Merge branch 'master' into fix/promethus-enable

terraform-google-modules · Aug 25, 2023 · b734db5 · b734db5
2 parents 6aec917 + ae63848
commit b734db5
Show file tree

Hide file tree

Showing 36 changed files with 124 additions and 182 deletions.
diff --git a/README.md b/README.md
@@ -141,6 +141,7 @@ Then perform the following commands on the root folder:
 | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no |
 | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no |
 | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no |
+| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no |
 | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no |
 | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no |
 | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | <pre>[<br>  {<br>    "key_name": "",<br>    "state": "DECRYPTED"<br>  }<br>]</pre> | no |

diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
@@ -109,45 +109,22 @@ resource "google_container_cluster" "primary" {
   }
   {% if beta_cluster %}
   monitoring_service = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? null : var.monitoring_service
-  dynamic "monitoring_config" {
-    for_each = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? [1] : []
-    content{
-      enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : []
-      dynamic "managed_prometheus" {
-        for_each = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? [1] : []
-        content {
-          enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : []
-          dynamic "managed_prometheus" {
-            for_each = var.monitoring_enable_managed_prometheus ? [1] : []
-            content {
-              enabled = var.monitoring_enable_managed_prometheus
-            }
-          }
-        }
-      }
-    }
-  }
   {% else %}
   monitoring_service = local.logmon_config_is_set ? null : var.monitoring_service
+  {% endif %}
   dynamic "monitoring_config" {
+    {% if beta_cluster %}
+    for_each = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? [1] : []
+    {% else %}
     for_each = local.logmon_config_is_set || local.logmon_config_is_set ? [1] : []
+    {% endif %}
     content{
-      enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : []
-      dynamic "managed_prometheus" {
-        for_each = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? [1] : []
-        content {
-          enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : []
-          dynamic "managed_prometheus" {
-            for_each = var.monitoring_enable_managed_prometheus ? [1] : []
-            content {
-              enabled = var.monitoring_enable_managed_prometheus
-            }
-          }
-        }
+      enable_components = var.monitoring_enabled_components
+      managed_prometheus {
+        enabled = var.monitoring_enable_managed_prometheus
       }
     }
   }
-  {% endif %}
   cluster_autoscaling {
     enabled = var.cluster_autoscaling.enabled
     dynamic "auto_provisioning_defaults" {
@@ -307,6 +284,10 @@ resource "google_container_cluster" "primary" {
         enabled = gke_backup_agent_config.value.enabled
       }
     }
+
+    config_connector_config {
+      enabled = var.config_connector
+    }
     {% endif %}
     {% if beta_cluster and autopilot_cluster != true %}
 
@@ -326,10 +307,6 @@ resource "google_container_cluster" "primary" {
     kalm_config {
       enabled = var.kalm_config
     }
-
-    config_connector_config {
-      enabled = var.config_connector
-    }
     {% endif %}
   }
   {% if autopilot_cluster != true %}

diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
@@ -711,6 +711,12 @@ variable "enable_kubernetes_alpha" {
   description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days."
   default     = false
 }
+
+variable "config_connector" {
+  type        = bool
+  description = "Whether ConfigConnector is enabled for this cluster."
+  default     = false
+}
 {% endif %}
 {% if beta_cluster %}
   {% if autopilot_cluster != true %}
@@ -733,12 +739,6 @@ variable "kalm_config" {
   default     = false
 }
 
-variable "config_connector" {
-  type        = bool
-  description = "(Beta) Whether ConfigConnector is enabled for this cluster."
-  default     = false
-}
-
 variable "cloudrun" {
   description = "(Beta) Enable CloudRun addon"
   type        = bool

diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl
@@ -453,7 +453,7 @@ variable "firewall_inbound_ports" {
 
 variable "config_connector" {
   type        = bool
-  description = "(Beta) Whether ConfigConnector is enabled for this cluster."
+  description = "Whether ConfigConnector is enabled for this cluster."
   default     = false
 }
 

diff --git a/cluster.tf b/cluster.tf
@@ -84,18 +84,9 @@ resource "google_container_cluster" "primary" {
   dynamic "monitoring_config" {
     for_each = local.logmon_config_is_set || local.logmon_config_is_set ? [1] : []
     content {
-      enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : []
-      dynamic "managed_prometheus" {
-        for_each = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? [1] : []
-        content {
-          enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : []
-          dynamic "managed_prometheus" {
-            for_each = var.monitoring_enable_managed_prometheus ? [1] : []
-            content {
-              enabled = var.monitoring_enable_managed_prometheus
-            }
-          }
-        }
+      enable_components = var.monitoring_enabled_components
+      managed_prometheus {
+        enabled = var.monitoring_enable_managed_prometheus
       }
     }
   }
@@ -204,6 +195,10 @@ resource "google_container_cluster" "primary" {
         enabled = gke_backup_agent_config.value.enabled
       }
     }
+
+    config_connector_config {
+      enabled = var.config_connector
+    }
   }
 
   datapath_provider = var.datapath_provider

diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
@@ -176,7 +176,7 @@ Then perform the following commands on the root folder:
 | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no |
 | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no |
 | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no |
-| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no |
+| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no |
 | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no |
 | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no |
 | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | <pre>[<br>  {<br>    "key_name": "",<br>    "state": "DECRYPTED"<br>  }<br>]</pre> | no |

diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -96,18 +96,9 @@ resource "google_container_cluster" "primary" {
   dynamic "monitoring_config" {
     for_each = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? [1] : []
     content {
-      enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : []
-      dynamic "managed_prometheus" {
-        for_each = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? [1] : []
-        content {
-          enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : []
-          dynamic "managed_prometheus" {
-            for_each = var.monitoring_enable_managed_prometheus ? [1] : []
-            content {
-              enabled = var.monitoring_enable_managed_prometheus
-            }
-          }
-        }
+      enable_components = var.monitoring_enabled_components
+      managed_prometheus {
+        enabled = var.monitoring_enable_managed_prometheus
       }
     }
   }
@@ -237,6 +228,10 @@ resource "google_container_cluster" "primary" {
       }
     }
 
+    config_connector_config {
+      enabled = var.config_connector
+    }
+
     istio_config {
       disabled = !var.istio
       auth     = var.istio_auth
@@ -253,10 +248,6 @@ resource "google_container_cluster" "primary" {
     kalm_config {
       enabled = var.kalm_config
     }
-
-    config_connector_config {
-      enabled = var.config_connector
-    }
   }
 
   datapath_provider = var.datapath_provider

diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
@@ -674,6 +674,12 @@ variable "enable_kubernetes_alpha" {
   default     = false
 }
 
+variable "config_connector" {
+  type        = bool
+  description = "Whether ConfigConnector is enabled for this cluster."
+  default     = false
+}
+
 variable "istio" {
   description = "(Beta) Enable Istio addon"
   type        = bool
@@ -692,12 +698,6 @@ variable "kalm_config" {
   default     = false
 }
 
-variable "config_connector" {
-  type        = bool
-  description = "(Beta) Whether ConfigConnector is enabled for this cluster."
-  default     = false
-}
-
 variable "cloudrun" {
   description = "(Beta) Enable CloudRun addon"
   type        = bool

diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
@@ -154,7 +154,7 @@ Then perform the following commands on the root folder:
 | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no |
 | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no |
 | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no |
-| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no |
+| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no |
 | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no |
 | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no |
 | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | <pre>[<br>  {<br>    "key_name": "",<br>    "state": "DECRYPTED"<br>  }<br>]</pre> | no |

diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
@@ -96,18 +96,9 @@ resource "google_container_cluster" "primary" {
   dynamic "monitoring_config" {
     for_each = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? [1] : []
     content {
-      enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : []
-      dynamic "managed_prometheus" {
-        for_each = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? [1] : []
-        content {
-          enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : []
-          dynamic "managed_prometheus" {
-            for_each = var.monitoring_enable_managed_prometheus ? [1] : []
-            content {
-              enabled = var.monitoring_enable_managed_prometheus
-            }
-          }
-        }
+      enable_components = var.monitoring_enabled_components
+      managed_prometheus {
+        enabled = var.monitoring_enable_managed_prometheus
       }
     }
   }
@@ -237,6 +228,10 @@ resource "google_container_cluster" "primary" {
       }
     }
 
+    config_connector_config {
+      enabled = var.config_connector
+    }
+
     istio_config {
       disabled = !var.istio
       auth     = var.istio_auth
@@ -253,10 +248,6 @@ resource "google_container_cluster" "primary" {
     kalm_config {
       enabled = var.kalm_config
     }
-
-    config_connector_config {
-      enabled = var.config_connector
-    }
   }
 
   datapath_provider = var.datapath_provider

diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
@@ -674,6 +674,12 @@ variable "enable_kubernetes_alpha" {
   default     = false
 }
 
+variable "config_connector" {
+  type        = bool
+  description = "Whether ConfigConnector is enabled for this cluster."
+  default     = false
+}
+
 variable "istio" {
   description = "(Beta) Enable Istio addon"
   type        = bool
@@ -692,12 +698,6 @@ variable "kalm_config" {
   default     = false
 }
 
-variable "config_connector" {
-  type        = bool
-  description = "(Beta) Whether ConfigConnector is enabled for this cluster."
-  default     = false
-}
-
 variable "cloudrun" {
   description = "(Beta) Enable CloudRun addon"
   type        = bool

diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
@@ -170,7 +170,7 @@ Then perform the following commands on the root folder:
 | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no |
 | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no |
 | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no |
-| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no |
+| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no |
 | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no |
 | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no |
 | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | <pre>[<br>  {<br>    "key_name": "",<br>    "state": "DECRYPTED"<br>  }<br>]</pre> | no |

diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -96,18 +96,9 @@ resource "google_container_cluster" "primary" {
   dynamic "monitoring_config" {
     for_each = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? [1] : []
     content {
-      enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : []
-      dynamic "managed_prometheus" {
-        for_each = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? [1] : []
-        content {
-          enable_components = length(var.monitoring_enabled_components) > 0 ? var.monitoring_enabled_components : []
-          dynamic "managed_prometheus" {
-            for_each = var.monitoring_enable_managed_prometheus ? [1] : []
-            content {
-              enabled = var.monitoring_enable_managed_prometheus
-            }
-          }
-        }
+      enable_components = var.monitoring_enabled_components
+      managed_prometheus {
+        enabled = var.monitoring_enable_managed_prometheus
       }
     }
   }
@@ -237,6 +228,10 @@ resource "google_container_cluster" "primary" {
       }
     }
 
+    config_connector_config {
+      enabled = var.config_connector
+    }
+
     istio_config {
       disabled = !var.istio
       auth     = var.istio_auth
@@ -253,10 +248,6 @@ resource "google_container_cluster" "primary" {
     kalm_config {
       enabled = var.kalm_config
     }
-
-    config_connector_config {
-      enabled = var.config_connector
-    }
   }
 
   datapath_provider = var.datapath_provider

diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf
@@ -644,6 +644,12 @@ variable "enable_kubernetes_alpha" {
   default     = false
 }
 
+variable "config_connector" {
+  type        = bool
+  description = "Whether ConfigConnector is enabled for this cluster."
+  default     = false
+}
+
 variable "istio" {
   description = "(Beta) Enable Istio addon"
   type        = bool
@@ -662,12 +668,6 @@ variable "kalm_config" {
   default     = false
 }
 
-variable "config_connector" {
-  type        = bool
-  description = "(Beta) Whether ConfigConnector is enabled for this cluster."
-  default     = false
-}
-
 variable "cloudrun" {
   description = "(Beta) Enable CloudRun addon"
   type        = bool

diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
@@ -148,7 +148,7 @@ Then perform the following commands on the root folder:
 | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no |
 | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no |
 | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no |
-| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no |
+| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no |
 | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no |
 | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no |
 | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | <pre>[<br>  {<br>    "key_name": "",<br>    "state": "DECRYPTED"<br>  }<br>]</pre> | no |