terraform-google-modules · apeabody · Oct 31, 2023 · Oct 6, 2023 · Oct 10, 2023 · Oct 10, 2023
@@ -149,6 +149,7 @@ Then perform the following commands on the root folder:
 | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | <pre>[<br>  {<br>    "key_name": "",<br>    "state": "DECRYPTED"<br>  }<br>]</pre> | no |
 | datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no |
 | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no |
+| deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no |
 | description | The description of the cluster | `string` | `""` | no |
 | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no |
@@ -331,7 +332,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP][terraform-provider-google] v4.51
+- [Terraform Provider for GCP][terraform-provider-google] v5
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.

@@ -272,9 +272,9 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
 {% if beta_cluster %}
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5
 {% else %}
-- [Terraform Provider for GCP][terraform-provider-google] v4.51
+- [Terraform Provider for GCP][terraform-provider-google] v5
 {% endif %}
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.

@@ -31,10 +31,12 @@ resource "google_container_cluster" "primary" {
   project         = var.project_id
   resource_labels = var.cluster_resource_labels
 
-  location          = local.location
-  node_locations    = local.node_locations
-  cluster_ipv4_cidr = var.cluster_ipv4_cidr
-  network           = "projects/${local.network_project_id}/global/networks/${var.network}"
+  location            = local.location
+  node_locations      = local.node_locations
+  cluster_ipv4_cidr   = var.cluster_ipv4_cidr
+  network             = "projects/${local.network_project_id}/global/networks/${var.network}"
+  deletion_protection = var.deletion_protection
+
   {% if autopilot_cluster != true %}
   dynamic "network_policy" {
     for_each = local.cluster_network_policy

@@ -592,6 +592,12 @@ variable "notification_config_topic" {
   default = ""
 }
 
+variable "deletion_protection" {
+  type        = bool
+  description = "Whether or not to allow Terraform to destroy the cluster."
+  default     = true
+}
+
 {% if beta_cluster %}
 variable "enable_tpu" {
   type        = bool

@@ -24,11 +24,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+      version = ">= 5.0.0, < 6"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+      version = ">= 5.0.0, < 6"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
@@ -46,7 +46,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
+      version = ">= 5.0.0, < 6"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

@@ -24,14 +24,15 @@ module "gke" {
   {% else %}
   source             = "../beta-private-cluster/"
   {% endif %}
-  project_id         = var.project_id
-  name               = var.name
-  description        = var.description
-  regional           = var.regional
-  region             = var.region
-  zones              = var.zones
-  network            = var.network
-  network_project_id = var.network_project_id
+  project_id          = var.project_id
+  name                = var.name
+  description         = var.description
+  regional            = var.regional
+  region              = var.region
+  zones               = var.zones
+  network             = var.network
+  network_project_id  = var.network_project_id
+  deletion_protection = var.deletion_protection
 
   // We need to enforce a minimum Kubernetes Version to ensure
   // that the necessary security features are enabled.

@@ -520,3 +520,9 @@ variable "workload_config_audit_mode" {
   type        = string
   default     = "DISABLED"
 }
+
+variable "deletion_protection" {
+  type        = bool
+  description = "Whether or not to allow Terraform to destroy the cluster."
+  default     = true
+}
@@ -27,10 +27,12 @@ resource "google_container_cluster" "primary" {
   project         = var.project_id
   resource_labels = var.cluster_resource_labels
 
-  location          = local.location
-  node_locations    = local.node_locations
-  cluster_ipv4_cidr = var.cluster_ipv4_cidr
-  network           = "projects/${local.network_project_id}/global/networks/${var.network}"
+  location            = local.location
+  node_locations      = local.node_locations
+  cluster_ipv4_cidr   = var.cluster_ipv4_cidr
+  network             = "projects/${local.network_project_id}/global/networks/${var.network}"
+  deletion_protection = var.deletion_protection
+
   dynamic "network_policy" {
     for_each = local.cluster_network_policy
 

@@ -2,6 +2,41 @@
 The v29.0 release of *kubernetes-engine* is a backwards incompatible
 release.
 
+### Google Cloud Platform Provider upgrade
+The Terraform Kubernetes Engine Module now requires version 5.0 or higher of the Google Cloud Platform Providers.
+
+```diff
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+-      version = "~> 4.0"
++      version = "~> 5.0"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+-      version = "~> 4.0"
++      version = "~> 5.0"
+    }
+
+  }
+}
+```
+
+### Deletion Protection
+The Terraform Kubernetes Engine Module now includes the `deletion_protection` option which defaults to `true`.  To delete your cluster you should specify it explicitly to `false`:
+
+```diff
+  module "gke" {
+-   source  = "terraform-google-modules/kubernetes-engine/google"
+-   version = "~> 28.0"
++   source  = "terraform-google-modules/kubernetes-engine/google"
++   version = "~> 29.0"
+...
++   deletion_protection = false
+}
+```
+
 ### Update variant random ID keepers updated
 
 The v29.0 release updates the keepers for the update variant modules. This will force a recreation of the nodepools.

@@ -17,8 +17,7 @@
 terraform {
   required_providers {
     google-beta = {
-      source  = "hashicorp/google-beta"
-      version = ">= 3.73.0"
+      source = "hashicorp/google-beta"
     }
   }
 }

@@ -17,8 +17,7 @@
 terraform {
   required_providers {
     google-beta = {
-      source  = "hashicorp/google-beta"
-      version = ">= 3.73.0"
+      source = "hashicorp/google-beta"
     }
   }
 }

@@ -17,8 +17,7 @@
 terraform {
   required_providers {
     google-beta = {
-      source  = "hashicorp/google-beta"
-      version = ">= 4.27.0, < 5.0"
+      source = "hashicorp/google-beta"
     }
   }
 }

@@ -38,6 +38,7 @@ module "gke" {
   ip_range_services      = var.ip_range_services
   create_service_account = false
   service_account        = var.compute_engine_service_account
+  deletion_protection    = false
 }
 
 resource "kubernetes_pod" "nginx-example" {

@@ -17,8 +17,7 @@
 terraform {
   required_providers {
     google = {
-      source  = "hashicorp/google"
-      version = "~> 4.0"
+      source = "hashicorp/google"
     }
     kubernetes = {
       source = "hashicorp/kubernetes"

@@ -40,4 +40,5 @@ module "gke" {
   create_service_account   = false
   service_account          = var.compute_engine_service_account
   issue_client_certificate = false
+  deletion_protection      = false
 }
@@ -17,8 +17,7 @@
 terraform {
   required_providers {
     google = {
-      source  = "hashicorp/google"
-      version = "~> 4.0"
+      source = "hashicorp/google"
     }
     kubernetes = {
       source = "hashicorp/kubernetes"

@@ -40,6 +40,7 @@ module "gke" {
   remove_default_node_pool          = false
   disable_legacy_metadata_endpoints = false
   cluster_autoscaling               = var.cluster_autoscaling
+  deletion_protection               = false
 
   node_pools = [
     {

@@ -20,8 +20,7 @@ terraform {
       source = "hashicorp/google"
     }
     google-beta = {
-      source  = "hashicorp/google-beta"
-      version = "~> 4.0"
+      source = "hashicorp/google-beta"
     }
     kubernetes = {
       source = "hashicorp/kubernetes"

@@ -48,6 +48,7 @@ module "gke" {
   enable_private_endpoint = true
   enable_private_nodes    = true
   master_ipv4_cidr_block  = "172.16.0.0/28"
+  deletion_protection     = false
 
   master_authorized_networks = [
     {

@@ -17,8 +17,7 @@
 terraform {
   required_providers {
     google = {
-      source  = "hashicorp/google"
-      version = "~> 4.0"
+      source = "hashicorp/google"
     }
     kubernetes = {
       source = "hashicorp/kubernetes"

@@ -53,6 +53,7 @@ module "gke" {
   enable_private_endpoint = true
   enable_private_nodes    = true
   master_ipv4_cidr_block  = "172.16.0.0/28"
+  deletion_protection     = false
 
   master_authorized_networks = [
     {

@@ -20,8 +20,7 @@ terraform {
       source = "hashicorp/google"
     }
     google-beta = {
-      source  = "hashicorp/google-beta"
-      version = "~> 4.0"
+      source = "hashicorp/google-beta"
     }
     kubernetes = {
       source = "hashicorp/kubernetes"

@@ -49,6 +49,7 @@ module "gke" {
   ip_range_services      = var.ip_range_services
   create_service_account = false
   service_account        = var.compute_engine_service_account
+  deletion_protection    = false
 
   master_authorized_networks = [
     {

@@ -20,8 +20,7 @@ terraform {
       source = "hashicorp/google"
     }
     google-beta = {
-      source  = "hashicorp/google-beta"
-      version = "~> 4.0"
+      source = "hashicorp/google-beta"
     }
     kubernetes = {
       source = "hashicorp/kubernetes"

@@ -24,7 +24,7 @@ provider "kubernetes" {
 
 module "gcp-network" {
   source  = "terraform-google-modules/network/google"
-  version = ">= 4.0.1"
+  version = ">= 7.5"
 
   project_id   = var.project_id
   network_name = var.network
@@ -75,6 +75,7 @@ module "gke" {
   enable_private_endpoint = true
   enable_private_nodes    = true
   master_ipv4_cidr_block  = "172.16.0.0/28"
+  deletion_protection     = false
 
   master_authorized_networks = [
     {

@@ -32,6 +32,7 @@ module "gke" {
   service_account                   = "create"
   remove_default_node_pool          = true
   disable_legacy_metadata_endpoints = true
+  deletion_protection               = false
 
   master_authorized_networks = [
     {

@@ -16,7 +16,7 @@
 
 module "gke-network" {
   source  = "terraform-google-modules/network/google"
-  version = ">= 4.0.1"
+  version = ">= 7.5"
 
   project_id   = var.project_id
   network_name = "random-gke-network"

@@ -17,12 +17,10 @@
 terraform {
   required_providers {
     google = {
-      source  = "hashicorp/google"
-      version = "~> 4.0"
+      source = "hashicorp/google"
     }
     google-beta = {
-      source  = "hashicorp/google-beta"
-      version = "~> 4.0"
+      source = "hashicorp/google-beta"
     }
     kubernetes = {
       source = "hashicorp/kubernetes"

@@ -65,6 +65,7 @@ module "gke" {
   firewall_inbound_ports     = ["9443", "15017"]
   kubernetes_version         = random_shuffle.version.result[0]
   release_channel            = "UNSPECIFIED"
+  deletion_protection        = false
 
   master_authorized_networks = [
     {

@@ -16,7 +16,7 @@
 
 module "gcp-network" {
   source  = "terraform-google-modules/network/google"
-  version = ">= 4.0.1"
+  version = ">= 7.5"
 
   project_id   = var.project_id
   network_name = local.network_name

@@ -18,19 +18,17 @@ terraform {
   required_version = ">= 0.13"
   required_providers {
     google = {
-      source  = "hashicorp/google"
-      version = "~> 4.0"
+      source = "hashicorp/google"
     }
     google-beta = {
-      source  = "hashicorp/google-beta"
-      version = "~> 4.0"
+      source = "hashicorp/google-beta"
     }
     kubernetes = {
       source = "hashicorp/kubernetes"
     }
     random = {
       source  = "hashicorp/random"
-      version = "~> 3.0"
+      version = ">= 3.0"
     }
   }
 }