From ae6384899909cea52f1f50a140d7c85b335b64eb Mon Sep 17 00:00:00 2001 From: Tolsee Date: Wed, 23 Aug 2023 06:17:35 +0545 Subject: [PATCH] feat: promote config_connector_config to ga (#1559) Co-authored-by: Eric Zhao Co-authored-by: Andrew Peabody Co-authored-by: Bharath KKB Co-authored-by: Awais Malik --- README.md | 1 + autogen/main/cluster.tf.tmpl | 8 ++++---- autogen/main/variables.tf.tmpl | 12 ++++++------ autogen/safer-cluster/variables.tf.tmpl | 2 +- cluster.tf | 4 ++++ .../beta-private-cluster-update-variant/README.md | 2 +- .../beta-private-cluster-update-variant/cluster.tf | 8 ++++---- .../beta-private-cluster-update-variant/variables.tf | 12 ++++++------ modules/beta-private-cluster/README.md | 2 +- modules/beta-private-cluster/cluster.tf | 8 ++++---- modules/beta-private-cluster/variables.tf | 12 ++++++------ modules/beta-public-cluster-update-variant/README.md | 2 +- .../beta-public-cluster-update-variant/cluster.tf | 8 ++++---- .../beta-public-cluster-update-variant/variables.tf | 12 ++++++------ modules/beta-public-cluster/README.md | 2 +- modules/beta-public-cluster/cluster.tf | 8 ++++---- modules/beta-public-cluster/variables.tf | 12 ++++++------ modules/private-cluster-update-variant/README.md | 1 + modules/private-cluster-update-variant/cluster.tf | 4 ++++ modules/private-cluster-update-variant/variables.tf | 6 ++++++ modules/private-cluster/README.md | 1 + modules/private-cluster/cluster.tf | 4 ++++ modules/private-cluster/variables.tf | 6 ++++++ modules/safer-cluster-update-variant/README.md | 2 +- modules/safer-cluster-update-variant/variables.tf | 2 +- modules/safer-cluster/README.md | 2 +- modules/safer-cluster/variables.tf | 2 +- .../testdata/TestDisableClientCert.json | 1 + .../testdata/TestPrivateZonalWithNetworking.json | 1 + .../simple_regional/testdata/TestSimpleRegional.json | 1 + variables.tf | 6 ++++++ 31 files changed, 95 insertions(+), 59 deletions(-) diff --git a/README.md b/README.md index 774f9b043..51275aeff 100644 --- a/README.md +++ b/README.md @@ -141,6 +141,7 @@ Then perform the following commands on the root folder: | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 71e9720fa..3f3f20abb 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -286,6 +286,10 @@ resource "google_container_cluster" "primary" { enabled = gke_backup_agent_config.value.enabled } } + + config_connector_config { + enabled = var.config_connector + } {% endif %} {% if beta_cluster and autopilot_cluster != true %} @@ -305,10 +309,6 @@ resource "google_container_cluster" "primary" { kalm_config { enabled = var.kalm_config } - - config_connector_config { - enabled = var.config_connector - } {% endif %} } {% if autopilot_cluster != true %} diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 898031817..f720df4b3 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -711,6 +711,12 @@ variable "enable_kubernetes_alpha" { description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." default = false } + +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +} {% endif %} {% if beta_cluster %} {% if autopilot_cluster != true %} @@ -733,12 +739,6 @@ variable "kalm_config" { default = false } -variable "config_connector" { - type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." - default = false -} - variable "cloudrun" { description = "(Beta) Enable CloudRun addon" type = bool diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl index 66afc7d3c..22b17ea68 100644 --- a/autogen/safer-cluster/variables.tf.tmpl +++ b/autogen/safer-cluster/variables.tf.tmpl @@ -453,7 +453,7 @@ variable "firewall_inbound_ports" { variable "config_connector" { type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." + description = "Whether ConfigConnector is enabled for this cluster." default = false } diff --git a/cluster.tf b/cluster.tf index 4766e785e..c14f1f4d2 100644 --- a/cluster.tf +++ b/cluster.tf @@ -201,6 +201,10 @@ resource "google_container_cluster" "primary" { enabled = gke_backup_agent_config.value.enabled } } + + config_connector_config { + enabled = var.config_connector + } } datapath_provider = var.datapath_provider diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index fa58aa59a..f674977c3 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -176,7 +176,7 @@ Then perform the following commands on the root folder: | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | -| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 14677e0af..ec6c79a43 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -234,6 +234,10 @@ resource "google_container_cluster" "primary" { } } + config_connector_config { + enabled = var.config_connector + } + istio_config { disabled = !var.istio auth = var.istio_auth @@ -250,10 +254,6 @@ resource "google_container_cluster" "primary" { kalm_config { enabled = var.kalm_config } - - config_connector_config { - enabled = var.config_connector - } } datapath_provider = var.datapath_provider diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 99800c8bd..5e1607978 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -674,6 +674,12 @@ variable "enable_kubernetes_alpha" { default = false } +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +} + variable "istio" { description = "(Beta) Enable Istio addon" type = bool @@ -692,12 +698,6 @@ variable "kalm_config" { default = false } -variable "config_connector" { - type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." - default = false -} - variable "cloudrun" { description = "(Beta) Enable CloudRun addon" type = bool diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 82d295f23..b1897ba5d 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -154,7 +154,7 @@ Then perform the following commands on the root folder: | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | -| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 9daec34d2..8472c4a57 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -234,6 +234,10 @@ resource "google_container_cluster" "primary" { } } + config_connector_config { + enabled = var.config_connector + } + istio_config { disabled = !var.istio auth = var.istio_auth @@ -250,10 +254,6 @@ resource "google_container_cluster" "primary" { kalm_config { enabled = var.kalm_config } - - config_connector_config { - enabled = var.config_connector - } } datapath_provider = var.datapath_provider diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 99800c8bd..5e1607978 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -674,6 +674,12 @@ variable "enable_kubernetes_alpha" { default = false } +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +} + variable "istio" { description = "(Beta) Enable Istio addon" type = bool @@ -692,12 +698,6 @@ variable "kalm_config" { default = false } -variable "config_connector" { - type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." - default = false -} - variable "cloudrun" { description = "(Beta) Enable CloudRun addon" type = bool diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index c60f4ec79..c49044213 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -170,7 +170,7 @@ Then perform the following commands on the root folder: | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | -| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index a4a9b4d37..3068099d2 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -234,6 +234,10 @@ resource "google_container_cluster" "primary" { } } + config_connector_config { + enabled = var.config_connector + } + istio_config { disabled = !var.istio auth = var.istio_auth @@ -250,10 +254,6 @@ resource "google_container_cluster" "primary" { kalm_config { enabled = var.kalm_config } - - config_connector_config { - enabled = var.config_connector - } } datapath_provider = var.datapath_provider diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index a85dc63b6..9e1a8448b 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -644,6 +644,12 @@ variable "enable_kubernetes_alpha" { default = false } +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +} + variable "istio" { description = "(Beta) Enable Istio addon" type = bool @@ -662,12 +668,6 @@ variable "kalm_config" { default = false } -variable "config_connector" { - type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." - default = false -} - variable "cloudrun" { description = "(Beta) Enable CloudRun addon" type = bool diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 154247af2..8d38b524a 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -148,7 +148,7 @@ Then perform the following commands on the root folder: | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | -| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 72376a4e0..27a714fdc 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -234,6 +234,10 @@ resource "google_container_cluster" "primary" { } } + config_connector_config { + enabled = var.config_connector + } + istio_config { disabled = !var.istio auth = var.istio_auth @@ -250,10 +254,6 @@ resource "google_container_cluster" "primary" { kalm_config { enabled = var.kalm_config } - - config_connector_config { - enabled = var.config_connector - } } datapath_provider = var.datapath_provider diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index a85dc63b6..9e1a8448b 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -644,6 +644,12 @@ variable "enable_kubernetes_alpha" { default = false } +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +} + variable "istio" { description = "(Beta) Enable Istio addon" type = bool @@ -662,12 +668,6 @@ variable "kalm_config" { default = false } -variable "config_connector" { - type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." - default = false -} - variable "cloudrun" { description = "(Beta) Enable CloudRun addon" type = bool diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 18e5c5ca5..ee133e5ee 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -169,6 +169,7 @@ Then perform the following commands on the root folder: | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 9530a1221..f57916fba 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -201,6 +201,10 @@ resource "google_container_cluster" "primary" { enabled = gke_backup_agent_config.value.enabled } } + + config_connector_config { + enabled = var.config_connector + } } datapath_provider = var.datapath_provider diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 7ef790aa5..227d53f7d 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -644,3 +644,9 @@ variable "enable_kubernetes_alpha" { description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." default = false } + +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +} diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index fda1c04d8..c4923f0ff 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -147,6 +147,7 @@ Then perform the following commands on the root folder: | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 693fcff79..cc33e59b2 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -201,6 +201,10 @@ resource "google_container_cluster" "primary" { enabled = gke_backup_agent_config.value.enabled } } + + config_connector_config { + enabled = var.config_connector + } } datapath_provider = var.datapath_provider diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 7ef790aa5..227d53f7d 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -644,3 +644,9 @@ variable "enable_kubernetes_alpha" { description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." default = false } + +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +} diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md index 21eff2cba..eb7efac8d 100644 --- a/modules/safer-cluster-update-variant/README.md +++ b/modules/safer-cluster-update-variant/README.md @@ -210,7 +210,7 @@ For simplicity, we suggest using `roles/container.admin` and | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | compute\_engine\_service\_account | Use the given service account for nodes rather than creating a new dedicated service account. | `string` | `""` | no | -| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | | datapath\_provider | The desired datapath provider for this cluster. By default, `ADVANCED_DATAPATH` enables Dataplane-V2 feature. `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation as a fallback since upgrading to V2 requires a cluster re-creation. | `string` | `"ADVANCED_DATAPATH"` | no | | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no | diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf index 7a2f1a69d..6b6405d01 100644 --- a/modules/safer-cluster-update-variant/variables.tf +++ b/modules/safer-cluster-update-variant/variables.tf @@ -453,7 +453,7 @@ variable "firewall_inbound_ports" { variable "config_connector" { type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." + description = "Whether ConfigConnector is enabled for this cluster." default = false } diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md index 21eff2cba..eb7efac8d 100644 --- a/modules/safer-cluster/README.md +++ b/modules/safer-cluster/README.md @@ -210,7 +210,7 @@ For simplicity, we suggest using `roles/container.admin` and | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | compute\_engine\_service\_account | Use the given service account for nodes rather than creating a new dedicated service account. | `string` | `""` | no | -| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | | datapath\_provider | The desired datapath provider for this cluster. By default, `ADVANCED_DATAPATH` enables Dataplane-V2 feature. `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation as a fallback since upgrading to V2 requires a cluster re-creation. | `string` | `"ADVANCED_DATAPATH"` | no | | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no | diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf index 7a2f1a69d..6b6405d01 100644 --- a/modules/safer-cluster/variables.tf +++ b/modules/safer-cluster/variables.tf @@ -453,7 +453,7 @@ variable "firewall_inbound_ports" { variable "config_connector" { type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." + description = "Whether ConfigConnector is enabled for this cluster." default = false } diff --git a/test/integration/disable_client_cert/testdata/TestDisableClientCert.json b/test/integration/disable_client_cert/testdata/TestDisableClientCert.json index 9d58f326f..1718c9829 100755 --- a/test/integration/disable_client_cert/testdata/TestDisableClientCert.json +++ b/test/integration/disable_client_cert/testdata/TestDisableClientCert.json @@ -1,5 +1,6 @@ { "addonsConfig": { + "configConnectorConfig": {}, "dnsCacheConfig": {}, "gcePersistentDiskCsiDriverConfig": { "enabled": true diff --git a/test/integration/private_zonal_with_networking/testdata/TestPrivateZonalWithNetworking.json b/test/integration/private_zonal_with_networking/testdata/TestPrivateZonalWithNetworking.json index b2b000990..5d0cd6984 100755 --- a/test/integration/private_zonal_with_networking/testdata/TestPrivateZonalWithNetworking.json +++ b/test/integration/private_zonal_with_networking/testdata/TestPrivateZonalWithNetworking.json @@ -1,5 +1,6 @@ { "addonsConfig": { + "configConnectorConfig": {}, "dnsCacheConfig": {}, "gcePersistentDiskCsiDriverConfig": { "enabled": true diff --git a/test/integration/simple_regional/testdata/TestSimpleRegional.json b/test/integration/simple_regional/testdata/TestSimpleRegional.json index e251db79e..f39aca4e1 100644 --- a/test/integration/simple_regional/testdata/TestSimpleRegional.json +++ b/test/integration/simple_regional/testdata/TestSimpleRegional.json @@ -1,5 +1,6 @@ { "addonsConfig": { + "configConnectorConfig": {}, "dnsCacheConfig": {}, "gcePersistentDiskCsiDriverConfig": { "enabled": true diff --git a/variables.tf b/variables.tf index c69eac03f..b25846e0a 100644 --- a/variables.tf +++ b/variables.tf @@ -614,3 +614,9 @@ variable "enable_kubernetes_alpha" { description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." default = false } + +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +}