diff --git a/README.md b/README.md
index 60d3df850..0e5cf2eaf 100644
--- a/README.md
+++ b/README.md
@@ -155,6 +155,7 @@ Then perform the following commands on the root folder:
| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
| firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | [
"8443",
"9443",
"15017"
]
| no |
| firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
+| gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
| http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no |
diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
index 368fbeed3..4758f9e6f 100644
--- a/autogen/main/cluster.tf.tmpl
+++ b/autogen/main/cluster.tf.tmpl
@@ -235,7 +235,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}
-
{% if autopilot_cluster != true %}
network_policy_config {
disabled = !var.network_policy
@@ -248,6 +247,14 @@ resource "google_container_cluster" "primary" {
gcp_filestore_csi_driver_config {
enabled = var.filestore_csi_driver
}
+
+ dynamic "gce_persistent_disk_csi_driver_config" {
+ for_each = local.cluster_gce_pd_csi_config
+
+ content {
+ enabled = gce_persistent_disk_csi_driver_config.value.enabled
+ }
+ }
{% endif %}
{% if beta_cluster and autopilot_cluster != true %}
@@ -264,14 +271,6 @@ resource "google_container_cluster" "primary" {
}
}
- dynamic "gce_persistent_disk_csi_driver_config" {
- for_each = local.cluster_gce_pd_csi_config
-
- content {
- enabled = gce_persistent_disk_csi_driver_config.value.enabled
- }
- }
-
kalm_config {
enabled = var.kalm_config
}
diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl
index 77239915b..dc53e13da 100644
--- a/autogen/main/main.tf.tmpl
+++ b/autogen/main/main.tf.tmpl
@@ -95,6 +95,7 @@ locals {
enabled = false
provider = null
}]
+ cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
{% endif %}
{% if beta_cluster and autopilot_cluster != true %}
cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? {
@@ -109,7 +110,6 @@ locals {
)
] : []
cluster_cloudrun_enabled = var.cloudrun
- cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
{% endif %}
diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
index 554bbd87a..043d236c3 100644
--- a/autogen/main/variables.tf.tmpl
+++ b/autogen/main/variables.tf.tmpl
@@ -605,6 +605,12 @@ variable "cluster_dns_domain" {
default = ""
}
+variable "gce_pd_csi_driver" {
+ type = bool
+ description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
+ default = true
+}
+
{% endif %}
variable "timeouts" {
type = map(string)
@@ -713,11 +719,5 @@ variable "enable_identity_service" {
description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
default = false
}
-
-variable "gce_pd_csi_driver" {
- type = bool
- description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
- default = false
-}
{% endif %}
{% endif %}
diff --git a/cluster.tf b/cluster.tf
index 8b9e80248..85cac2f85 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -131,7 +131,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}
-
network_policy_config {
disabled = !var.network_policy
}
@@ -143,6 +142,14 @@ resource "google_container_cluster" "primary" {
gcp_filestore_csi_driver_config {
enabled = var.filestore_csi_driver
}
+
+ dynamic "gce_persistent_disk_csi_driver_config" {
+ for_each = local.cluster_gce_pd_csi_config
+
+ content {
+ enabled = gce_persistent_disk_csi_driver_config.value.enabled
+ }
+ }
}
datapath_provider = var.datapath_provider
diff --git a/docs/upgrading_to_v25.0.md b/docs/upgrading_to_v25.0.md
new file mode 100644
index 000000000..d8ba59fa4
--- /dev/null
+++ b/docs/upgrading_to_v25.0.md
@@ -0,0 +1,42 @@
+# Upgrading to v25.0
+The v25.0 release of *kubernetes-engine* is a backwards incompatible
+release.
+
+### gce_pd_csi_driver is GA and enabled by default
+
+`gce_pd_csi_driver` is now supported in GA modules and defaults to true. To opt out, set `gce_pd_csi_driver` to `false`.
+
+```diff
+ module "gke" {
+- source = "terraform-google-modules/kubernetes-engine"
+- version = "~> 24.0"
++ source = "terraform-google-modules/kubernetes-engine"
++ version = "~> 25.0"
+...
++ gce_pd_csi_driver = false
+}
+```
+
+### Use the created service account when creating autopilot clusters
+
+When `create_service_account` is `true` pass the created service account to the `cluster_autoscaling` -> `auto_provisioning_defaults` block
+for the `beta-autopilot-private-cluster` / `beta-autopilot-public-cluster` modules.
+
+This will mean that the `Nodes` will use the created service account, where previously the default service account was erronously used instead.
+
+To opt out, set `create_service_account` to `false`
+
+```diff
+ module "gke" {
+- source = "terraform-google-modules/kubernetes-engine"
+- version = "~> 24.0"
++ source = "terraform-google-modules/kubernetes-engine"
++ version = "~> 25.0"
+...
++ create_service_account = false
+}
+```
+
+### Minimum Google Provider versions
+
+Minimum Google Provider versions have been updated to `4.44.0`.
diff --git a/main.tf b/main.tf
index 83caf0fbd..ff006e3ab 100644
--- a/main.tf
+++ b/main.tf
@@ -81,6 +81,7 @@ locals {
enabled = false
provider = null
}]
+ cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{
security_group = var.authenticator_security_group
diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf
index 1679ed045..7d5614fe7 100644
--- a/modules/beta-autopilot-private-cluster/cluster.tf
+++ b/modules/beta-autopilot-private-cluster/cluster.tf
@@ -119,7 +119,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}
-
}
datapath_provider = var.datapath_provider
diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf
index 9fe5820da..a1ab9cd62 100644
--- a/modules/beta-autopilot-public-cluster/cluster.tf
+++ b/modules/beta-autopilot-public-cluster/cluster.tf
@@ -119,7 +119,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}
-
}
datapath_provider = var.datapath_provider
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
index f3250e143..e1803a617 100644
--- a/modules/beta-private-cluster-update-variant/README.md
+++ b/modules/beta-private-cluster-update-variant/README.md
@@ -201,7 +201,7 @@ Then perform the following commands on the root folder:
| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
| firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | [
"8443",
"9443",
"15017"
]
| no |
| firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
-| gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no |
+| gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no |
| gke\_backup\_agent\_config | (Beta) Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
index 65ad65637..3af2360b3 100644
--- a/modules/beta-private-cluster-update-variant/cluster.tf
+++ b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -187,7 +187,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}
-
network_policy_config {
disabled = !var.network_policy
}
@@ -200,6 +199,14 @@ resource "google_container_cluster" "primary" {
enabled = var.filestore_csi_driver
}
+ dynamic "gce_persistent_disk_csi_driver_config" {
+ for_each = local.cluster_gce_pd_csi_config
+
+ content {
+ enabled = gce_persistent_disk_csi_driver_config.value.enabled
+ }
+ }
+
istio_config {
disabled = !var.istio
auth = var.istio_auth
@@ -213,14 +220,6 @@ resource "google_container_cluster" "primary" {
}
}
- dynamic "gce_persistent_disk_csi_driver_config" {
- for_each = local.cluster_gce_pd_csi_config
-
- content {
- enabled = gce_persistent_disk_csi_driver_config.value.enabled
- }
- }
-
kalm_config {
enabled = var.kalm_config
}
diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf
index 7f44dcec3..ca3604ef1 100644
--- a/modules/beta-private-cluster-update-variant/main.tf
+++ b/modules/beta-private-cluster-update-variant/main.tf
@@ -82,6 +82,7 @@ locals {
enabled = false
provider = null
}]
+ cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? {
load_balancer_type = var.cloudrun_load_balancer_type
} : {}
@@ -93,10 +94,9 @@ locals {
local.cluster_cloudrun_config_load_balancer_config
)
] : []
- cluster_cloudrun_enabled = var.cloudrun
- cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
- gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
- logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
+ cluster_cloudrun_enabled = var.cloudrun
+ gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
+ logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{
security_group = var.authenticator_security_group
diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
index de952e919..e2769759d 100644
--- a/modules/beta-private-cluster-update-variant/variables.tf
+++ b/modules/beta-private-cluster-update-variant/variables.tf
@@ -578,6 +578,12 @@ variable "cluster_dns_domain" {
default = ""
}
+variable "gce_pd_csi_driver" {
+ type = bool
+ description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
+ default = true
+}
+
variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
@@ -681,9 +687,3 @@ variable "enable_identity_service" {
description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
default = false
}
-
-variable "gce_pd_csi_driver" {
- type = bool
- description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
- default = false
-}
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
index 609205728..1e0b0c655 100644
--- a/modules/beta-private-cluster/README.md
+++ b/modules/beta-private-cluster/README.md
@@ -179,7 +179,7 @@ Then perform the following commands on the root folder:
| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
| firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | [
"8443",
"9443",
"15017"
]
| no |
| firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
-| gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no |
+| gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no |
| gke\_backup\_agent\_config | (Beta) Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
index 91210d684..0f34bed4b 100644
--- a/modules/beta-private-cluster/cluster.tf
+++ b/modules/beta-private-cluster/cluster.tf
@@ -187,7 +187,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}
-
network_policy_config {
disabled = !var.network_policy
}
@@ -200,6 +199,14 @@ resource "google_container_cluster" "primary" {
enabled = var.filestore_csi_driver
}
+ dynamic "gce_persistent_disk_csi_driver_config" {
+ for_each = local.cluster_gce_pd_csi_config
+
+ content {
+ enabled = gce_persistent_disk_csi_driver_config.value.enabled
+ }
+ }
+
istio_config {
disabled = !var.istio
auth = var.istio_auth
@@ -213,14 +220,6 @@ resource "google_container_cluster" "primary" {
}
}
- dynamic "gce_persistent_disk_csi_driver_config" {
- for_each = local.cluster_gce_pd_csi_config
-
- content {
- enabled = gce_persistent_disk_csi_driver_config.value.enabled
- }
- }
-
kalm_config {
enabled = var.kalm_config
}
diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf
index 7f44dcec3..ca3604ef1 100644
--- a/modules/beta-private-cluster/main.tf
+++ b/modules/beta-private-cluster/main.tf
@@ -82,6 +82,7 @@ locals {
enabled = false
provider = null
}]
+ cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? {
load_balancer_type = var.cloudrun_load_balancer_type
} : {}
@@ -93,10 +94,9 @@ locals {
local.cluster_cloudrun_config_load_balancer_config
)
] : []
- cluster_cloudrun_enabled = var.cloudrun
- cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
- gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
- logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
+ cluster_cloudrun_enabled = var.cloudrun
+ gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
+ logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{
security_group = var.authenticator_security_group
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
index de952e919..e2769759d 100644
--- a/modules/beta-private-cluster/variables.tf
+++ b/modules/beta-private-cluster/variables.tf
@@ -578,6 +578,12 @@ variable "cluster_dns_domain" {
default = ""
}
+variable "gce_pd_csi_driver" {
+ type = bool
+ description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
+ default = true
+}
+
variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
@@ -681,9 +687,3 @@ variable "enable_identity_service" {
description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
default = false
}
-
-variable "gce_pd_csi_driver" {
- type = bool
- description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
- default = false
-}
diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
index 756b7a012..141d34829 100644
--- a/modules/beta-public-cluster-update-variant/README.md
+++ b/modules/beta-public-cluster-update-variant/README.md
@@ -192,7 +192,7 @@ Then perform the following commands on the root folder:
| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
| firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | [
"8443",
"9443",
"15017"
]
| no |
| firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
-| gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no |
+| gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no |
| gke\_backup\_agent\_config | (Beta) Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
index 86ab23a8b..449423de4 100644
--- a/modules/beta-public-cluster-update-variant/cluster.tf
+++ b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -187,7 +187,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}
-
network_policy_config {
disabled = !var.network_policy
}
@@ -200,6 +199,14 @@ resource "google_container_cluster" "primary" {
enabled = var.filestore_csi_driver
}
+ dynamic "gce_persistent_disk_csi_driver_config" {
+ for_each = local.cluster_gce_pd_csi_config
+
+ content {
+ enabled = gce_persistent_disk_csi_driver_config.value.enabled
+ }
+ }
+
istio_config {
disabled = !var.istio
auth = var.istio_auth
@@ -213,14 +220,6 @@ resource "google_container_cluster" "primary" {
}
}
- dynamic "gce_persistent_disk_csi_driver_config" {
- for_each = local.cluster_gce_pd_csi_config
-
- content {
- enabled = gce_persistent_disk_csi_driver_config.value.enabled
- }
- }
-
kalm_config {
enabled = var.kalm_config
}
diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf
index 94d950d0e..0a4b4e126 100644
--- a/modules/beta-public-cluster-update-variant/main.tf
+++ b/modules/beta-public-cluster-update-variant/main.tf
@@ -82,6 +82,7 @@ locals {
enabled = false
provider = null
}]
+ cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? {
load_balancer_type = var.cloudrun_load_balancer_type
} : {}
@@ -93,10 +94,9 @@ locals {
local.cluster_cloudrun_config_load_balancer_config
)
] : []
- cluster_cloudrun_enabled = var.cloudrun
- cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
- gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
- logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
+ cluster_cloudrun_enabled = var.cloudrun
+ gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
+ logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{
security_group = var.authenticator_security_group
diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf
index 65ced5698..e0f03aacd 100644
--- a/modules/beta-public-cluster-update-variant/variables.tf
+++ b/modules/beta-public-cluster-update-variant/variables.tf
@@ -548,6 +548,12 @@ variable "cluster_dns_domain" {
default = ""
}
+variable "gce_pd_csi_driver" {
+ type = bool
+ description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
+ default = true
+}
+
variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
@@ -651,9 +657,3 @@ variable "enable_identity_service" {
description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
default = false
}
-
-variable "gce_pd_csi_driver" {
- type = bool
- description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
- default = false
-}
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
index dce731b40..cd197ff2f 100644
--- a/modules/beta-public-cluster/README.md
+++ b/modules/beta-public-cluster/README.md
@@ -170,7 +170,7 @@ Then perform the following commands on the root folder:
| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
| firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | [
"8443",
"9443",
"15017"
]
| no |
| firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
-| gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no |
+| gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no |
| gke\_backup\_agent\_config | (Beta) Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
index 1d17b229e..7854d50db 100644
--- a/modules/beta-public-cluster/cluster.tf
+++ b/modules/beta-public-cluster/cluster.tf
@@ -187,7 +187,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}
-
network_policy_config {
disabled = !var.network_policy
}
@@ -200,6 +199,14 @@ resource "google_container_cluster" "primary" {
enabled = var.filestore_csi_driver
}
+ dynamic "gce_persistent_disk_csi_driver_config" {
+ for_each = local.cluster_gce_pd_csi_config
+
+ content {
+ enabled = gce_persistent_disk_csi_driver_config.value.enabled
+ }
+ }
+
istio_config {
disabled = !var.istio
auth = var.istio_auth
@@ -213,14 +220,6 @@ resource "google_container_cluster" "primary" {
}
}
- dynamic "gce_persistent_disk_csi_driver_config" {
- for_each = local.cluster_gce_pd_csi_config
-
- content {
- enabled = gce_persistent_disk_csi_driver_config.value.enabled
- }
- }
-
kalm_config {
enabled = var.kalm_config
}
diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf
index 94d950d0e..0a4b4e126 100644
--- a/modules/beta-public-cluster/main.tf
+++ b/modules/beta-public-cluster/main.tf
@@ -82,6 +82,7 @@ locals {
enabled = false
provider = null
}]
+ cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? {
load_balancer_type = var.cloudrun_load_balancer_type
} : {}
@@ -93,10 +94,9 @@ locals {
local.cluster_cloudrun_config_load_balancer_config
)
] : []
- cluster_cloudrun_enabled = var.cloudrun
- cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
- gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
- logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
+ cluster_cloudrun_enabled = var.cloudrun
+ gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
+ logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{
security_group = var.authenticator_security_group
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
index 65ced5698..e0f03aacd 100644
--- a/modules/beta-public-cluster/variables.tf
+++ b/modules/beta-public-cluster/variables.tf
@@ -548,6 +548,12 @@ variable "cluster_dns_domain" {
default = ""
}
+variable "gce_pd_csi_driver" {
+ type = bool
+ description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
+ default = true
+}
+
variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
@@ -651,9 +657,3 @@ variable "enable_identity_service" {
description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
default = false
}
-
-variable "gce_pd_csi_driver" {
- type = bool
- description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
- default = false
-}
diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md
index 966550cb5..4adad8a1a 100644
--- a/modules/private-cluster-update-variant/README.md
+++ b/modules/private-cluster-update-variant/README.md
@@ -186,6 +186,7 @@ Then perform the following commands on the root folder:
| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
| firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | [
"8443",
"9443",
"15017"
]
| no |
| firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
+| gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
| http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no |
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
index 0d177c90e..034944c7f 100644
--- a/modules/private-cluster-update-variant/cluster.tf
+++ b/modules/private-cluster-update-variant/cluster.tf
@@ -131,7 +131,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}
-
network_policy_config {
disabled = !var.network_policy
}
@@ -143,6 +142,14 @@ resource "google_container_cluster" "primary" {
gcp_filestore_csi_driver_config {
enabled = var.filestore_csi_driver
}
+
+ dynamic "gce_persistent_disk_csi_driver_config" {
+ for_each = local.cluster_gce_pd_csi_config
+
+ content {
+ enabled = gce_persistent_disk_csi_driver_config.value.enabled
+ }
+ }
}
datapath_provider = var.datapath_provider
diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf
index b5a546d87..deacafb80 100644
--- a/modules/private-cluster-update-variant/main.tf
+++ b/modules/private-cluster-update-variant/main.tf
@@ -81,6 +81,7 @@ locals {
enabled = false
provider = null
}]
+ cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{
security_group = var.authenticator_security_group
diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf
index c3d3bb511..bf168068e 100644
--- a/modules/private-cluster-update-variant/variables.tf
+++ b/modules/private-cluster-update-variant/variables.tf
@@ -549,6 +549,12 @@ variable "cluster_dns_domain" {
default = ""
}
+variable "gce_pd_csi_driver" {
+ type = bool
+ description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
+ default = true
+}
+
variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md
index f4f5e0f6a..1d90996d9 100644
--- a/modules/private-cluster/README.md
+++ b/modules/private-cluster/README.md
@@ -164,6 +164,7 @@ Then perform the following commands on the root folder:
| filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
| firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | [
"8443",
"9443",
"15017"
]
| no |
| firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
+| gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no |
| grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no |
| horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
| http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no |
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
index f8dd0b8ce..5102b8a2f 100644
--- a/modules/private-cluster/cluster.tf
+++ b/modules/private-cluster/cluster.tf
@@ -131,7 +131,6 @@ resource "google_container_cluster" "primary" {
disabled = !var.horizontal_pod_autoscaling
}
-
network_policy_config {
disabled = !var.network_policy
}
@@ -143,6 +142,14 @@ resource "google_container_cluster" "primary" {
gcp_filestore_csi_driver_config {
enabled = var.filestore_csi_driver
}
+
+ dynamic "gce_persistent_disk_csi_driver_config" {
+ for_each = local.cluster_gce_pd_csi_config
+
+ content {
+ enabled = gce_persistent_disk_csi_driver_config.value.enabled
+ }
+ }
}
datapath_provider = var.datapath_provider
diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf
index b5a546d87..deacafb80 100644
--- a/modules/private-cluster/main.tf
+++ b/modules/private-cluster/main.tf
@@ -81,6 +81,7 @@ locals {
enabled = false
provider = null
}]
+ cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }]
cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{
security_group = var.authenticator_security_group
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
index c3d3bb511..bf168068e 100644
--- a/modules/private-cluster/variables.tf
+++ b/modules/private-cluster/variables.tf
@@ -549,6 +549,12 @@ variable "cluster_dns_domain" {
default = ""
}
+variable "gce_pd_csi_driver" {
+ type = bool
+ description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
+ default = true
+}
+
variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
diff --git a/variables.tf b/variables.tf
index a69178326..db2a9b774 100644
--- a/variables.tf
+++ b/variables.tf
@@ -519,6 +519,12 @@ variable "cluster_dns_domain" {
default = ""
}
+variable "gce_pd_csi_driver" {
+ type = bool
+ description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
+ default = true
+}
+
variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."