diff --git a/README.md b/README.md
index 21f945a86..3ac5b03b7 100644
--- a/README.md
+++ b/README.md
@@ -228,6 +228,7 @@ Then perform the following commands on the root folder:
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
| stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no |
+| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
index e09755281..c6028215d 100644
--- a/autogen/main/cluster.tf.tmpl
+++ b/autogen/main/cluster.tf.tmpl
@@ -309,6 +309,14 @@ resource "google_container_cluster" "primary" {
}
}
+ dynamic "stateful_ha_config" {
+ for_each = local.stateful_ha_config
+
+ content {
+ enabled = stateful_ha_config.value.enabled
+ }
+ }
+
config_connector_config {
enabled = var.config_connector
}
diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl
index 49b847fcb..11b15736b 100644
--- a/autogen/main/main.tf.tmpl
+++ b/autogen/main/main.tf.tmpl
@@ -109,6 +109,7 @@ locals {
logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : []
+ stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : []
{% endif %}
{% if beta_cluster and autopilot_cluster != true %}
cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? {
diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
index 663a10661..e807f8737 100644
--- a/autogen/main/variables.tf.tmpl
+++ b/autogen/main/variables.tf.tmpl
@@ -725,6 +725,12 @@ variable "gcs_fuse_csi_driver" {
default = false
}
+variable "stateful_ha" {
+ type = bool
+ description = "Whether the Stateful HA Addon is enabled for this cluster."
+ default = false
+}
+
{% endif %}
variable "timeouts" {
type = map(string)
diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl
index 4dbcebeca..31c1e0d04 100644
--- a/autogen/main/versions.tf.tmpl
+++ b/autogen/main/versions.tf.tmpl
@@ -24,11 +24,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.9.0, < 6"
+ version = ">= 5.25.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.9.0, < 6"
+ version = ">= 5.25.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/cluster.tf b/cluster.tf
index e945124d1..c67758d5e 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -229,6 +229,14 @@ resource "google_container_cluster" "primary" {
}
}
+ dynamic "stateful_ha_config" {
+ for_each = local.stateful_ha_config
+
+ content {
+ enabled = stateful_ha_config.value.enabled
+ }
+ }
+
config_connector_config {
enabled = var.config_connector
}
diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf
index 11a34fa0c..5fc839611 100644
--- a/examples/simple_regional/main.tf
+++ b/examples/simple_regional/main.tf
@@ -45,4 +45,5 @@ module "gke" {
gcs_fuse_csi_driver = true
fleet_project = var.project_id
deletion_protection = false
+ stateful_ha = true
}
diff --git a/main.tf b/main.tf
index 4025b6063..2536671a1 100644
--- a/main.tf
+++ b/main.tf
@@ -94,6 +94,7 @@ locals {
logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : []
+ stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : []
cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{
security_group = var.authenticator_security_group
diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf
index 1d0a0e598..7580b366e 100644
--- a/modules/beta-autopilot-private-cluster/versions.tf
+++ b/modules/beta-autopilot-private-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.9.0, < 6"
+ version = ">= 5.25.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.9.0, < 6"
+ version = ">= 5.25.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf
index 073f85124..5cf26c9d4 100644
--- a/modules/beta-autopilot-public-cluster/versions.tf
+++ b/modules/beta-autopilot-public-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.9.0, < 6"
+ version = ">= 5.25.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.9.0, < 6"
+ version = ">= 5.25.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
index cbf79f906..095c7c9ba 100644
--- a/modules/beta-private-cluster-update-variant/README.md
+++ b/modules/beta-private-cluster-update-variant/README.md
@@ -278,6 +278,7 @@ Then perform the following commands on the root folder:
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
| stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no |
+| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
index d2adf527b..fc9b5085b 100644
--- a/modules/beta-private-cluster-update-variant/cluster.tf
+++ b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -252,6 +252,14 @@ resource "google_container_cluster" "primary" {
}
}
+ dynamic "stateful_ha_config" {
+ for_each = local.stateful_ha_config
+
+ content {
+ enabled = stateful_ha_config.value.enabled
+ }
+ }
+
config_connector_config {
enabled = var.config_connector
}
diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf
index f7ef1e33d..3389a4a7a 100644
--- a/modules/beta-private-cluster-update-variant/main.tf
+++ b/modules/beta-private-cluster-update-variant/main.tf
@@ -94,6 +94,7 @@ locals {
logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : []
+ stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : []
cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? {
load_balancer_type = var.cloudrun_load_balancer_type
} : {}
diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
index 03742b150..270105e6b 100644
--- a/modules/beta-private-cluster-update-variant/variables.tf
+++ b/modules/beta-private-cluster-update-variant/variables.tf
@@ -696,6 +696,12 @@ variable "gcs_fuse_csi_driver" {
default = false
}
+variable "stateful_ha" {
+ type = bool
+ description = "Whether the Stateful HA Addon is enabled for this cluster."
+ default = false
+}
+
variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf
index b5a118d0d..3d48de936 100644
--- a/modules/beta-private-cluster-update-variant/versions.tf
+++ b/modules/beta-private-cluster-update-variant/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.9.0, < 6"
+ version = ">= 5.25.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.9.0, < 6"
+ version = ">= 5.25.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
index 0293e59c6..4808bf3f4 100644
--- a/modules/beta-private-cluster/README.md
+++ b/modules/beta-private-cluster/README.md
@@ -256,6 +256,7 @@ Then perform the following commands on the root folder:
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
| stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no |
+| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
index 22ca1b782..46bbae50c 100644
--- a/modules/beta-private-cluster/cluster.tf
+++ b/modules/beta-private-cluster/cluster.tf
@@ -252,6 +252,14 @@ resource "google_container_cluster" "primary" {
}
}
+ dynamic "stateful_ha_config" {
+ for_each = local.stateful_ha_config
+
+ content {
+ enabled = stateful_ha_config.value.enabled
+ }
+ }
+
config_connector_config {
enabled = var.config_connector
}
diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf
index f7ef1e33d..3389a4a7a 100644
--- a/modules/beta-private-cluster/main.tf
+++ b/modules/beta-private-cluster/main.tf
@@ -94,6 +94,7 @@ locals {
logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : []
+ stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : []
cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? {
load_balancer_type = var.cloudrun_load_balancer_type
} : {}
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
index 03742b150..270105e6b 100644
--- a/modules/beta-private-cluster/variables.tf
+++ b/modules/beta-private-cluster/variables.tf
@@ -696,6 +696,12 @@ variable "gcs_fuse_csi_driver" {
default = false
}
+variable "stateful_ha" {
+ type = bool
+ description = "Whether the Stateful HA Addon is enabled for this cluster."
+ default = false
+}
+
variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf
index 2232e58ef..1b0043e5e 100644
--- a/modules/beta-private-cluster/versions.tf
+++ b/modules/beta-private-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.9.0, < 6"
+ version = ">= 5.25.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.9.0, < 6"
+ version = ">= 5.25.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
index 61707e4a3..ad82e7ee6 100644
--- a/modules/beta-public-cluster-update-variant/README.md
+++ b/modules/beta-public-cluster-update-variant/README.md
@@ -267,6 +267,7 @@ Then perform the following commands on the root folder:
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
| stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no |
+| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
index 2d7b25218..2845da381 100644
--- a/modules/beta-public-cluster-update-variant/cluster.tf
+++ b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -252,6 +252,14 @@ resource "google_container_cluster" "primary" {
}
}
+ dynamic "stateful_ha_config" {
+ for_each = local.stateful_ha_config
+
+ content {
+ enabled = stateful_ha_config.value.enabled
+ }
+ }
+
config_connector_config {
enabled = var.config_connector
}
diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf
index d92b11fad..a14251068 100644
--- a/modules/beta-public-cluster-update-variant/main.tf
+++ b/modules/beta-public-cluster-update-variant/main.tf
@@ -94,6 +94,7 @@ locals {
logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : []
+ stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : []
cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? {
load_balancer_type = var.cloudrun_load_balancer_type
} : {}
diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf
index 2490cfd33..17508a59b 100644
--- a/modules/beta-public-cluster-update-variant/variables.tf
+++ b/modules/beta-public-cluster-update-variant/variables.tf
@@ -666,6 +666,12 @@ variable "gcs_fuse_csi_driver" {
default = false
}
+variable "stateful_ha" {
+ type = bool
+ description = "Whether the Stateful HA Addon is enabled for this cluster."
+ default = false
+}
+
variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf
index bbfa6c9a9..1c2823a6b 100644
--- a/modules/beta-public-cluster-update-variant/versions.tf
+++ b/modules/beta-public-cluster-update-variant/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.9.0, < 6"
+ version = ">= 5.25.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.9.0, < 6"
+ version = ">= 5.25.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
index 939fd0f46..adca29f57 100644
--- a/modules/beta-public-cluster/README.md
+++ b/modules/beta-public-cluster/README.md
@@ -245,6 +245,7 @@ Then perform the following commands on the root folder:
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
| stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no |
+| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
index b634e2a41..233e59765 100644
--- a/modules/beta-public-cluster/cluster.tf
+++ b/modules/beta-public-cluster/cluster.tf
@@ -252,6 +252,14 @@ resource "google_container_cluster" "primary" {
}
}
+ dynamic "stateful_ha_config" {
+ for_each = local.stateful_ha_config
+
+ content {
+ enabled = stateful_ha_config.value.enabled
+ }
+ }
+
config_connector_config {
enabled = var.config_connector
}
diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf
index d92b11fad..a14251068 100644
--- a/modules/beta-public-cluster/main.tf
+++ b/modules/beta-public-cluster/main.tf
@@ -94,6 +94,7 @@ locals {
logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : []
+ stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : []
cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? {
load_balancer_type = var.cloudrun_load_balancer_type
} : {}
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
index 2490cfd33..17508a59b 100644
--- a/modules/beta-public-cluster/variables.tf
+++ b/modules/beta-public-cluster/variables.tf
@@ -666,6 +666,12 @@ variable "gcs_fuse_csi_driver" {
default = false
}
+variable "stateful_ha" {
+ type = bool
+ description = "Whether the Stateful HA Addon is enabled for this cluster."
+ default = false
+}
+
variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf
index c5f1cb654..02d99f1f8 100644
--- a/modules/beta-public-cluster/versions.tf
+++ b/modules/beta-public-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 5.9.0, < 6"
+ version = ">= 5.25.0, < 6"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 5.9.0, < 6"
+ version = ">= 5.25.0, < 6"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md
index 2771ea8bf..d1b4b25ca 100644
--- a/modules/private-cluster-update-variant/README.md
+++ b/modules/private-cluster-update-variant/README.md
@@ -261,6 +261,7 @@ Then perform the following commands on the root folder:
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
| stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no |
+| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
index 51447d8df..a1b98e44a 100644
--- a/modules/private-cluster-update-variant/cluster.tf
+++ b/modules/private-cluster-update-variant/cluster.tf
@@ -229,6 +229,14 @@ resource "google_container_cluster" "primary" {
}
}
+ dynamic "stateful_ha_config" {
+ for_each = local.stateful_ha_config
+
+ content {
+ enabled = stateful_ha_config.value.enabled
+ }
+ }
+
config_connector_config {
enabled = var.config_connector
}
diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf
index f2a6e28ea..fb7f0edf1 100644
--- a/modules/private-cluster-update-variant/main.tf
+++ b/modules/private-cluster-update-variant/main.tf
@@ -94,6 +94,7 @@ locals {
logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : []
+ stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : []
cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{
security_group = var.authenticator_security_group
diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf
index e7e2e0e5d..408517098 100644
--- a/modules/private-cluster-update-variant/variables.tf
+++ b/modules/private-cluster-update-variant/variables.tf
@@ -672,6 +672,12 @@ variable "gcs_fuse_csi_driver" {
default = false
}
+variable "stateful_ha" {
+ type = bool
+ description = "Whether the Stateful HA Addon is enabled for this cluster."
+ default = false
+}
+
variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md
index d27738eb3..1500378df 100644
--- a/modules/private-cluster/README.md
+++ b/modules/private-cluster/README.md
@@ -239,6 +239,7 @@ Then perform the following commands on the root folder:
| shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. | object({
metadata = string
}) | {
"metadata": "INCLUDE_ALL_METADATA"
} | no |
| shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
| stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no |
+| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no |
| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
| subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
index ff0902406..9dcb9055e 100644
--- a/modules/private-cluster/cluster.tf
+++ b/modules/private-cluster/cluster.tf
@@ -229,6 +229,14 @@ resource "google_container_cluster" "primary" {
}
}
+ dynamic "stateful_ha_config" {
+ for_each = local.stateful_ha_config
+
+ content {
+ enabled = stateful_ha_config.value.enabled
+ }
+ }
+
config_connector_config {
enabled = var.config_connector
}
diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf
index f2a6e28ea..fb7f0edf1 100644
--- a/modules/private-cluster/main.tf
+++ b/modules/private-cluster/main.tf
@@ -94,6 +94,7 @@ locals {
logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus
gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }]
gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : []
+ stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : []
cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{
security_group = var.authenticator_security_group
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
index e7e2e0e5d..408517098 100644
--- a/modules/private-cluster/variables.tf
+++ b/modules/private-cluster/variables.tf
@@ -672,6 +672,12 @@ variable "gcs_fuse_csi_driver" {
default = false
}
+variable "stateful_ha" {
+ type = bool
+ description = "Whether the Stateful HA Addon is enabled for this cluster."
+ default = false
+}
+
variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."
diff --git a/test/integration/simple_regional/testdata/TestSimpleRegional.json b/test/integration/simple_regional/testdata/TestSimpleRegional.json
index 1c22283dd..85c8e55db 100644
--- a/test/integration/simple_regional/testdata/TestSimpleRegional.json
+++ b/test/integration/simple_regional/testdata/TestSimpleRegional.json
@@ -17,6 +17,9 @@
},
"networkPolicyConfig": {
"disabled": true
+ },
+ "statefulHaConfig": {
+ "enabled": true
}
},
"autopilot": {},
diff --git a/variables.tf b/variables.tf
index 198902050..17bc3245f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -642,6 +642,12 @@ variable "gcs_fuse_csi_driver" {
default = false
}
+variable "stateful_ha" {
+ type = bool
+ description = "Whether the Stateful HA Addon is enabled for this cluster."
+ default = false
+}
+
variable "timeouts" {
type = map(string)
description = "Timeout for cluster operations."