diff --git a/README.md b/README.md
index 45881e57f..fdb677beb 100644
--- a/README.md
+++ b/README.md
@@ -135,6 +135,7 @@ Then perform the following commands on the root folder:
| add\_cluster\_firewall\_rules | Create additional firewall rules | `bool` | `false` | no |
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
+| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
index 6312993cb..69da5b71c 100644
--- a/autogen/main/cluster.tf.tmpl
+++ b/autogen/main/cluster.tf.tmpl
@@ -337,6 +337,12 @@ resource "google_container_cluster" "primary" {
ip_allocation_policy {
cluster_secondary_range_name = var.ip_range_pods
services_secondary_range_name = var.ip_range_services
+ dynamic "additional_pod_ranges_config" {
+ for_each = length(var.additional_ip_range_pods) != 0 ? [1] : []
+ content {
+ pod_range_names = var.additional_ip_range_pods
+ }
+ }
}
maintenance_policy {
diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl
index 26c410d5f..7d3110e83 100644
--- a/autogen/main/main.tf.tmpl
+++ b/autogen/main/main.tf.tmpl
@@ -90,9 +90,9 @@ locals {
cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}
{% if autopilot_cluster != true %}
- pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for k, v in merge(local.node_pools, local.windows_node_pools): local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0] )) : []
+ pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for range in var.additional_ip_range_pods : local.cluster_alias_ranges_cidr[range] if length(range) > 0], [for k, v in merge(local.node_pools, local.windows_node_pools) : local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0])) : []
{% else %}
- pod_all_ip_ranges = var.add_cluster_firewall_rules ? [local.cluster_alias_ranges_cidr[var.ip_range_pods]] : []
+ pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for range in var.additional_ip_range_pods : local.cluster_alias_ranges_cidr[range] if length(range) > 0])) : []
{% endif %}
{% if autopilot_cluster != true %}
diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
index 2525d0724..e7a2e77f2 100644
--- a/autogen/main/variables.tf.tmpl
+++ b/autogen/main/variables.tf.tmpl
@@ -139,6 +139,12 @@ variable "ip_range_pods" {
description = "The _name_ of the secondary subnet ip range to use for pods"
}
+variable "additional_ip_range_pods" {
+ type = list(string)
+ description = "List of _names_ of the additional secondary subnet ip ranges to use for pods"
+ default = []
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services"
diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl
index 784680c9b..d2a2b93b4 100644
--- a/autogen/main/versions.tf.tmpl
+++ b/autogen/main/versions.tf.tmpl
@@ -24,11 +24,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
kubernetes = {
source = "hashicorp/kubernetes"
@@ -46,7 +46,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/cluster.tf b/cluster.tf
index 5767bce6d..8334f7db0 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -220,6 +220,12 @@ resource "google_container_cluster" "primary" {
ip_allocation_policy {
cluster_secondary_range_name = var.ip_range_pods
services_secondary_range_name = var.ip_range_services
+ dynamic "additional_pod_ranges_config" {
+ for_each = length(var.additional_ip_range_pods) != 0 ? [1] : []
+ content {
+ pod_range_names = var.additional_ip_range_pods
+ }
+ }
}
maintenance_policy {
diff --git a/main.tf b/main.tf
index 2cf487799..1aa928a20 100644
--- a/main.tf
+++ b/main.tf
@@ -79,7 +79,7 @@ locals {
cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}
- pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for k, v in merge(local.node_pools, local.windows_node_pools) : local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0])) : []
+ pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for range in var.additional_ip_range_pods : local.cluster_alias_ranges_cidr[range] if length(range) > 0], [for k, v in merge(local.node_pools, local.windows_node_pools) : local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0])) : []
cluster_network_policy = var.network_policy ? [{
enabled = true
diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md
index bda0297ff..ee45b31d3 100644
--- a/modules/beta-autopilot-private-cluster/README.md
+++ b/modules/beta-autopilot-private-cluster/README.md
@@ -74,6 +74,7 @@ Then perform the following commands on the root folder:
| add\_cluster\_firewall\_rules | Create additional firewall rules | `bool` | `false` | no |
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
+| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no |
| cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no |
diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf
index 5e79c23da..7ed8a9fd1 100644
--- a/modules/beta-autopilot-private-cluster/cluster.tf
+++ b/modules/beta-autopilot-private-cluster/cluster.tf
@@ -138,6 +138,12 @@ resource "google_container_cluster" "primary" {
ip_allocation_policy {
cluster_secondary_range_name = var.ip_range_pods
services_secondary_range_name = var.ip_range_services
+ dynamic "additional_pod_ranges_config" {
+ for_each = length(var.additional_ip_range_pods) != 0 ? [1] : []
+ content {
+ pod_range_names = var.additional_ip_range_pods
+ }
+ }
}
maintenance_policy {
diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf
index dd7466ff3..897a6bce8 100644
--- a/modules/beta-autopilot-private-cluster/main.tf
+++ b/modules/beta-autopilot-private-cluster/main.tf
@@ -62,7 +62,7 @@ locals {
cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}
- pod_all_ip_ranges = var.add_cluster_firewall_rules ? [local.cluster_alias_ranges_cidr[var.ip_range_pods]] : []
+ pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for range in var.additional_ip_range_pods : local.cluster_alias_ranges_cidr[range] if length(range) > 0])) : []
cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{
diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf
index 86483f30d..b3171164c 100644
--- a/modules/beta-autopilot-private-cluster/variables.tf
+++ b/modules/beta-autopilot-private-cluster/variables.tf
@@ -131,6 +131,12 @@ variable "ip_range_pods" {
description = "The _name_ of the secondary subnet ip range to use for pods"
}
+variable "additional_ip_range_pods" {
+ type = list(string)
+ description = "List of _names_ of the additional secondary subnet ip ranges to use for pods"
+ default = []
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services"
diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf
index 1e0bb3f35..94a6a4feb 100644
--- a/modules/beta-autopilot-private-cluster/versions.tf
+++ b/modules/beta-autopilot-private-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md
index f788a817a..5b7da3d32 100644
--- a/modules/beta-autopilot-public-cluster/README.md
+++ b/modules/beta-autopilot-public-cluster/README.md
@@ -68,6 +68,7 @@ Then perform the following commands on the root folder:
| add\_cluster\_firewall\_rules | Create additional firewall rules | `bool` | `false` | no |
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
+| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no |
| cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no |
diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf
index 4c9569106..901ffe488 100644
--- a/modules/beta-autopilot-public-cluster/cluster.tf
+++ b/modules/beta-autopilot-public-cluster/cluster.tf
@@ -138,6 +138,12 @@ resource "google_container_cluster" "primary" {
ip_allocation_policy {
cluster_secondary_range_name = var.ip_range_pods
services_secondary_range_name = var.ip_range_services
+ dynamic "additional_pod_ranges_config" {
+ for_each = length(var.additional_ip_range_pods) != 0 ? [1] : []
+ content {
+ pod_range_names = var.additional_ip_range_pods
+ }
+ }
}
maintenance_policy {
diff --git a/modules/beta-autopilot-public-cluster/main.tf b/modules/beta-autopilot-public-cluster/main.tf
index 874bbb76f..09183c0c7 100644
--- a/modules/beta-autopilot-public-cluster/main.tf
+++ b/modules/beta-autopilot-public-cluster/main.tf
@@ -62,7 +62,7 @@ locals {
cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}
- pod_all_ip_ranges = var.add_cluster_firewall_rules ? [local.cluster_alias_ranges_cidr[var.ip_range_pods]] : []
+ pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for range in var.additional_ip_range_pods : local.cluster_alias_ranges_cidr[range] if length(range) > 0])) : []
cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{
diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf
index c8776f685..0cbb512b9 100644
--- a/modules/beta-autopilot-public-cluster/variables.tf
+++ b/modules/beta-autopilot-public-cluster/variables.tf
@@ -131,6 +131,12 @@ variable "ip_range_pods" {
description = "The _name_ of the secondary subnet ip range to use for pods"
}
+variable "additional_ip_range_pods" {
+ type = list(string)
+ description = "List of _names_ of the additional secondary subnet ip ranges to use for pods"
+ default = []
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services"
diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf
index 5c9a7f479..395be4698 100644
--- a/modules/beta-autopilot-public-cluster/versions.tf
+++ b/modules/beta-autopilot-public-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
index e9aed6200..10b1630c3 100644
--- a/modules/beta-private-cluster-update-variant/README.md
+++ b/modules/beta-private-cluster-update-variant/README.md
@@ -167,6 +167,7 @@ Then perform the following commands on the root folder:
| add\_cluster\_firewall\_rules | Create additional firewall rules | `bool` | `false` | no |
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
+| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
| cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no |
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
index 0234c223f..e81bea4c6 100644
--- a/modules/beta-private-cluster-update-variant/cluster.tf
+++ b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -277,6 +277,12 @@ resource "google_container_cluster" "primary" {
ip_allocation_policy {
cluster_secondary_range_name = var.ip_range_pods
services_secondary_range_name = var.ip_range_services
+ dynamic "additional_pod_ranges_config" {
+ for_each = length(var.additional_ip_range_pods) != 0 ? [1] : []
+ content {
+ pod_range_names = var.additional_ip_range_pods
+ }
+ }
}
maintenance_policy {
diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf
index 931844d9a..37a123edd 100644
--- a/modules/beta-private-cluster-update-variant/main.tf
+++ b/modules/beta-private-cluster-update-variant/main.tf
@@ -79,7 +79,7 @@ locals {
cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}
- pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for k, v in merge(local.node_pools, local.windows_node_pools) : local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0])) : []
+ pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for range in var.additional_ip_range_pods : local.cluster_alias_ranges_cidr[range] if length(range) > 0], [for k, v in merge(local.node_pools, local.windows_node_pools) : local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0])) : []
cluster_network_policy = var.network_policy ? [{
enabled = true
diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
index 119f9a5c0..f872cf31b 100644
--- a/modules/beta-private-cluster-update-variant/variables.tf
+++ b/modules/beta-private-cluster-update-variant/variables.tf
@@ -137,6 +137,12 @@ variable "ip_range_pods" {
description = "The _name_ of the secondary subnet ip range to use for pods"
}
+variable "additional_ip_range_pods" {
+ type = list(string)
+ description = "List of _names_ of the additional secondary subnet ip ranges to use for pods"
+ default = []
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services"
diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf
index 5b3371069..ac420da8e 100644
--- a/modules/beta-private-cluster-update-variant/versions.tf
+++ b/modules/beta-private-cluster-update-variant/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
index f47073bec..b3a75fc13 100644
--- a/modules/beta-private-cluster/README.md
+++ b/modules/beta-private-cluster/README.md
@@ -145,6 +145,7 @@ Then perform the following commands on the root folder:
| add\_cluster\_firewall\_rules | Create additional firewall rules | `bool` | `false` | no |
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
+| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
| cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no |
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
index 02c6f3fca..2646fa385 100644
--- a/modules/beta-private-cluster/cluster.tf
+++ b/modules/beta-private-cluster/cluster.tf
@@ -277,6 +277,12 @@ resource "google_container_cluster" "primary" {
ip_allocation_policy {
cluster_secondary_range_name = var.ip_range_pods
services_secondary_range_name = var.ip_range_services
+ dynamic "additional_pod_ranges_config" {
+ for_each = length(var.additional_ip_range_pods) != 0 ? [1] : []
+ content {
+ pod_range_names = var.additional_ip_range_pods
+ }
+ }
}
maintenance_policy {
diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf
index 931844d9a..37a123edd 100644
--- a/modules/beta-private-cluster/main.tf
+++ b/modules/beta-private-cluster/main.tf
@@ -79,7 +79,7 @@ locals {
cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}
- pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for k, v in merge(local.node_pools, local.windows_node_pools) : local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0])) : []
+ pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for range in var.additional_ip_range_pods : local.cluster_alias_ranges_cidr[range] if length(range) > 0], [for k, v in merge(local.node_pools, local.windows_node_pools) : local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0])) : []
cluster_network_policy = var.network_policy ? [{
enabled = true
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
index 119f9a5c0..f872cf31b 100644
--- a/modules/beta-private-cluster/variables.tf
+++ b/modules/beta-private-cluster/variables.tf
@@ -137,6 +137,12 @@ variable "ip_range_pods" {
description = "The _name_ of the secondary subnet ip range to use for pods"
}
+variable "additional_ip_range_pods" {
+ type = list(string)
+ description = "List of _names_ of the additional secondary subnet ip ranges to use for pods"
+ default = []
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services"
diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf
index 01acd8f3b..4132fa898 100644
--- a/modules/beta-private-cluster/versions.tf
+++ b/modules/beta-private-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
index 2ea2d6489..8782c424f 100644
--- a/modules/beta-public-cluster-update-variant/README.md
+++ b/modules/beta-public-cluster-update-variant/README.md
@@ -161,6 +161,7 @@ Then perform the following commands on the root folder:
| add\_cluster\_firewall\_rules | Create additional firewall rules | `bool` | `false` | no |
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
+| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
| cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no |
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
index 43b03300d..b240b2739 100644
--- a/modules/beta-public-cluster-update-variant/cluster.tf
+++ b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -277,6 +277,12 @@ resource "google_container_cluster" "primary" {
ip_allocation_policy {
cluster_secondary_range_name = var.ip_range_pods
services_secondary_range_name = var.ip_range_services
+ dynamic "additional_pod_ranges_config" {
+ for_each = length(var.additional_ip_range_pods) != 0 ? [1] : []
+ content {
+ pod_range_names = var.additional_ip_range_pods
+ }
+ }
}
maintenance_policy {
diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf
index c6327ea6f..f94626a14 100644
--- a/modules/beta-public-cluster-update-variant/main.tf
+++ b/modules/beta-public-cluster-update-variant/main.tf
@@ -79,7 +79,7 @@ locals {
cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}
- pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for k, v in merge(local.node_pools, local.windows_node_pools) : local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0])) : []
+ pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for range in var.additional_ip_range_pods : local.cluster_alias_ranges_cidr[range] if length(range) > 0], [for k, v in merge(local.node_pools, local.windows_node_pools) : local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0])) : []
cluster_network_policy = var.network_policy ? [{
enabled = true
diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf
index 05bab8df6..f1247ad30 100644
--- a/modules/beta-public-cluster-update-variant/variables.tf
+++ b/modules/beta-public-cluster-update-variant/variables.tf
@@ -137,6 +137,12 @@ variable "ip_range_pods" {
description = "The _name_ of the secondary subnet ip range to use for pods"
}
+variable "additional_ip_range_pods" {
+ type = list(string)
+ description = "List of _names_ of the additional secondary subnet ip ranges to use for pods"
+ default = []
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services"
diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf
index 1c70d8a3c..285c24c84 100644
--- a/modules/beta-public-cluster-update-variant/versions.tf
+++ b/modules/beta-public-cluster-update-variant/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
index eee034981..39cee6f59 100644
--- a/modules/beta-public-cluster/README.md
+++ b/modules/beta-public-cluster/README.md
@@ -139,6 +139,7 @@ Then perform the following commands on the root folder:
| add\_cluster\_firewall\_rules | Create additional firewall rules | `bool` | `false` | no |
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
+| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
| cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no |
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
index 1183a20d1..aa6cefa09 100644
--- a/modules/beta-public-cluster/cluster.tf
+++ b/modules/beta-public-cluster/cluster.tf
@@ -277,6 +277,12 @@ resource "google_container_cluster" "primary" {
ip_allocation_policy {
cluster_secondary_range_name = var.ip_range_pods
services_secondary_range_name = var.ip_range_services
+ dynamic "additional_pod_ranges_config" {
+ for_each = length(var.additional_ip_range_pods) != 0 ? [1] : []
+ content {
+ pod_range_names = var.additional_ip_range_pods
+ }
+ }
}
maintenance_policy {
diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf
index c6327ea6f..f94626a14 100644
--- a/modules/beta-public-cluster/main.tf
+++ b/modules/beta-public-cluster/main.tf
@@ -79,7 +79,7 @@ locals {
cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}
- pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for k, v in merge(local.node_pools, local.windows_node_pools) : local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0])) : []
+ pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for range in var.additional_ip_range_pods : local.cluster_alias_ranges_cidr[range] if length(range) > 0], [for k, v in merge(local.node_pools, local.windows_node_pools) : local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0])) : []
cluster_network_policy = var.network_policy ? [{
enabled = true
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
index 05bab8df6..f1247ad30 100644
--- a/modules/beta-public-cluster/variables.tf
+++ b/modules/beta-public-cluster/variables.tf
@@ -137,6 +137,12 @@ variable "ip_range_pods" {
description = "The _name_ of the secondary subnet ip range to use for pods"
}
+variable "additional_ip_range_pods" {
+ type = list(string)
+ description = "List of _names_ of the additional secondary subnet ip ranges to use for pods"
+ default = []
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services"
diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf
index 90b615732..5bfc9dcdc 100644
--- a/modules/beta-public-cluster/versions.tf
+++ b/modules/beta-public-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md
index 0eea714f7..097fb6652 100644
--- a/modules/private-cluster-update-variant/README.md
+++ b/modules/private-cluster-update-variant/README.md
@@ -163,6 +163,7 @@ Then perform the following commands on the root folder:
| add\_cluster\_firewall\_rules | Create additional firewall rules | `bool` | `false` | no |
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
+| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
index a6bcda84e..6db8bb3e5 100644
--- a/modules/private-cluster-update-variant/cluster.tf
+++ b/modules/private-cluster-update-variant/cluster.tf
@@ -220,6 +220,12 @@ resource "google_container_cluster" "primary" {
ip_allocation_policy {
cluster_secondary_range_name = var.ip_range_pods
services_secondary_range_name = var.ip_range_services
+ dynamic "additional_pod_ranges_config" {
+ for_each = length(var.additional_ip_range_pods) != 0 ? [1] : []
+ content {
+ pod_range_names = var.additional_ip_range_pods
+ }
+ }
}
maintenance_policy {
diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf
index 54d054edc..2ef1d8841 100644
--- a/modules/private-cluster-update-variant/main.tf
+++ b/modules/private-cluster-update-variant/main.tf
@@ -79,7 +79,7 @@ locals {
cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}
- pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for k, v in merge(local.node_pools, local.windows_node_pools) : local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0])) : []
+ pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for range in var.additional_ip_range_pods : local.cluster_alias_ranges_cidr[range] if length(range) > 0], [for k, v in merge(local.node_pools, local.windows_node_pools) : local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0])) : []
cluster_network_policy = var.network_policy ? [{
enabled = true
diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf
index 22e808f61..f06b1e9d9 100644
--- a/modules/private-cluster-update-variant/variables.tf
+++ b/modules/private-cluster-update-variant/variables.tf
@@ -137,6 +137,12 @@ variable "ip_range_pods" {
description = "The _name_ of the secondary subnet ip range to use for pods"
}
+variable "additional_ip_range_pods" {
+ type = list(string)
+ description = "List of _names_ of the additional secondary subnet ip ranges to use for pods"
+ default = []
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services"
diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf
index 127daffdd..dd78320bc 100644
--- a/modules/private-cluster-update-variant/versions.tf
+++ b/modules/private-cluster-update-variant/versions.tf
@@ -21,7 +21,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md
index edbe5304d..3ebfe4acf 100644
--- a/modules/private-cluster/README.md
+++ b/modules/private-cluster/README.md
@@ -141,6 +141,7 @@ Then perform the following commands on the root folder:
| add\_cluster\_firewall\_rules | Create additional firewall rules | `bool` | `false` | no |
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
+| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
index 9b3b5217e..dc50906bd 100644
--- a/modules/private-cluster/cluster.tf
+++ b/modules/private-cluster/cluster.tf
@@ -220,6 +220,12 @@ resource "google_container_cluster" "primary" {
ip_allocation_policy {
cluster_secondary_range_name = var.ip_range_pods
services_secondary_range_name = var.ip_range_services
+ dynamic "additional_pod_ranges_config" {
+ for_each = length(var.additional_ip_range_pods) != 0 ? [1] : []
+ content {
+ pod_range_names = var.additional_ip_range_pods
+ }
+ }
}
maintenance_policy {
diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf
index 54d054edc..2ef1d8841 100644
--- a/modules/private-cluster/main.tf
+++ b/modules/private-cluster/main.tf
@@ -79,7 +79,7 @@ locals {
cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}
- pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for k, v in merge(local.node_pools, local.windows_node_pools) : local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0])) : []
+ pod_all_ip_ranges = var.add_cluster_firewall_rules ? compact(concat([local.cluster_alias_ranges_cidr[var.ip_range_pods]], [for range in var.additional_ip_range_pods : local.cluster_alias_ranges_cidr[range] if length(range) > 0], [for k, v in merge(local.node_pools, local.windows_node_pools) : local.cluster_alias_ranges_cidr[v.pod_range] if length(lookup(v, "pod_range", "")) > 0])) : []
cluster_network_policy = var.network_policy ? [{
enabled = true
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
index 22e808f61..f06b1e9d9 100644
--- a/modules/private-cluster/variables.tf
+++ b/modules/private-cluster/variables.tf
@@ -137,6 +137,12 @@ variable "ip_range_pods" {
description = "The _name_ of the secondary subnet ip range to use for pods"
}
+variable "additional_ip_range_pods" {
+ type = list(string)
+ description = "List of _names_ of the additional secondary subnet ip ranges to use for pods"
+ default = []
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services"
diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf
index b485db03f..c323f025f 100644
--- a/modules/private-cluster/versions.tf
+++ b/modules/private-cluster/versions.tf
@@ -21,7 +21,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
kubernetes = {
source = "hashicorp/kubernetes"
diff --git a/variables.tf b/variables.tf
index 69911eb95..e5757a9b0 100644
--- a/variables.tf
+++ b/variables.tf
@@ -137,6 +137,12 @@ variable "ip_range_pods" {
description = "The _name_ of the secondary subnet ip range to use for pods"
}
+variable "additional_ip_range_pods" {
+ type = list(string)
+ description = "List of _names_ of the additional secondary subnet ip ranges to use for pods"
+ default = []
+}
+
variable "ip_range_services" {
type = string
description = "The _name_ of the secondary subnet range to use for services"
diff --git a/versions.tf b/versions.tf
index b8db42966..dc299651d 100644
--- a/versions.tf
+++ b/versions.tf
@@ -21,7 +21,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1"
+ version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
}
kubernetes = {
source = "hashicorp/kubernetes"