From a68fe6922fad3f343c9ad075d4433b0a087f7df2 Mon Sep 17 00:00:00 2001 From: Bharath KKB Date: Tue, 8 Mar 2022 16:57:20 -0600 Subject: [PATCH] feat!: add gcp_filestore_csi_driver_config to addons config (#1166) --- README.md | 2 ++ autogen/main/README.md | 1 + autogen/main/cluster.tf.tmpl | 5 +++++ autogen/main/variables.tf.tmpl | 6 ++++++ autogen/main/versions.tf.tmpl | 4 ++-- cluster.tf | 5 +++++ modules/beta-autopilot-private-cluster/README.md | 1 + modules/beta-autopilot-private-cluster/cluster.tf | 1 + modules/beta-autopilot-private-cluster/versions.tf | 2 +- modules/beta-autopilot-public-cluster/README.md | 1 + modules/beta-autopilot-public-cluster/cluster.tf | 1 + modules/beta-autopilot-public-cluster/versions.tf | 2 +- modules/beta-private-cluster-update-variant/README.md | 2 ++ modules/beta-private-cluster-update-variant/cluster.tf | 5 +++++ modules/beta-private-cluster-update-variant/variables.tf | 6 ++++++ modules/beta-private-cluster-update-variant/versions.tf | 2 +- modules/beta-private-cluster/README.md | 2 ++ modules/beta-private-cluster/cluster.tf | 5 +++++ modules/beta-private-cluster/variables.tf | 6 ++++++ modules/beta-private-cluster/versions.tf | 2 +- modules/beta-public-cluster-update-variant/README.md | 2 ++ modules/beta-public-cluster-update-variant/cluster.tf | 5 +++++ modules/beta-public-cluster-update-variant/variables.tf | 6 ++++++ modules/beta-public-cluster-update-variant/versions.tf | 2 +- modules/beta-public-cluster/README.md | 2 ++ modules/beta-public-cluster/cluster.tf | 5 +++++ modules/beta-public-cluster/variables.tf | 6 ++++++ modules/beta-public-cluster/versions.tf | 2 +- modules/private-cluster-update-variant/README.md | 2 ++ modules/private-cluster-update-variant/cluster.tf | 5 +++++ modules/private-cluster-update-variant/variables.tf | 6 ++++++ modules/private-cluster-update-variant/versions.tf | 2 +- modules/private-cluster/README.md | 2 ++ modules/private-cluster/cluster.tf | 5 +++++ modules/private-cluster/variables.tf | 6 ++++++ modules/private-cluster/versions.tf | 2 +- variables.tf | 6 ++++++ versions.tf | 2 +- 38 files changed, 118 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 601c953a0..d03c0a354 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,7 @@ module "gke" { http_load_balancing = false network_policy = false horizontal_pod_autoscaling = true + filestore_csi_driver = false node_pools = [ { @@ -143,6 +144,7 @@ Then perform the following commands on the root folder: | enable\_resource\_consumption\_export | Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. | `bool` | `true` | no | | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no | | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no | +| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gcloud\_upgrade | Whether to upgrade gcloud at runtime | `bool` | `false` | no | diff --git a/autogen/main/README.md b/autogen/main/README.md index 483ba08af..d9d74c6d2 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -77,6 +77,7 @@ module "gke" { network_policy = false {% endif %} horizontal_pod_autoscaling = true + filestore_csi_driver = false {% if private_cluster %} enable_private_endpoint = true enable_private_nodes = true diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 741356f66..60831abc9 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -185,10 +185,15 @@ resource "google_container_cluster" "primary" { horizontal_pod_autoscaling { disabled = !var.horizontal_pod_autoscaling } + {% if autopilot_cluster != true %} network_policy_config { disabled = !var.network_policy } + + gcp_filestore_csi_driver_config { + enabled = var.filestore_csi_driver + } {% endif %} {% if beta_cluster and autopilot_cluster != true %} diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 5b123a0ea..17b3e273c 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -162,6 +162,12 @@ variable "remove_default_node_pool" { description = "Remove default node pool while setting up the cluster" default = false } + +variable "filestore_csi_driver" { + type = bool + description = "The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes" + default = false +} {% endif %} variable "disable_legacy_metadata_endpoints" { diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index dfbfb59a4..c49c75fa9 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -24,7 +24,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.6.0, < 5.0" + version = ">= 4.10.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" @@ -38,7 +38,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.0.0, < 5.0" + version = ">= 4.10.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/cluster.tf b/cluster.tf index fdfa8d572..a06712b2d 100644 --- a/cluster.tf +++ b/cluster.tf @@ -106,9 +106,14 @@ resource "google_container_cluster" "primary" { horizontal_pod_autoscaling { disabled = !var.horizontal_pod_autoscaling } + network_policy_config { disabled = !var.network_policy } + + gcp_filestore_csi_driver_config { + enabled = var.filestore_csi_driver + } } datapath_provider = var.datapath_provider diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index f5d916f4d..9f39b2f6c 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -46,6 +46,7 @@ module "gke" { ip_range_pods = "us-central1-01-gke-01-pods" ip_range_services = "us-central1-01-gke-01-services" horizontal_pod_autoscaling = true + filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true master_ipv4_cidr_block = "10.0.0.0/28" diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index fb0237755..7a9ae23e5 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -86,6 +86,7 @@ resource "google_container_cluster" "primary" { horizontal_pod_autoscaling { disabled = !var.horizontal_pod_autoscaling } + } datapath_provider = var.datapath_provider diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index dcf4235ae..59ada13df 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.6.0, < 5.0" + version = ">= 4.10.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 8ab379df9..92cd7f634 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -43,6 +43,7 @@ module "gke" { ip_range_pods = "us-central1-01-gke-01-pods" ip_range_services = "us-central1-01-gke-01-services" horizontal_pod_autoscaling = true + filestore_csi_driver = false enable_autopilot = true } diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index f047f4ac1..ef848bc88 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -86,6 +86,7 @@ resource "google_container_cluster" "primary" { horizontal_pod_autoscaling { disabled = !var.horizontal_pod_autoscaling } + } datapath_provider = var.datapath_provider diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index e9f388254..f128b7344 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.6.0, < 5.0" + version = ">= 4.10.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 3bb670946..c51e71be1 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -70,6 +70,7 @@ module "gke" { http_load_balancing = false network_policy = false horizontal_pod_autoscaling = true + filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true master_ipv4_cidr_block = "10.0.0.0/28" @@ -192,6 +193,7 @@ Then perform the following commands on the root folder: | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no | | enable\_tpu | Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no | | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no | +| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index a10536bd8..8bb01a865 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -157,10 +157,15 @@ resource "google_container_cluster" "primary" { horizontal_pod_autoscaling { disabled = !var.horizontal_pod_autoscaling } + network_policy_config { disabled = !var.network_policy } + gcp_filestore_csi_driver_config { + enabled = var.filestore_csi_driver + } + istio_config { disabled = !var.istio auth = var.istio_auth diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index b0c7ceb9e..06c316f33 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -160,6 +160,12 @@ variable "remove_default_node_pool" { default = false } +variable "filestore_csi_driver" { + type = bool + description = "The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes" + default = false +} + variable "disable_legacy_metadata_endpoints" { type = bool description = "Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated." diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index 4b405cdfa..73b233cf8 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.6.0, < 5.0" + version = ">= 4.10.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index b28908fd4..98379fe5a 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -48,6 +48,7 @@ module "gke" { http_load_balancing = false network_policy = false horizontal_pod_autoscaling = true + filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true master_ipv4_cidr_block = "10.0.0.0/28" @@ -170,6 +171,7 @@ Then perform the following commands on the root folder: | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no | | enable\_tpu | Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no | | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no | +| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 6bb5e8e45..fe874b762 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -157,10 +157,15 @@ resource "google_container_cluster" "primary" { horizontal_pod_autoscaling { disabled = !var.horizontal_pod_autoscaling } + network_policy_config { disabled = !var.network_policy } + gcp_filestore_csi_driver_config { + enabled = var.filestore_csi_driver + } + istio_config { disabled = !var.istio auth = var.istio_auth diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index b0c7ceb9e..06c316f33 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -160,6 +160,12 @@ variable "remove_default_node_pool" { default = false } +variable "filestore_csi_driver" { + type = bool + description = "The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes" + default = false +} + variable "disable_legacy_metadata_endpoints" { type = bool description = "Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated." diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index d18670b50..7b66d371b 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.6.0, < 5.0" + version = ">= 4.10.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 3b0fa1fc9..8801d7ccd 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -67,6 +67,7 @@ module "gke" { http_load_balancing = false network_policy = false horizontal_pod_autoscaling = true + filestore_csi_driver = false istio = true cloudrun = true dns_cache = false @@ -183,6 +184,7 @@ Then perform the following commands on the root folder: | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no | | enable\_tpu | Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no | | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no | +| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index fd75857c2..762955d34 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -157,10 +157,15 @@ resource "google_container_cluster" "primary" { horizontal_pod_autoscaling { disabled = !var.horizontal_pod_autoscaling } + network_policy_config { disabled = !var.network_policy } + gcp_filestore_csi_driver_config { + enabled = var.filestore_csi_driver + } + istio_config { disabled = !var.istio auth = var.istio_auth diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 564e019b2..7ca71309b 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -160,6 +160,12 @@ variable "remove_default_node_pool" { default = false } +variable "filestore_csi_driver" { + type = bool + description = "The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes" + default = false +} + variable "disable_legacy_metadata_endpoints" { type = bool description = "Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated." diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index 9fdf6935d..42448fe10 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.6.0, < 5.0" + version = ">= 4.10.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index cf329349f..7d9d2577c 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -45,6 +45,7 @@ module "gke" { http_load_balancing = false network_policy = false horizontal_pod_autoscaling = true + filestore_csi_driver = false istio = true cloudrun = true dns_cache = false @@ -161,6 +162,7 @@ Then perform the following commands on the root folder: | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no | | enable\_tpu | Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no | | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no | +| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 539739c9d..a6d20774d 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -157,10 +157,15 @@ resource "google_container_cluster" "primary" { horizontal_pod_autoscaling { disabled = !var.horizontal_pod_autoscaling } + network_policy_config { disabled = !var.network_policy } + gcp_filestore_csi_driver_config { + enabled = var.filestore_csi_driver + } + istio_config { disabled = !var.istio auth = var.istio_auth diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 564e019b2..7ca71309b 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -160,6 +160,12 @@ variable "remove_default_node_pool" { default = false } +variable "filestore_csi_driver" { + type = bool + description = "The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes" + default = false +} + variable "disable_legacy_metadata_endpoints" { type = bool description = "Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated." diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index e34e3ac3c..cd7be4c3f 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.6.0, < 5.0" + version = ">= 4.10.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 993f2be40..f03158538 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -70,6 +70,7 @@ module "gke" { http_load_balancing = false network_policy = false horizontal_pod_autoscaling = true + filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true master_ipv4_cidr_block = "10.0.0.0/28" @@ -174,6 +175,7 @@ Then perform the following commands on the root folder: | enable\_resource\_consumption\_export | Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. | `bool` | `true` | no | | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no | | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no | +| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gcloud\_upgrade | Whether to upgrade gcloud at runtime | `bool` | `false` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 4a79dbe6c..b5e4df2dc 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -106,9 +106,14 @@ resource "google_container_cluster" "primary" { horizontal_pod_autoscaling { disabled = !var.horizontal_pod_autoscaling } + network_policy_config { disabled = !var.network_policy } + + gcp_filestore_csi_driver_config { + enabled = var.filestore_csi_driver + } } datapath_provider = var.datapath_provider diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 0bd3341d9..e0138ec15 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -149,6 +149,12 @@ variable "remove_default_node_pool" { default = false } +variable "filestore_csi_driver" { + type = bool + description = "The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes" + default = false +} + variable "disable_legacy_metadata_endpoints" { type = bool description = "Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated." diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index 7ae6bea1e..ac30c92cd 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.0.0, < 5.0" + version = ">= 4.10.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 0bb0e7a40..8aabf2e33 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -48,6 +48,7 @@ module "gke" { http_load_balancing = false network_policy = false horizontal_pod_autoscaling = true + filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true master_ipv4_cidr_block = "10.0.0.0/28" @@ -152,6 +153,7 @@ Then perform the following commands on the root folder: | enable\_resource\_consumption\_export | Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. | `bool` | `true` | no | | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no | | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no | +| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | 
[
  "8443",
  "9443",
  "15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gcloud\_upgrade | Whether to upgrade gcloud at runtime | `bool` | `false` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 74ad14a29..ffa8c1a38 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -106,9 +106,14 @@ resource "google_container_cluster" "primary" { horizontal_pod_autoscaling { disabled = !var.horizontal_pod_autoscaling } + network_policy_config { disabled = !var.network_policy } + + gcp_filestore_csi_driver_config { + enabled = var.filestore_csi_driver + } } datapath_provider = var.datapath_provider diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 0bd3341d9..e0138ec15 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -149,6 +149,12 @@ variable "remove_default_node_pool" { default = false } +variable "filestore_csi_driver" { + type = bool + description = "The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes" + default = false +} + variable "disable_legacy_metadata_endpoints" { type = bool description = "Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated." diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index 245bc8666..ce6030a08 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.0.0, < 5.0" + version = ">= 4.10.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/variables.tf b/variables.tf index e01a012cb..ce76d52bf 100644 --- a/variables.tf +++ b/variables.tf @@ -149,6 +149,12 @@ variable "remove_default_node_pool" { default = false } +variable "filestore_csi_driver" { + type = bool + description = "The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes" + default = false +} + variable "disable_legacy_metadata_endpoints" { type = bool description = "Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated." diff --git a/versions.tf b/versions.tf index 990c28961..b3239e49f 100644 --- a/versions.tf +++ b/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.0.0, < 5.0" + version = ">= 4.10.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes"