diff --git a/README.md b/README.md index 0f338e2863..b1f8247a36 100644 --- a/README.md +++ b/README.md @@ -161,7 +161,7 @@ Then perform the following commands on the root folder: | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 22a6880563..2b1466d37d 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -265,6 +265,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 93f2a01927..86ade1f554 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/cluster.tf b/cluster.tf index 72c7cebf5b..3cd0f6f835 100644 --- a/cluster.tf +++ b/cluster.tf @@ -146,6 +146,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 94a3275edf..45d362ed93 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -104,7 +104,7 @@ Then perform the following commands on the root folder: | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 271bf900fc..1f1af35d7b 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -120,6 +120,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 0a554420c3..b67a241eec 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 4c9b0a9a48..255ef58b9f 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -95,7 +95,7 @@ Then perform the following commands on the root folder: | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index b61d8a2160..f8639d4988 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -120,6 +120,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index c35bb86a22..d0bcca1b2f 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 48a12f031b..35e1455447 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -215,7 +215,7 @@ Then perform the following commands on the root folder: | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index b6a86ee052..3a1093e9bf 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -231,6 +231,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index a88bd877e3..2692486361 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index a3ce1ece4d..ce001d7683 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -193,7 +193,7 @@ Then perform the following commands on the root folder: | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 564a2efa8c..8a137d99de 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -231,6 +231,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index a88bd877e3..2692486361 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 30c05a0a00..1a7f5003ed 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -206,7 +206,7 @@ Then perform the following commands on the root folder: | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 5687d0e661..1725a15ce0 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -231,6 +231,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index dbd9885446..8800312331 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 352db89885..5a198e6745 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -184,7 +184,7 @@ Then perform the following commands on the root folder: | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 1708c1e43b..f20ac3a0a4 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -231,6 +231,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index dbd9885446..8800312331 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index c9e0c619b7..a3b0a135e8 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -192,7 +192,7 @@ Then perform the following commands on the root folder: | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 9945792aa4..1a4cdf5ebc 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -146,6 +146,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 2a7ff1efcb..2c98a8532c 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 7d30994a2d..3ded26b96e 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -170,7 +170,7 @@ Then perform the following commands on the root folder: | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | -| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string }))` | `[]` | no | +| maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 18463f3223..7b74bf1493 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -146,6 +146,13 @@ resource "google_container_cluster" "primary" { exclusion_name = maintenance_exclusion.value.name start_time = maintenance_exclusion.value.start_time end_time = maintenance_exclusion.value.end_time + + dynamic "exclusion_options" { + for_each = maintenance_exclusion.value.exclusion_scope == null ? [] : [maintenance_exclusion.value.exclusion_scope] + content { + scope = exclusion_options.value + } + } } } } diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 2a7ff1efcb..2c98a8532c 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] } diff --git a/variables.tf b/variables.tf index 70684d7d40..1ee6995719 100644 --- a/variables.tf +++ b/variables.tf @@ -109,7 +109,7 @@ variable "maintenance_start_time" { } variable "maintenance_exclusions" { - type = list(object({ name = string, start_time = string, end_time = string })) + type = list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string })) description = "List of maintenance exclusions. A cluster can have up to three" default = [] }