diff --git a/Makefile b/Makefile index ebad195d2..07974a426 100644 --- a/Makefile +++ b/Makefile @@ -21,11 +21,12 @@ SHELL := /usr/bin/env bash DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.0 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools REGISTRY_URL := gcr.io/cloud-foundation-cicd +DOCKER_BIN ?= docker # Enter docker container for local development .PHONY: docker_run docker_run: - docker run --rm -it \ + $(DOCKER_BIN) run --rm -it \ -e SERVICE_ACCOUNT_JSON \ -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ @@ -34,7 +35,7 @@ docker_run: # Execute prepare tests within the docker container .PHONY: docker_test_prepare docker_test_prepare: - docker run --rm -it \ + $(DOCKER_BIN) run --rm -it \ -e SERVICE_ACCOUNT_JSON \ -e TF_VAR_org_id \ -e TF_VAR_folder_id \ @@ -46,7 +47,7 @@ docker_test_prepare: # Clean up test environment within the docker container .PHONY: docker_test_cleanup docker_test_cleanup: - docker run --rm -it \ + $(DOCKER_BIN) run --rm -it \ -e SERVICE_ACCOUNT_JSON \ -e TF_VAR_org_id \ -e TF_VAR_folder_id \ @@ -58,7 +59,7 @@ docker_test_cleanup: # Execute integration tests within the docker container .PHONY: docker_test_integration docker_test_integration: - docker run --rm -it \ + $(DOCKER_BIN) run --rm -it \ -e SERVICE_ACCOUNT_JSON \ -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ @@ -67,7 +68,7 @@ docker_test_integration: # Execute lint tests within the docker container .PHONY: docker_test_lint docker_test_lint: - docker run --rm -it \ + $(DOCKER_BIN) run --rm -it \ -e ENABLE_PARALLEL=1 \ -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ @@ -76,7 +77,7 @@ docker_test_lint: # Generate documentation .PHONY: docker_generate_docs docker_generate_docs: - docker run --rm -it \ + $(DOCKER_BIN) run --rm -it \ -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs' @@ -84,7 +85,7 @@ docker_generate_docs: # Generate files from autogen .PHONY: docker_generate_modules docker_generate_modules: - docker run --rm -it \ + $(DOCKER_BIN) run --rm -it \ -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_modules' diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index c8cb20ebd..a580e7ea9 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -78,7 +78,22 @@ resource "google_container_cluster" "primary" { } } logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + dynamic "logging_config" { + for_each = length(var.logging_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.logging_enabled_components + } + } + monitoring_service = local.cluster_telemetry_type_is_set ? null : var.monitoring_service + dynamic "monitoring_config" { + for_each = length(var.monitoring_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.monitoring_enabled_components + } + } {% else %} logging_service = var.logging_service monitoring_service = var.monitoring_service diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index dc47f07b1..be7baa10e 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -349,12 +349,28 @@ variable "logging_service" { default = "logging.googleapis.com/kubernetes" } +{% if beta_cluster %} +variable "logging_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + default = [] +} + +{% endif %} variable "monitoring_service" { type = string description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none" default = "monitoring.googleapis.com/kubernetes" } +{% if beta_cluster %} +variable "monitoring_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + default = [] +} + +{% endif %} variable "create_service_account" { type = bool description = "Defines if service account specified to run nodes should be created." diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index e07f3c7b0..1a8ff7522 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -24,7 +24,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 3.79.0, <4.0.0" + version = ">= 3.87.0, <4.0.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/examples/node_pool_update_variant_beta/main.tf b/examples/node_pool_update_variant_beta/main.tf index e292fab99..b282aa608 100644 --- a/examples/node_pool_update_variant_beta/main.tf +++ b/examples/node_pool_update_variant_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" credentials = file(var.credentials_path) region = var.region } diff --git a/examples/node_pool_update_variant_public_beta/main.tf b/examples/node_pool_update_variant_public_beta/main.tf index 4dedb7776..10e9c084e 100644 --- a/examples/node_pool_update_variant_public_beta/main.tf +++ b/examples/node_pool_update_variant_public_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" credentials = file(var.credentials_path) region = var.region } diff --git a/examples/regional_private_node_pool_oauth_scopes/provider.tf b/examples/regional_private_node_pool_oauth_scopes/provider.tf index 4fa3c380a..55442e8e6 100644 --- a/examples/regional_private_node_pool_oauth_scopes/provider.tf +++ b/examples/regional_private_node_pool_oauth_scopes/provider.tf @@ -19,7 +19,7 @@ provider "google" { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" } data "google_client_config" "default" {} diff --git a/examples/safer_cluster/main.tf b/examples/safer_cluster/main.tf index 585392f9c..c085ca0c9 100644 --- a/examples/safer_cluster/main.tf +++ b/examples/safer_cluster/main.tf @@ -35,7 +35,7 @@ provider "google" { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" } data "google_client_config" "default" {} diff --git a/examples/safer_cluster_iap_bastion/provider.tf b/examples/safer_cluster_iap_bastion/provider.tf index cd56d735b..ca882e5f5 100644 --- a/examples/safer_cluster_iap_bastion/provider.tf +++ b/examples/safer_cluster_iap_bastion/provider.tf @@ -19,7 +19,7 @@ provider "google" { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" } data "google_client_config" "default" {} diff --git a/examples/simple_regional_beta/main.tf b/examples/simple_regional_beta/main.tf index 9bb78ddd7..12ec938e7 100644 --- a/examples/simple_regional_beta/main.tf +++ b/examples/simple_regional_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" region = var.region } diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf index 6e0736ce4..bf5666476 100644 --- a/examples/simple_regional_private_beta/main.tf +++ b/examples/simple_regional_private_beta/main.tf @@ -24,7 +24,7 @@ provider "google" { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" region = var.region } diff --git a/examples/simple_zonal_with_asm/main.tf b/examples/simple_zonal_with_asm/main.tf index bffde7f7c..d8a5f9a81 100644 --- a/examples/simple_zonal_with_asm/main.tf +++ b/examples/simple_zonal_with_asm/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" region = var.region } diff --git a/examples/workload_metadata_config/main.tf b/examples/workload_metadata_config/main.tf index 7ae00e779..b146e30c3 100644 --- a/examples/workload_metadata_config/main.tf +++ b/examples/workload_metadata_config/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.79.0" + version = "~> 3.87.0" region = var.region } diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 0916532bc..a932b2e70 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -211,6 +211,7 @@ Then perform the following commands on the root folder: | istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | | kalm\_config | (Beta) Whether KALM is enabled for this cluster. | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | +| logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | @@ -219,6 +220,7 @@ Then perform the following commands on the root folder: | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | (Beta) Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | | master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no | +| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 276d66111..21e2a7232 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -68,8 +68,23 @@ resource "google_container_cluster" "primary" { type = var.cluster_telemetry_type } } - logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + dynamic "logging_config" { + for_each = length(var.logging_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.logging_enabled_components + } + } + monitoring_service = local.cluster_telemetry_type_is_set ? null : var.monitoring_service + dynamic "monitoring_config" { + for_each = length(var.monitoring_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.monitoring_enabled_components + } + } cluster_autoscaling { enabled = var.cluster_autoscaling.enabled diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index e343305f8..0560f7b2b 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -335,12 +335,24 @@ variable "logging_service" { default = "logging.googleapis.com/kubernetes" } +variable "logging_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + default = [] +} + variable "monitoring_service" { type = string description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none" default = "monitoring.googleapis.com/kubernetes" } +variable "monitoring_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + default = [] +} + variable "create_service_account" { type = bool description = "Defines if service account specified to run nodes should be created." diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index e21a5a160..ce467385c 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 3.79.0, <4.0.0" + version = ">= 3.87.0, <4.0.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 206fb379e..bdec3ab7c 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -189,6 +189,7 @@ Then perform the following commands on the root folder: | istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | | kalm\_config | (Beta) Whether KALM is enabled for this cluster. | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | +| logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | @@ -197,6 +198,7 @@ Then perform the following commands on the root folder: | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | (Beta) Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | | master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no | +| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index c27a1e535..d5204d6cf 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -68,8 +68,23 @@ resource "google_container_cluster" "primary" { type = var.cluster_telemetry_type } } - logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + dynamic "logging_config" { + for_each = length(var.logging_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.logging_enabled_components + } + } + monitoring_service = local.cluster_telemetry_type_is_set ? null : var.monitoring_service + dynamic "monitoring_config" { + for_each = length(var.monitoring_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.monitoring_enabled_components + } + } cluster_autoscaling { enabled = var.cluster_autoscaling.enabled diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index e343305f8..0560f7b2b 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -335,12 +335,24 @@ variable "logging_service" { default = "logging.googleapis.com/kubernetes" } +variable "logging_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + default = [] +} + variable "monitoring_service" { type = string description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none" default = "monitoring.googleapis.com/kubernetes" } +variable "monitoring_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + default = [] +} + variable "create_service_account" { type = bool description = "Defines if service account specified to run nodes should be created." diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 248d0d08f..079a07082 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 3.79.0, <4.0.0" + version = ">= 3.87.0, <4.0.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 367be68aa..a8ead250c 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -202,12 +202,14 @@ Then perform the following commands on the root folder: | istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | | kalm\_config | (Beta) Whether KALM is enabled for this cluster. | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | +| logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | +| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 15a85a0ff..904aa0326 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -68,8 +68,23 @@ resource "google_container_cluster" "primary" { type = var.cluster_telemetry_type } } - logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + dynamic "logging_config" { + for_each = length(var.logging_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.logging_enabled_components + } + } + monitoring_service = local.cluster_telemetry_type_is_set ? null : var.monitoring_service + dynamic "monitoring_config" { + for_each = length(var.monitoring_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.monitoring_enabled_components + } + } cluster_autoscaling { enabled = var.cluster_autoscaling.enabled diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 8dda6d77e..818da50b8 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -335,12 +335,24 @@ variable "logging_service" { default = "logging.googleapis.com/kubernetes" } +variable "logging_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + default = [] +} + variable "monitoring_service" { type = string description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none" default = "monitoring.googleapis.com/kubernetes" } +variable "monitoring_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + default = [] +} + variable "create_service_account" { type = bool description = "Defines if service account specified to run nodes should be created." diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index 074f09545..add0d45a7 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 3.79.0, <4.0.0" + version = ">= 3.87.0, <4.0.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 6421c6eb9..be7111e85 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -180,12 +180,14 @@ Then perform the following commands on the root folder: | istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | | kalm\_config | (Beta) Whether KALM is enabled for this cluster. | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | +| logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | +| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no | | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 1d4e3c99e..01f0f8db7 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -68,8 +68,23 @@ resource "google_container_cluster" "primary" { type = var.cluster_telemetry_type } } - logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + logging_service = local.cluster_telemetry_type_is_set ? null : var.logging_service + dynamic "logging_config" { + for_each = length(var.logging_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.logging_enabled_components + } + } + monitoring_service = local.cluster_telemetry_type_is_set ? null : var.monitoring_service + dynamic "monitoring_config" { + for_each = length(var.monitoring_enabled_components) > 0 ? [1] : [] + + content { + enable_components = var.monitoring_enabled_components + } + } cluster_autoscaling { enabled = var.cluster_autoscaling.enabled diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 8dda6d77e..818da50b8 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -335,12 +335,24 @@ variable "logging_service" { default = "logging.googleapis.com/kubernetes" } +variable "logging_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration." + default = [] +} + variable "monitoring_service" { type = string description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none" default = "monitoring.googleapis.com/kubernetes" } +variable "monitoring_enabled_components" { + type = list(string) + description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration." + default = [] +} + variable "create_service_account" { type = bool description = "Defines if service account specified to run nodes should be created." diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index cb10e074a..3f0ad0de0 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 3.79.0, <4.0.0" + version = ">= 3.87.0, <4.0.0" } kubernetes = { source = "hashicorp/kubernetes"