixtures/all_examples/test_outputs.tf +++ b/test/fixtures/all_examples/test_outputs.tf @@ -61,3 +61,8 @@ output "master_kubernetes_version" { description = "The master Kubernetes version" value = module.gke.master_version } + +output "gateway_api_channel" { + description = "The gateway api channel of this cluster" + value = module.gke.gateway_api_channel +} diff --git a/test/fixtures/simple_regional_with_gateway_api/example.tf b/test/fixtures/simple_regional_with_gateway_api/example.tf new file mode 100644 index 0000000000..b6a5252414 --- /dev/null +++ b/test/fixtures/simple_regional_with_gateway_api/example.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "example" { + source = "../../../examples/simple_regional_with_gateway_api" + + project_id = var.project_ids[1] + region = var.region + gateway_api_channel = "CHANNEL_STANDARD" +} diff --git a/test/fixtures/simple_regional_with_gateway_api/outputs.tf b/test/fixtures/simple_regional_with_gateway_api/outputs.tf new file mode 100644 index 0000000000..36ec956ac1 --- /dev/null +++ b/test/fixtures/simple_regional_with_gateway_api/outputs.tf @@ -0,0 +1,79 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +output "project_id" { + value = module.example.project_id +} + +output "location" { + value = module.example.location +} + +output "cluster_name" { + description = "Cluster name" + value = module.example.cluster_name +} + +output "kubernetes_endpoint" { + sensitive = true + value = module.example.kubernetes_endpoint +} + +output "client_token" { + sensitive = true + value = module.example.client_token +} + +output "ca_certificate" { + value = module.example.ca_certificate + sensitive = true +} + +output "service_account" { + description = "The default service account used for running nodes." + value = module.example.service_account +} + +output "network_name" { + description = "The name of the VPC being created" + value = module.example.network +} + +output "subnet_name" { + description = "The name of the subnet being created" + value = module.example.subnetwork +} + +output "region" { + description = "The region the cluster is hosted in" + value = module.example.region +} + +output "ip_range_pods_name" { + description = "The secondary range name for pods" + value = module.example.ip_range_pods_name +} + +output "ip_range_services_name" { + description = "The secondary range name for services" + value = module.example.ip_range_services_name +} + +output "gateway_api_channel" { + description = "The gateway api channel of this cluster" + value = module.example.gateway_api_channel +} diff --git a/test/fixtures/simple_regional_with_gateway_api/variables.tf b/test/fixtures/simple_regional_with_gateway_api/variables.tf new file mode 100644 index 0000000000..a04c2dcd26 --- /dev/null +++ b/test/fixtures/simple_regional_with_gateway_api/variables.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_ids" { + type = list(string) + description = "The GCP projects to use for integration tests" +} + +variable "region" { + description = "The region to host the cluster in" + default = "us-east4" +} + +variable "gateway_api_channel" { + type = string + description = "The gateway api channel of this cluster." +} diff --git a/variables.tf b/variables.tf index a691783262..74fde23477 100644 --- a/variables.tf +++ b/variables.tf @@ -377,6 +377,12 @@ variable "release_channel" { default = null } +variable "gateway_api_channel" { + type = string + description = "The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`." + default = null +} + variable "add_cluster_firewall_rules" { type = bool description = "Create additional firewall rules" diff --git a/versions.tf b/versions.tf index e08a8f3fd5..6d0841514b 100644 --- a/versions.tf +++ b/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.36.0, < 5.0" + version = ">= 4.47.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes"