diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 663d9a8e9..d197879e4 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -235,9 +235,9 @@ resource "google_container_cluster" "primary" { } } {% endif %} + {% endif %} enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting - {% endif %} {% if beta_cluster %} enable_fqdn_network_policy = var.enable_fqdn_network_policy {% endif %} diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 32b57a5c1..d420ed96c 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -810,12 +810,12 @@ variable "config_connector" { default = false } +{% endif %} variable "enable_l4_ilb_subsetting" { type = bool description = "Enable L4 ILB Subsetting on the cluster" default = false } -{% endif %} {% if beta_cluster %} {% if autopilot_cluster != true %} diff --git a/examples/simple_autopilot_public/main.tf b/examples/simple_autopilot_public/main.tf index 451ef7031..dfad96d0d 100644 --- a/examples/simple_autopilot_public/main.tf +++ b/examples/simple_autopilot_public/main.tf @@ -48,4 +48,5 @@ module "gke" { enable_vertical_pod_autoscaling = true network_tags = [local.cluster_type] deletion_protection = false + enable_l4_ilb_subsetting = true } diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 5628cde23..dd10eb218 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -91,6 +91,7 @@ Then perform the following commands on the root folder: | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no | +| enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_private\_endpoint | Whether the master's internal IP address is used as the cluster endpoint | `bool` | `false` | no | | enable\_private\_nodes | Whether nodes have internal IP addresses only | `bool` | `false` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 4a08c7e25..c51ef9c66 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -84,6 +84,8 @@ resource "google_container_cluster" "primary" { vertical_pod_autoscaling { enabled = var.enable_vertical_pod_autoscaling } + + enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting enable_fqdn_network_policy = var.enable_fqdn_network_policy enable_autopilot = true dynamic "master_authorized_networks_config" { diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 9e5c223a8..8efc4a138 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -456,6 +456,11 @@ variable "timeouts" { } } +variable "enable_l4_ilb_subsetting" { + type = bool + description = "Enable L4 ILB Subsetting on the cluster" + default = false +} variable "allow_net_admin" { description = "(Optional) Enable NET_ADMIN for the cluster." type = bool diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 0e3c169df..bb063d68c 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -84,6 +84,7 @@ Then perform the following commands on the root folder: | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no | +| enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_resource\_consumption\_export | Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. | `bool` | `true` | no | | enable\_tpu | Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 9d9573fd3..c56f3a954 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -84,6 +84,8 @@ resource "google_container_cluster" "primary" { vertical_pod_autoscaling { enabled = var.enable_vertical_pod_autoscaling } + + enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting enable_fqdn_network_policy = var.enable_fqdn_network_policy enable_autopilot = true dynamic "master_authorized_networks_config" { diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index 0ecca7a1a..5a2d71d26 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -426,6 +426,11 @@ variable "timeouts" { } } +variable "enable_l4_ilb_subsetting" { + type = bool + description = "Enable L4 ILB Subsetting on the cluster" + default = false +} variable "allow_net_admin" { description = "(Optional) Enable NET_ADMIN for the cluster." type = bool