",
+ cluster_name = "gke-spoke-3",
+ private_nat_subnet_cidr = "100.65.3.0/24",
+ spoke_netmap_subnet = "10.244.0.32/28"
+ }
+]
+node_locations = [
+ "us-central1-a",
+ "us-central1-b",
+ "us-central1-f"
+]
+subnet_cidr = "100.64.0.0/19"
+net_attachment_subnet_cidr = "100.64.87.0/29"
+router_machine_type = "n2-highcpu-4"
+secondary_ranges = {
+ pods = "100.64.32.0/19"
+ services = "100.64.64.0/20"
+ master_cidr = "100.64.96.32/28"
+}
+proxy_subnet_cidr = "100.64.83.0/24"
+ingress_ip_addrs_subnet_cidr = "100.64.84.0/28"
+master_authorized_networks = [
+ {
+ cidr_block = "100.64.0.0/10"
+ display_name = "cluster net"
+ }
+]
diff --git a/examples/island_cluster_anywhere_in_gcp_design/variables.tf b/examples/island_cluster_anywhere_in_gcp_design/variables.tf
new file mode 100644
index 0000000000..293165c18f
--- /dev/null
+++ b/examples/island_cluster_anywhere_in_gcp_design/variables.tf
@@ -0,0 +1,78 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "region" {
+ type = string
+}
+
+variable "node_locations" {
+ type = list(string)
+}
+
+variable "subnet_cidr" {
+ type = string
+ description = "Primary subnet CIDR used by the cluster."
+}
+
+variable "net_attachment_subnet_cidr" {
+ type = string
+ description = "Subnet for the router PSC interface network attachment in island network."
+}
+
+variable "ingress_ip_addrs_subnet_cidr" {
+ type = string
+ description = "Subnet to use for reserving internal ip addresses for the ILBs."
+}
+
+variable "proxy_subnet_cidr" {
+ type = string
+ description = "CIDR for the regional managed proxy subnet."
+}
+
+variable "secondary_ranges" {
+ type = map(string)
+}
+
+variable "master_authorized_networks" {
+ type = list(object({ cidr_block = string, display_name = string }))
+ description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
+}
+
+variable "primary_net_name" {
+ type = string
+ description = "Primary VPC network name."
+}
+
+variable "ncc_hub_project_id" {
+ type = string
+}
+
+variable "ncc_hub_name" {
+ type = string
+}
+
+variable "router_machine_type" {
+ type = string
+}
+
+variable "primary_subnet" {
+ type = string
+ description = "Subnet to use in primary network to deploy the router."
+}
+
+variable "gke_spokes" {
+ type = any
+}
diff --git a/examples/island_cluster_anywhere_in_gcp_design/versions.tf b/examples/island_cluster_anywhere_in_gcp_design/versions.tf
new file mode 100644
index 0000000000..4818f24fa7
--- /dev/null
+++ b/examples/island_cluster_anywhere_in_gcp_design/versions.tf
@@ -0,0 +1,28 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 1.3"
+
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ }
+ }
+}
diff --git a/examples/island_cluster_with_vm_router/main.tf b/examples/island_cluster_with_vm_router/main.tf
index 86ce138888..5984412ee5 100644
--- a/examples/island_cluster_with_vm_router/main.tf
+++ b/examples/island_cluster_with_vm_router/main.tf
@@ -143,7 +143,7 @@ module "net" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
depends_on = [google_compute_instance.vm]
diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf
index 7626216fb7..634a3b2965 100644
--- a/examples/node_pool/main.tf
+++ b/examples/node_pool/main.tf
@@ -28,7 +28,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/examples/node_pool_update_variant/main.tf b/examples/node_pool_update_variant/main.tf
index b18de30482..b526e656bd 100644
--- a/examples/node_pool_update_variant/main.tf
+++ b/examples/node_pool_update_variant/main.tf
@@ -34,7 +34,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster-update-variant"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/examples/node_pool_update_variant_beta/main.tf b/examples/node_pool_update_variant_beta/main.tf
index c78d2bd050..99e9134518 100644
--- a/examples/node_pool_update_variant_beta/main.tf
+++ b/examples/node_pool_update_variant_beta/main.tf
@@ -39,7 +39,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster-update-variant"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/examples/node_pool_update_variant_public_beta/main.tf b/examples/node_pool_update_variant_public_beta/main.tf
index dcab030f8b..4821df4ac6 100644
--- a/examples/node_pool_update_variant_public_beta/main.tf
+++ b/examples/node_pool_update_variant_public_beta/main.tf
@@ -39,7 +39,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster-update-variant"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/examples/private_zonal_with_networking/main.tf b/examples/private_zonal_with_networking/main.tf
index 1f7f4c2047..692a7bd1fd 100644
--- a/examples/private_zonal_with_networking/main.tf
+++ b/examples/private_zonal_with_networking/main.tf
@@ -61,7 +61,7 @@ data "google_compute_subnetwork" "subnetwork" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = var.cluster_name
diff --git a/examples/regional_private_node_pool_oauth_scopes/main.tf b/examples/regional_private_node_pool_oauth_scopes/main.tf
index 0bba21cdaa..bf46331191 100644
--- a/examples/regional_private_node_pool_oauth_scopes/main.tf
+++ b/examples/regional_private_node_pool_oauth_scopes/main.tf
@@ -16,7 +16,7 @@
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "random-test-cluster"
diff --git a/examples/safer_cluster/main.tf b/examples/safer_cluster/main.tf
index ceea648aa5..5d6df90110 100644
--- a/examples/safer_cluster/main.tf
+++ b/examples/safer_cluster/main.tf
@@ -52,7 +52,7 @@ resource "random_shuffle" "version" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster-${random_string.suffix.result}"
diff --git a/examples/safer_cluster_iap_bastion/cluster.tf b/examples/safer_cluster_iap_bastion/cluster.tf
index 9debb69001..8fbaa05646 100644
--- a/examples/safer_cluster_iap_bastion/cluster.tf
+++ b/examples/safer_cluster_iap_bastion/cluster.tf
@@ -16,7 +16,7 @@
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = module.enabled_google_apis.project_id
name = var.cluster_name
diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf
index 5ff24c3c02..5803a64c6f 100644
--- a/examples/shared_vpc/main.tf
+++ b/examples/shared_vpc/main.tf
@@ -28,7 +28,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/examples/simple_autopilot_private/main.tf b/examples/simple_autopilot_private/main.tf
index 125ba24706..d98f7f00df 100644
--- a/examples/simple_autopilot_private/main.tf
+++ b/examples/simple_autopilot_private/main.tf
@@ -35,7 +35,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster"
diff --git a/examples/simple_autopilot_private_non_default_sa/main.tf b/examples/simple_autopilot_private_non_default_sa/main.tf
index b9ff6e92a5..332e41f1cc 100644
--- a/examples/simple_autopilot_private_non_default_sa/main.tf
+++ b/examples/simple_autopilot_private_non_default_sa/main.tf
@@ -35,7 +35,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster"
diff --git a/examples/simple_autopilot_public/main.tf b/examples/simple_autopilot_public/main.tf
index 2fc462ca3a..451ef70317 100644
--- a/examples/simple_autopilot_public/main.tf
+++ b/examples/simple_autopilot_public/main.tf
@@ -34,7 +34,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-public-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster"
diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf
index 5fc839611d..2127fa9eea 100644
--- a/examples/simple_regional/main.tf
+++ b/examples/simple_regional/main.tf
@@ -28,7 +28,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/examples/simple_regional_beta/main.tf b/examples/simple_regional_beta/main.tf
index cd76c5dcc6..2c1f082af9 100644
--- a/examples/simple_regional_beta/main.tf
+++ b/examples/simple_regional_beta/main.tf
@@ -28,7 +28,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/examples/simple_regional_private/main.tf b/examples/simple_regional_private/main.tf
index 2b120d14d8..25cf124ef9 100644
--- a/examples/simple_regional_private/main.tf
+++ b/examples/simple_regional_private/main.tf
@@ -34,7 +34,7 @@ data "google_compute_subnetwork" "subnetwork" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf
index 43d2f7835f..822c7946ce 100644
--- a/examples/simple_regional_private_beta/main.tf
+++ b/examples/simple_regional_private_beta/main.tf
@@ -34,7 +34,7 @@ data "google_compute_subnetwork" "subnetwork" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/examples/simple_regional_private_with_cluster_version/main.tf b/examples/simple_regional_private_with_cluster_version/main.tf
index 6d95353710..23b5b83c99 100644
--- a/examples/simple_regional_private_with_cluster_version/main.tf
+++ b/examples/simple_regional_private_with_cluster_version/main.tf
@@ -34,7 +34,7 @@ data "google_compute_subnetwork" "subnetwork" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/examples/simple_regional_with_gateway_api/main.tf b/examples/simple_regional_with_gateway_api/main.tf
index b96367d767..34500ada3a 100644
--- a/examples/simple_regional_with_gateway_api/main.tf
+++ b/examples/simple_regional_with_gateway_api/main.tf
@@ -28,7 +28,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/examples/simple_regional_with_kubeconfig/main.tf b/examples/simple_regional_with_kubeconfig/main.tf
index a2fcc3c72e..7387bb0c15 100644
--- a/examples/simple_regional_with_kubeconfig/main.tf
+++ b/examples/simple_regional_with_kubeconfig/main.tf
@@ -28,7 +28,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
@@ -45,7 +45,7 @@ module "gke" {
module "gke_auth" {
source = "terraform-google-modules/kubernetes-engine/google//modules/auth"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
location = module.gke.location
diff --git a/examples/simple_regional_with_networking/main.tf b/examples/simple_regional_with_networking/main.tf
index 28363ea059..a37c1fb6e9 100644
--- a/examples/simple_regional_with_networking/main.tf
+++ b/examples/simple_regional_with_networking/main.tf
@@ -53,7 +53,7 @@ module "gcp-network" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = var.cluster_name
diff --git a/examples/simple_windows_node_pool/main.tf b/examples/simple_windows_node_pool/main.tf
index 2ec1464bd3..0562eea5a4 100644
--- a/examples/simple_windows_node_pool/main.tf
+++ b/examples/simple_windows_node_pool/main.tf
@@ -28,7 +28,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
regional = false
diff --git a/examples/simple_zonal_private/main.tf b/examples/simple_zonal_private/main.tf
index a541829254..138bfcd314 100644
--- a/examples/simple_zonal_private/main.tf
+++ b/examples/simple_zonal_private/main.tf
@@ -34,7 +34,7 @@ data "google_compute_subnetwork" "subnetwork" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/examples/simple_zonal_with_acm/acm.tf b/examples/simple_zonal_with_acm/acm.tf
index cee5eda4d2..56d510cb89 100644
--- a/examples/simple_zonal_with_acm/acm.tf
+++ b/examples/simple_zonal_with_acm/acm.tf
@@ -16,7 +16,7 @@
module "acm" {
source = "terraform-google-modules/kubernetes-engine/google//modules/acm"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
location = module.gke.location
diff --git a/examples/simple_zonal_with_acm/main.tf b/examples/simple_zonal_with_acm/main.tf
index de06aa5d46..c62dc3b26b 100644
--- a/examples/simple_zonal_with_acm/main.tf
+++ b/examples/simple_zonal_with_acm/main.tf
@@ -32,7 +32,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
regional = false
diff --git a/examples/simple_zonal_with_asm/main.tf b/examples/simple_zonal_with_asm/main.tf
index f9b368000a..f54653b1ed 100644
--- a/examples/simple_zonal_with_asm/main.tf
+++ b/examples/simple_zonal_with_asm/main.tf
@@ -28,7 +28,7 @@ data "google_project" "project" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "test-prefix-cluster-test-suffix"
@@ -57,7 +57,7 @@ module "gke" {
module "asm" {
source = "terraform-google-modules/kubernetes-engine/google//modules/asm"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
cluster_name = module.gke.name
diff --git a/examples/simple_zonal_with_hub/hub.tf b/examples/simple_zonal_with_hub/hub.tf
index 36120501b3..5b7171ab4c 100644
--- a/examples/simple_zonal_with_hub/hub.tf
+++ b/examples/simple_zonal_with_hub/hub.tf
@@ -16,7 +16,7 @@
module "hub" {
source = "terraform-google-modules/kubernetes-engine/google//modules/fleet-membership"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
location = module.gke.location
diff --git a/examples/simple_zonal_with_hub/main.tf b/examples/simple_zonal_with_hub/main.tf
index 4b4563d8d0..6c13cbdbbc 100644
--- a/examples/simple_zonal_with_hub/main.tf
+++ b/examples/simple_zonal_with_hub/main.tf
@@ -28,7 +28,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
regional = false
diff --git a/examples/simple_zonal_with_hub_kubeconfig/hub.tf b/examples/simple_zonal_with_hub_kubeconfig/hub.tf
index 19e243947a..d904d87c6b 100644
--- a/examples/simple_zonal_with_hub_kubeconfig/hub.tf
+++ b/examples/simple_zonal_with_hub_kubeconfig/hub.tf
@@ -16,7 +16,7 @@
module "hub" {
source = "terraform-google-modules/kubernetes-engine/google//modules/hub-legacy"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
location = "remote"
diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf
index 8607a6fc72..82599a7534 100644
--- a/examples/stub_domains/main.tf
+++ b/examples/stub_domains/main.tf
@@ -28,7 +28,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/examples/stub_domains_private/main.tf b/examples/stub_domains_private/main.tf
index 5ebc7a057a..5bb6268ffc 100644
--- a/examples/stub_domains_private/main.tf
+++ b/examples/stub_domains_private/main.tf
@@ -30,7 +30,7 @@ data "google_compute_subnetwork" "subnetwork" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
ip_range_pods = var.ip_range_pods
ip_range_services = var.ip_range_services
diff --git a/examples/stub_domains_upstream_nameservers/main.tf b/examples/stub_domains_upstream_nameservers/main.tf
index 02639383dd..5a95ab8e69 100644
--- a/examples/stub_domains_upstream_nameservers/main.tf
+++ b/examples/stub_domains_upstream_nameservers/main.tf
@@ -28,7 +28,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/examples/upstream_nameservers/main.tf b/examples/upstream_nameservers/main.tf
index 7349ab5cdf..876152ad28 100644
--- a/examples/upstream_nameservers/main.tf
+++ b/examples/upstream_nameservers/main.tf
@@ -28,7 +28,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/examples/workload_identity/main.tf b/examples/workload_identity/main.tf
index fe1b13bfcd..98b406e31b 100644
--- a/examples/workload_identity/main.tf
+++ b/examples/workload_identity/main.tf
@@ -28,7 +28,7 @@ provider "kubernetes" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
@@ -54,7 +54,7 @@ module "gke" {
# example without existing KSA
module "workload_identity" {
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "iden-${module.gke.name}"
@@ -74,7 +74,7 @@ resource "kubernetes_service_account" "test" {
module "workload_identity_existing_ksa" {
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "existing-${module.gke.name}"
@@ -93,7 +93,7 @@ resource "google_service_account" "custom" {
module "workload_identity_existing_gsa" {
source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = google_service_account.custom.account_id
diff --git a/examples/workload_metadata_config/main.tf b/examples/workload_metadata_config/main.tf
index 856591c444..4ee285814d 100644
--- a/examples/workload_metadata_config/main.tf
+++ b/examples/workload_metadata_config/main.tf
@@ -34,7 +34,7 @@ data "google_compute_subnetwork" "subnetwork" {
module "gke" {
source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
- version = "~> 30.0"
+ version = "~> 31.0"
project_id = var.project_id
name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
index ba4f99e110..a64513a799 100644
--- a/modules/beta-private-cluster-update-variant/README.md
+++ b/modules/beta-private-cluster-update-variant/README.md
@@ -177,7 +177,7 @@ Then perform the following commands on the root folder:
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
| cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no |
-| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
image_type = optional(string)
strategy = optional(string)
max_surge = optional(number)
max_unavailable = optional(number)
node_pool_soak_duration = optional(string)
batch_soak_duration = optional(string)
batch_percentage = optional(number)
batch_node_count = optional(number)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"image_type": "COS_CONTAINERD",
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
+| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
image_type = optional(string)
strategy = optional(string)
max_surge = optional(number)
max_unavailable = optional(number)
node_pool_soak_duration = optional(string)
batch_soak_duration = optional(string)
batch_percentage = optional(number)
batch_node_count = optional(number)
enable_secure_boot = optional(bool, false)
enable_integrity_monitoring = optional(bool, true)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"image_type": "COS_CONTAINERD",
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no |
| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no |
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
index f6f8f04ef4..d8ba69dff4 100644
--- a/modules/beta-private-cluster-update-variant/cluster.tf
+++ b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -147,6 +147,11 @@ resource "google_container_cluster" "primary" {
}
}
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.cluster_autoscaling, "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.cluster_autoscaling, "enable_integrity_monitoring", true)
+ }
+
min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "")
image_type = lookup(var.cluster_autoscaling, "image_type", "COS_CONTAINERD")
diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
index 8bf7babcb8..da51f48691 100644
--- a/modules/beta-private-cluster-update-variant/variables.tf
+++ b/modules/beta-private-cluster-update-variant/variables.tf
@@ -239,39 +239,43 @@ variable "enable_resource_consumption_export" {
variable "cluster_autoscaling" {
type = object({
- enabled = bool
- autoscaling_profile = string
- min_cpu_cores = number
- max_cpu_cores = number
- min_memory_gb = number
- max_memory_gb = number
- gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
- auto_repair = bool
- auto_upgrade = bool
- disk_size = optional(number)
- disk_type = optional(string)
- image_type = optional(string)
- strategy = optional(string)
- max_surge = optional(number)
- max_unavailable = optional(number)
- node_pool_soak_duration = optional(string)
- batch_soak_duration = optional(string)
- batch_percentage = optional(number)
- batch_node_count = optional(number)
+ enabled = bool
+ autoscaling_profile = string
+ min_cpu_cores = number
+ max_cpu_cores = number
+ min_memory_gb = number
+ max_memory_gb = number
+ gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
+ auto_repair = bool
+ auto_upgrade = bool
+ disk_size = optional(number)
+ disk_type = optional(string)
+ image_type = optional(string)
+ strategy = optional(string)
+ max_surge = optional(number)
+ max_unavailable = optional(number)
+ node_pool_soak_duration = optional(string)
+ batch_soak_duration = optional(string)
+ batch_percentage = optional(number)
+ batch_node_count = optional(number)
+ enable_secure_boot = optional(bool, false)
+ enable_integrity_monitoring = optional(bool, true)
})
default = {
- enabled = false
- autoscaling_profile = "BALANCED"
- max_cpu_cores = 0
- min_cpu_cores = 0
- max_memory_gb = 0
- min_memory_gb = 0
- gpu_resources = []
- auto_repair = true
- auto_upgrade = true
- disk_size = 100
- disk_type = "pd-standard"
- image_type = "COS_CONTAINERD"
+ enabled = false
+ autoscaling_profile = "BALANCED"
+ max_cpu_cores = 0
+ min_cpu_cores = 0
+ max_memory_gb = 0
+ min_memory_gb = 0
+ gpu_resources = []
+ auto_repair = true
+ auto_upgrade = true
+ disk_size = 100
+ disk_type = "pd-standard"
+ image_type = "COS_CONTAINERD"
+ enable_secure_boot = false
+ enable_integrity_monitoring = true
}
description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
}
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
index df9a4a94f9..1e25d4b4e8 100644
--- a/modules/beta-private-cluster/README.md
+++ b/modules/beta-private-cluster/README.md
@@ -155,7 +155,7 @@ Then perform the following commands on the root folder:
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
| cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no |
-| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
image_type = optional(string)
strategy = optional(string)
max_surge = optional(number)
max_unavailable = optional(number)
node_pool_soak_duration = optional(string)
batch_soak_duration = optional(string)
batch_percentage = optional(number)
batch_node_count = optional(number)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"image_type": "COS_CONTAINERD",
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
+| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
image_type = optional(string)
strategy = optional(string)
max_surge = optional(number)
max_unavailable = optional(number)
node_pool_soak_duration = optional(string)
batch_soak_duration = optional(string)
batch_percentage = optional(number)
batch_node_count = optional(number)
enable_secure_boot = optional(bool, false)
enable_integrity_monitoring = optional(bool, true)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"image_type": "COS_CONTAINERD",
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no |
| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no |
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
index 5a1d075145..64d04e4b4f 100644
--- a/modules/beta-private-cluster/cluster.tf
+++ b/modules/beta-private-cluster/cluster.tf
@@ -147,6 +147,11 @@ resource "google_container_cluster" "primary" {
}
}
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.cluster_autoscaling, "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.cluster_autoscaling, "enable_integrity_monitoring", true)
+ }
+
min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "")
image_type = lookup(var.cluster_autoscaling, "image_type", "COS_CONTAINERD")
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
index 8bf7babcb8..da51f48691 100644
--- a/modules/beta-private-cluster/variables.tf
+++ b/modules/beta-private-cluster/variables.tf
@@ -239,39 +239,43 @@ variable "enable_resource_consumption_export" {
variable "cluster_autoscaling" {
type = object({
- enabled = bool
- autoscaling_profile = string
- min_cpu_cores = number
- max_cpu_cores = number
- min_memory_gb = number
- max_memory_gb = number
- gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
- auto_repair = bool
- auto_upgrade = bool
- disk_size = optional(number)
- disk_type = optional(string)
- image_type = optional(string)
- strategy = optional(string)
- max_surge = optional(number)
- max_unavailable = optional(number)
- node_pool_soak_duration = optional(string)
- batch_soak_duration = optional(string)
- batch_percentage = optional(number)
- batch_node_count = optional(number)
+ enabled = bool
+ autoscaling_profile = string
+ min_cpu_cores = number
+ max_cpu_cores = number
+ min_memory_gb = number
+ max_memory_gb = number
+ gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
+ auto_repair = bool
+ auto_upgrade = bool
+ disk_size = optional(number)
+ disk_type = optional(string)
+ image_type = optional(string)
+ strategy = optional(string)
+ max_surge = optional(number)
+ max_unavailable = optional(number)
+ node_pool_soak_duration = optional(string)
+ batch_soak_duration = optional(string)
+ batch_percentage = optional(number)
+ batch_node_count = optional(number)
+ enable_secure_boot = optional(bool, false)
+ enable_integrity_monitoring = optional(bool, true)
})
default = {
- enabled = false
- autoscaling_profile = "BALANCED"
- max_cpu_cores = 0
- min_cpu_cores = 0
- max_memory_gb = 0
- min_memory_gb = 0
- gpu_resources = []
- auto_repair = true
- auto_upgrade = true
- disk_size = 100
- disk_type = "pd-standard"
- image_type = "COS_CONTAINERD"
+ enabled = false
+ autoscaling_profile = "BALANCED"
+ max_cpu_cores = 0
+ min_cpu_cores = 0
+ max_memory_gb = 0
+ min_memory_gb = 0
+ gpu_resources = []
+ auto_repair = true
+ auto_upgrade = true
+ disk_size = 100
+ disk_type = "pd-standard"
+ image_type = "COS_CONTAINERD"
+ enable_secure_boot = false
+ enable_integrity_monitoring = true
}
description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
}
diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
index 41180a77c4..07279278f5 100644
--- a/modules/beta-public-cluster-update-variant/README.md
+++ b/modules/beta-public-cluster-update-variant/README.md
@@ -171,7 +171,7 @@ Then perform the following commands on the root folder:
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
| cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no |
-| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
image_type = optional(string)
strategy = optional(string)
max_surge = optional(number)
max_unavailable = optional(number)
node_pool_soak_duration = optional(string)
batch_soak_duration = optional(string)
batch_percentage = optional(number)
batch_node_count = optional(number)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"image_type": "COS_CONTAINERD",
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
+| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
image_type = optional(string)
strategy = optional(string)
max_surge = optional(number)
max_unavailable = optional(number)
node_pool_soak_duration = optional(string)
batch_soak_duration = optional(string)
batch_percentage = optional(number)
batch_node_count = optional(number)
enable_secure_boot = optional(bool, false)
enable_integrity_monitoring = optional(bool, true)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"image_type": "COS_CONTAINERD",
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no |
| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no |
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
index 8a2f762cfb..15dbbe5c2f 100644
--- a/modules/beta-public-cluster-update-variant/cluster.tf
+++ b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -147,6 +147,11 @@ resource "google_container_cluster" "primary" {
}
}
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.cluster_autoscaling, "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.cluster_autoscaling, "enable_integrity_monitoring", true)
+ }
+
min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "")
image_type = lookup(var.cluster_autoscaling, "image_type", "COS_CONTAINERD")
diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf
index 2a5f4eaa61..cc0ae40e23 100644
--- a/modules/beta-public-cluster-update-variant/variables.tf
+++ b/modules/beta-public-cluster-update-variant/variables.tf
@@ -239,39 +239,43 @@ variable "enable_resource_consumption_export" {
variable "cluster_autoscaling" {
type = object({
- enabled = bool
- autoscaling_profile = string
- min_cpu_cores = number
- max_cpu_cores = number
- min_memory_gb = number
- max_memory_gb = number
- gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
- auto_repair = bool
- auto_upgrade = bool
- disk_size = optional(number)
- disk_type = optional(string)
- image_type = optional(string)
- strategy = optional(string)
- max_surge = optional(number)
- max_unavailable = optional(number)
- node_pool_soak_duration = optional(string)
- batch_soak_duration = optional(string)
- batch_percentage = optional(number)
- batch_node_count = optional(number)
+ enabled = bool
+ autoscaling_profile = string
+ min_cpu_cores = number
+ max_cpu_cores = number
+ min_memory_gb = number
+ max_memory_gb = number
+ gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
+ auto_repair = bool
+ auto_upgrade = bool
+ disk_size = optional(number)
+ disk_type = optional(string)
+ image_type = optional(string)
+ strategy = optional(string)
+ max_surge = optional(number)
+ max_unavailable = optional(number)
+ node_pool_soak_duration = optional(string)
+ batch_soak_duration = optional(string)
+ batch_percentage = optional(number)
+ batch_node_count = optional(number)
+ enable_secure_boot = optional(bool, false)
+ enable_integrity_monitoring = optional(bool, true)
})
default = {
- enabled = false
- autoscaling_profile = "BALANCED"
- max_cpu_cores = 0
- min_cpu_cores = 0
- max_memory_gb = 0
- min_memory_gb = 0
- gpu_resources = []
- auto_repair = true
- auto_upgrade = true
- disk_size = 100
- disk_type = "pd-standard"
- image_type = "COS_CONTAINERD"
+ enabled = false
+ autoscaling_profile = "BALANCED"
+ max_cpu_cores = 0
+ min_cpu_cores = 0
+ max_memory_gb = 0
+ min_memory_gb = 0
+ gpu_resources = []
+ auto_repair = true
+ auto_upgrade = true
+ disk_size = 100
+ disk_type = "pd-standard"
+ image_type = "COS_CONTAINERD"
+ enable_secure_boot = false
+ enable_integrity_monitoring = true
}
description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
}
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
index d01edfc474..e57dbe6ec5 100644
--- a/modules/beta-public-cluster/README.md
+++ b/modules/beta-public-cluster/README.md
@@ -149,7 +149,7 @@ Then perform the following commands on the root folder:
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
| cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no |
-| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
image_type = optional(string)
strategy = optional(string)
max_surge = optional(number)
max_unavailable = optional(number)
node_pool_soak_duration = optional(string)
batch_soak_duration = optional(string)
batch_percentage = optional(number)
batch_node_count = optional(number)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"image_type": "COS_CONTAINERD",
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
+| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
image_type = optional(string)
strategy = optional(string)
max_surge = optional(number)
max_unavailable = optional(number)
node_pool_soak_duration = optional(string)
batch_soak_duration = optional(string)
batch_percentage = optional(number)
batch_node_count = optional(number)
enable_secure_boot = optional(bool, false)
enable_integrity_monitoring = optional(bool, true)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"image_type": "COS_CONTAINERD",
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no |
| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no |
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
index 24d2e4b9a2..9b81443a80 100644
--- a/modules/beta-public-cluster/cluster.tf
+++ b/modules/beta-public-cluster/cluster.tf
@@ -147,6 +147,11 @@ resource "google_container_cluster" "primary" {
}
}
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.cluster_autoscaling, "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.cluster_autoscaling, "enable_integrity_monitoring", true)
+ }
+
min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "")
image_type = lookup(var.cluster_autoscaling, "image_type", "COS_CONTAINERD")
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
index 2a5f4eaa61..cc0ae40e23 100644
--- a/modules/beta-public-cluster/variables.tf
+++ b/modules/beta-public-cluster/variables.tf
@@ -239,39 +239,43 @@ variable "enable_resource_consumption_export" {
variable "cluster_autoscaling" {
type = object({
- enabled = bool
- autoscaling_profile = string
- min_cpu_cores = number
- max_cpu_cores = number
- min_memory_gb = number
- max_memory_gb = number
- gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
- auto_repair = bool
- auto_upgrade = bool
- disk_size = optional(number)
- disk_type = optional(string)
- image_type = optional(string)
- strategy = optional(string)
- max_surge = optional(number)
- max_unavailable = optional(number)
- node_pool_soak_duration = optional(string)
- batch_soak_duration = optional(string)
- batch_percentage = optional(number)
- batch_node_count = optional(number)
+ enabled = bool
+ autoscaling_profile = string
+ min_cpu_cores = number
+ max_cpu_cores = number
+ min_memory_gb = number
+ max_memory_gb = number
+ gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
+ auto_repair = bool
+ auto_upgrade = bool
+ disk_size = optional(number)
+ disk_type = optional(string)
+ image_type = optional(string)
+ strategy = optional(string)
+ max_surge = optional(number)
+ max_unavailable = optional(number)
+ node_pool_soak_duration = optional(string)
+ batch_soak_duration = optional(string)
+ batch_percentage = optional(number)
+ batch_node_count = optional(number)
+ enable_secure_boot = optional(bool, false)
+ enable_integrity_monitoring = optional(bool, true)
})
default = {
- enabled = false
- autoscaling_profile = "BALANCED"
- max_cpu_cores = 0
- min_cpu_cores = 0
- max_memory_gb = 0
- min_memory_gb = 0
- gpu_resources = []
- auto_repair = true
- auto_upgrade = true
- disk_size = 100
- disk_type = "pd-standard"
- image_type = "COS_CONTAINERD"
+ enabled = false
+ autoscaling_profile = "BALANCED"
+ max_cpu_cores = 0
+ min_cpu_cores = 0
+ max_memory_gb = 0
+ min_memory_gb = 0
+ gpu_resources = []
+ auto_repair = true
+ auto_upgrade = true
+ disk_size = 100
+ disk_type = "pd-standard"
+ image_type = "COS_CONTAINERD"
+ enable_secure_boot = false
+ enable_integrity_monitoring = true
}
description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
}
diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md
index 28f9887ab6..ffcab6b500 100644
--- a/modules/private-cluster-update-variant/README.md
+++ b/modules/private-cluster-update-variant/README.md
@@ -172,7 +172,7 @@ Then perform the following commands on the root folder:
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
-| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
image_type = optional(string)
strategy = optional(string)
max_surge = optional(number)
max_unavailable = optional(number)
node_pool_soak_duration = optional(string)
batch_soak_duration = optional(string)
batch_percentage = optional(number)
batch_node_count = optional(number)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"image_type": "COS_CONTAINERD",
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
+| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
image_type = optional(string)
strategy = optional(string)
max_surge = optional(number)
max_unavailable = optional(number)
node_pool_soak_duration = optional(string)
batch_soak_duration = optional(string)
batch_percentage = optional(number)
batch_node_count = optional(number)
enable_secure_boot = optional(bool, false)
enable_integrity_monitoring = optional(bool, true)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"image_type": "COS_CONTAINERD",
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no |
| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no |
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
index 6b488c7ed3..03c3082bb4 100644
--- a/modules/private-cluster-update-variant/cluster.tf
+++ b/modules/private-cluster-update-variant/cluster.tf
@@ -141,6 +141,11 @@ resource "google_container_cluster" "primary" {
}
}
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.cluster_autoscaling, "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.cluster_autoscaling, "enable_integrity_monitoring", true)
+ }
+
image_type = lookup(var.cluster_autoscaling, "image_type", "COS_CONTAINERD")
}
diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf
index 3ea48cbfd0..85b100dbb3 100644
--- a/modules/private-cluster-update-variant/variables.tf
+++ b/modules/private-cluster-update-variant/variables.tf
@@ -239,39 +239,43 @@ variable "enable_resource_consumption_export" {
variable "cluster_autoscaling" {
type = object({
- enabled = bool
- autoscaling_profile = string
- min_cpu_cores = number
- max_cpu_cores = number
- min_memory_gb = number
- max_memory_gb = number
- gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
- auto_repair = bool
- auto_upgrade = bool
- disk_size = optional(number)
- disk_type = optional(string)
- image_type = optional(string)
- strategy = optional(string)
- max_surge = optional(number)
- max_unavailable = optional(number)
- node_pool_soak_duration = optional(string)
- batch_soak_duration = optional(string)
- batch_percentage = optional(number)
- batch_node_count = optional(number)
+ enabled = bool
+ autoscaling_profile = string
+ min_cpu_cores = number
+ max_cpu_cores = number
+ min_memory_gb = number
+ max_memory_gb = number
+ gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
+ auto_repair = bool
+ auto_upgrade = bool
+ disk_size = optional(number)
+ disk_type = optional(string)
+ image_type = optional(string)
+ strategy = optional(string)
+ max_surge = optional(number)
+ max_unavailable = optional(number)
+ node_pool_soak_duration = optional(string)
+ batch_soak_duration = optional(string)
+ batch_percentage = optional(number)
+ batch_node_count = optional(number)
+ enable_secure_boot = optional(bool, false)
+ enable_integrity_monitoring = optional(bool, true)
})
default = {
- enabled = false
- autoscaling_profile = "BALANCED"
- max_cpu_cores = 0
- min_cpu_cores = 0
- max_memory_gb = 0
- min_memory_gb = 0
- gpu_resources = []
- auto_repair = true
- auto_upgrade = true
- disk_size = 100
- disk_type = "pd-standard"
- image_type = "COS_CONTAINERD"
+ enabled = false
+ autoscaling_profile = "BALANCED"
+ max_cpu_cores = 0
+ min_cpu_cores = 0
+ max_memory_gb = 0
+ min_memory_gb = 0
+ gpu_resources = []
+ auto_repair = true
+ auto_upgrade = true
+ disk_size = 100
+ disk_type = "pd-standard"
+ image_type = "COS_CONTAINERD"
+ enable_secure_boot = false
+ enable_integrity_monitoring = true
}
description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
}
diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md
index 24bd4d42b8..053b9feb87 100644
--- a/modules/private-cluster/README.md
+++ b/modules/private-cluster/README.md
@@ -150,7 +150,7 @@ Then perform the following commands on the root folder:
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
-| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
image_type = optional(string)
strategy = optional(string)
max_surge = optional(number)
max_unavailable = optional(number)
node_pool_soak_duration = optional(string)
batch_soak_duration = optional(string)
batch_percentage = optional(number)
batch_node_count = optional(number)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"image_type": "COS_CONTAINERD",
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
+| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
image_type = optional(string)
strategy = optional(string)
max_surge = optional(number)
max_unavailable = optional(number)
node_pool_soak_duration = optional(string)
batch_soak_duration = optional(string)
batch_percentage = optional(number)
batch_node_count = optional(number)
enable_secure_boot = optional(bool, false)
enable_integrity_monitoring = optional(bool, true)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"image_type": "COS_CONTAINERD",
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no |
| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no |
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
index 511a2f6159..21edac9a01 100644
--- a/modules/private-cluster/cluster.tf
+++ b/modules/private-cluster/cluster.tf
@@ -141,6 +141,11 @@ resource "google_container_cluster" "primary" {
}
}
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.cluster_autoscaling, "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.cluster_autoscaling, "enable_integrity_monitoring", true)
+ }
+
image_type = lookup(var.cluster_autoscaling, "image_type", "COS_CONTAINERD")
}
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
index 3ea48cbfd0..85b100dbb3 100644
--- a/modules/private-cluster/variables.tf
+++ b/modules/private-cluster/variables.tf
@@ -239,39 +239,43 @@ variable "enable_resource_consumption_export" {
variable "cluster_autoscaling" {
type = object({
- enabled = bool
- autoscaling_profile = string
- min_cpu_cores = number
- max_cpu_cores = number
- min_memory_gb = number
- max_memory_gb = number
- gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
- auto_repair = bool
- auto_upgrade = bool
- disk_size = optional(number)
- disk_type = optional(string)
- image_type = optional(string)
- strategy = optional(string)
- max_surge = optional(number)
- max_unavailable = optional(number)
- node_pool_soak_duration = optional(string)
- batch_soak_duration = optional(string)
- batch_percentage = optional(number)
- batch_node_count = optional(number)
+ enabled = bool
+ autoscaling_profile = string
+ min_cpu_cores = number
+ max_cpu_cores = number
+ min_memory_gb = number
+ max_memory_gb = number
+ gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
+ auto_repair = bool
+ auto_upgrade = bool
+ disk_size = optional(number)
+ disk_type = optional(string)
+ image_type = optional(string)
+ strategy = optional(string)
+ max_surge = optional(number)
+ max_unavailable = optional(number)
+ node_pool_soak_duration = optional(string)
+ batch_soak_duration = optional(string)
+ batch_percentage = optional(number)
+ batch_node_count = optional(number)
+ enable_secure_boot = optional(bool, false)
+ enable_integrity_monitoring = optional(bool, true)
})
default = {
- enabled = false
- autoscaling_profile = "BALANCED"
- max_cpu_cores = 0
- min_cpu_cores = 0
- max_memory_gb = 0
- min_memory_gb = 0
- gpu_resources = []
- auto_repair = true
- auto_upgrade = true
- disk_size = 100
- disk_type = "pd-standard"
- image_type = "COS_CONTAINERD"
+ enabled = false
+ autoscaling_profile = "BALANCED"
+ max_cpu_cores = 0
+ min_cpu_cores = 0
+ max_memory_gb = 0
+ min_memory_gb = 0
+ gpu_resources = []
+ auto_repair = true
+ auto_upgrade = true
+ disk_size = 100
+ disk_type = "pd-standard"
+ image_type = "COS_CONTAINERD"
+ enable_secure_boot = false
+ enable_integrity_monitoring = true
}
description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
}
diff --git a/test/integration/disable_client_cert/testdata/TestDisableClientCert.json b/test/integration/disable_client_cert/testdata/TestDisableClientCert.json
index d10f0d2945..235c0a8b8b 100755
--- a/test/integration/disable_client_cert/testdata/TestDisableClientCert.json
+++ b/test/integration/disable_client_cert/testdata/TestDisableClientCert.json
@@ -27,6 +27,7 @@
"currentNodeCount": 3,
"currentNodeVersion": "1.24.7-gke.900",
"databaseEncryption": {
+ "currentState": "CURRENT_STATE_DECRYPTED",
"state": "DECRYPTED"
},
"defaultMaxPodsConstraint": {
diff --git a/test/integration/go.mod b/test/integration/go.mod
index 66e00997e6..22c3f33686 100644
--- a/test/integration/go.mod
+++ b/test/integration/go.mod
@@ -1,11 +1,11 @@
module github.com/terraform-google-modules/terraform-google-kubernetes-engine/test/integration
-go 1.21
+go 1.22
-toolchain go1.22.3
+toolchain go1.22.4
require (
- github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.15.0
+ github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.15.1
github.com/gruntwork-io/terratest v0.46.15
github.com/stretchr/testify v1.9.0
github.com/tidwall/gjson v1.17.1
@@ -109,7 +109,7 @@ require (
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
- sigs.k8s.io/kustomize/kyaml v0.17.0 // indirect
+ sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)
diff --git a/test/integration/go.sum b/test/integration/go.sum
index ff32902444..86bcb3a020 100644
--- a/test/integration/go.sum
+++ b/test/integration/go.sum
@@ -187,8 +187,8 @@ cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoIS
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.15.0 h1:zT+PND04OQ96kmnQorLFtuY4Ny3KZ4fqxdy9faxMS6A=
-github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.15.0/go.mod h1:Srfs5phdVU1kwoRWedu4hngTkwN3OILEWgUgE+IVp6s=
+github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.15.1 h1:c1tEK/Ma0NstqqkjS1tCClrFxIX1cNLdrM5cB03Sv24=
+github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.15.1/go.mod h1:bssUTs81Q0xIUg/dYT8/8fqEXOVB8GQVyngw9U79EN4=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
@@ -1080,8 +1080,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/kustomize/kyaml v0.17.0 h1:G2bWs03V9Ur2PinHLzTUJ8Ded+30SzXZKiO92SRDs3c=
-sigs.k8s.io/kustomize/kyaml v0.17.0/go.mod h1:6lxkYF1Cv9Ic8g/N7I86cvxNc5iinUo/P2vKsHNmpyE=
+sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ=
+sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U=
sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
diff --git a/test/integration/private_zonal_with_networking/testdata/TestPrivateZonalWithNetworking.json b/test/integration/private_zonal_with_networking/testdata/TestPrivateZonalWithNetworking.json
index 51f49e2285..c6bdd3f7cb 100755
--- a/test/integration/private_zonal_with_networking/testdata/TestPrivateZonalWithNetworking.json
+++ b/test/integration/private_zonal_with_networking/testdata/TestPrivateZonalWithNetworking.json
@@ -27,6 +27,7 @@
"currentNodeCount": 1,
"currentNodeVersion": "1.24.7-gke.900",
"databaseEncryption": {
+ "currentState": "CURRENT_STATE_DECRYPTED",
"state": "DECRYPTED"
},
"defaultMaxPodsConstraint": {
diff --git a/test/integration/safer_cluster/testdata/TestSaferCluster.json b/test/integration/safer_cluster/testdata/TestSaferCluster.json
index cb1bdb3674..e2836b34c7 100755
--- a/test/integration/safer_cluster/testdata/TestSaferCluster.json
+++ b/test/integration/safer_cluster/testdata/TestSaferCluster.json
@@ -29,6 +29,7 @@
"currentNodeCount": 3,
"currentNodeVersion": "1.23.14-gke.401",
"databaseEncryption": {
+ "currentState": "CURRENT_STATE_DECRYPTED",
"state": "DECRYPTED"
},
"defaultMaxPodsConstraint": {
diff --git a/test/integration/sandbox_enabled/testdata/TestSandboxEnabled.json b/test/integration/sandbox_enabled/testdata/TestSandboxEnabled.json
index cb2ffe680c..6ba2bb70cb 100755
--- a/test/integration/sandbox_enabled/testdata/TestSandboxEnabled.json
+++ b/test/integration/sandbox_enabled/testdata/TestSandboxEnabled.json
@@ -25,6 +25,7 @@
"currentNodeCount": 3,
"currentNodeVersion": "1.24.7-gke.900",
"databaseEncryption": {
+ "currentState": "CURRENT_STATE_DECRYPTED",
"state": "DECRYPTED"
},
"defaultMaxPodsConstraint": {
diff --git a/test/integration/simple_autopilot_private/testdata/TestSimpleAutopilotPrivate.json b/test/integration/simple_autopilot_private/testdata/TestSimpleAutopilotPrivate.json
index 997ba9b5e5..62103f7ee9 100644
--- a/test/integration/simple_autopilot_private/testdata/TestSimpleAutopilotPrivate.json
+++ b/test/integration/simple_autopilot_private/testdata/TestSimpleAutopilotPrivate.json
@@ -70,6 +70,7 @@
"currentNodeCount": 2,
"currentNodeVersion": "1.24.7-gke.900",
"databaseEncryption": {
+ "currentState": "CURRENT_STATE_DECRYPTED",
"state": "DECRYPTED"
},
"defaultMaxPodsConstraint": {
diff --git a/test/integration/simple_autopilot_public/testdata/TestSimpleAutopilotPublic.json b/test/integration/simple_autopilot_public/testdata/TestSimpleAutopilotPublic.json
index 0e92769fe6..d014c325dc 100644
--- a/test/integration/simple_autopilot_public/testdata/TestSimpleAutopilotPublic.json
+++ b/test/integration/simple_autopilot_public/testdata/TestSimpleAutopilotPublic.json
@@ -70,6 +70,7 @@
"currentNodeCount": 2,
"currentNodeVersion": "1.24.7-gke.900",
"databaseEncryption": {
+ "currentState": "CURRENT_STATE_DECRYPTED",
"state": "DECRYPTED"
},
"defaultMaxPodsConstraint": {
diff --git a/test/integration/simple_regional/testdata/TestSimpleRegional.json b/test/integration/simple_regional/testdata/TestSimpleRegional.json
index 85c8e55db7..16d6297fdc 100644
--- a/test/integration/simple_regional/testdata/TestSimpleRegional.json
+++ b/test/integration/simple_regional/testdata/TestSimpleRegional.json
@@ -38,6 +38,7 @@
"currentNodeCount": 3,
"currentNodeVersion": "1.27.3-gke.100",
"databaseEncryption": {
+ "currentState": "CURRENT_STATE_DECRYPTED",
"state": "DECRYPTED"
},
"defaultMaxPodsConstraint": {
diff --git a/test/integration/simple_regional_private/testdata/TestSimpleRegionalPrivate.json b/test/integration/simple_regional_private/testdata/TestSimpleRegionalPrivate.json
index 295ae578f7..4c9fbcd32b 100644
--- a/test/integration/simple_regional_private/testdata/TestSimpleRegionalPrivate.json
+++ b/test/integration/simple_regional_private/testdata/TestSimpleRegionalPrivate.json
@@ -25,6 +25,7 @@
"currentNodeCount": 3,
"currentNodeVersion": "1.25.4-gke.2100",
"databaseEncryption": {
+ "currentState": "CURRENT_STATE_DECRYPTED",
"state": "DECRYPTED"
},
"defaultMaxPodsConstraint": {
diff --git a/test/integration/simple_regional_with_gateway_api/controls/gcloud.rb b/test/integration/simple_regional_with_gateway_api/controls/gcloud.rb
index 14722175bd..631eae3d2a 100644
--- a/test/integration/simple_regional_with_gateway_api/controls/gcloud.rb
+++ b/test/integration/simple_regional_with_gateway_api/controls/gcloud.rb
@@ -66,7 +66,7 @@
end
it "has the expected databaseEncryption config" do
- expect(data['databaseEncryption']).to eq({
+ expect(data['databaseEncryption']).to include({
"state" => 'DECRYPTED',
})
end
diff --git a/test/integration/simple_regional_with_ipv6/controls/gcloud.rb b/test/integration/simple_regional_with_ipv6/controls/gcloud.rb
index 6b3e65e3ce..0080ed5c14 100644
--- a/test/integration/simple_regional_with_ipv6/controls/gcloud.rb
+++ b/test/integration/simple_regional_with_ipv6/controls/gcloud.rb
@@ -64,7 +64,7 @@
end
it "has the expected databaseEncryption config" do
- expect(data['databaseEncryption']).to eq({
+ expect(data['databaseEncryption']).to include({
"state" => 'DECRYPTED',
})
end
diff --git a/test/integration/simple_regional_with_kubeconfig/testdata/TestSimpleRegionalWithKubeConfig.json b/test/integration/simple_regional_with_kubeconfig/testdata/TestSimpleRegionalWithKubeConfig.json
index 33e3de8c05..216876af9f 100644
--- a/test/integration/simple_regional_with_kubeconfig/testdata/TestSimpleRegionalWithKubeConfig.json
+++ b/test/integration/simple_regional_with_kubeconfig/testdata/TestSimpleRegionalWithKubeConfig.json
@@ -25,6 +25,7 @@
"currentNodeCount": 3,
"currentNodeVersion": "1.25.5-gke.1500",
"databaseEncryption": {
+ "currentState": "CURRENT_STATE_DECRYPTED",
"state": "DECRYPTED"
},
"defaultMaxPodsConstraint": {
diff --git a/test/integration/simple_regional_with_networking/testdata/TestSimpleRegionalWithNetworking.json b/test/integration/simple_regional_with_networking/testdata/TestSimpleRegionalWithNetworking.json
index 5c2b2478f4..82160d884e 100644
--- a/test/integration/simple_regional_with_networking/testdata/TestSimpleRegionalWithNetworking.json
+++ b/test/integration/simple_regional_with_networking/testdata/TestSimpleRegionalWithNetworking.json
@@ -25,6 +25,7 @@
"currentNodeCount": 3,
"currentNodeVersion": "1.25.5-gke.1500",
"databaseEncryption": {
+ "currentState": "CURRENT_STATE_DECRYPTED",
"state": "DECRYPTED"
},
"defaultMaxPodsConstraint": {
diff --git a/test/integration/simple_windows_node_pool/testdata/TestSimpleWindowsNodePool.json b/test/integration/simple_windows_node_pool/testdata/TestSimpleWindowsNodePool.json
index d5569ab489..b1cb9ae910 100644
--- a/test/integration/simple_windows_node_pool/testdata/TestSimpleWindowsNodePool.json
+++ b/test/integration/simple_windows_node_pool/testdata/TestSimpleWindowsNodePool.json
@@ -35,6 +35,7 @@
"currentNodeCount": 2,
"currentNodeVersion": "1.24.7-gke.900",
"databaseEncryption": {
+ "currentState": "CURRENT_STATE_DECRYPTED",
"state": "DECRYPTED"
},
"defaultMaxPodsConstraint": {
diff --git a/test/integration/simple_zonal/testdata/TestSimpleZonal.json b/test/integration/simple_zonal/testdata/TestSimpleZonal.json
index 5d1987285b..79b4b79a8b 100644
--- a/test/integration/simple_zonal/testdata/TestSimpleZonal.json
+++ b/test/integration/simple_zonal/testdata/TestSimpleZonal.json
@@ -26,6 +26,7 @@
"currentNodeCount": 4,
"currentNodeVersion": "1.25.6-gke.1000",
"databaseEncryption": {
+ "currentState": "CURRENT_STATE_DECRYPTED",
"state": "DECRYPTED"
},
"defaultMaxPodsConstraint": {
diff --git a/test/integration/simple_zonal_private/testdata/TestSimpleZonalPrivate.json b/test/integration/simple_zonal_private/testdata/TestSimpleZonalPrivate.json
index 0172ee91fd..c0f5e13070 100644
--- a/test/integration/simple_zonal_private/testdata/TestSimpleZonalPrivate.json
+++ b/test/integration/simple_zonal_private/testdata/TestSimpleZonalPrivate.json
@@ -25,6 +25,7 @@
"currentNodeCount": 1,
"currentNodeVersion": "1.25.5-gke.1500",
"databaseEncryption": {
+ "currentState": "CURRENT_STATE_DECRYPTED",
"state": "DECRYPTED"
},
"defaultMaxPodsConstraint": {
diff --git a/variables.tf b/variables.tf
index c6bf98689b..eef896bf04 100644
--- a/variables.tf
+++ b/variables.tf
@@ -239,39 +239,43 @@ variable "enable_resource_consumption_export" {
variable "cluster_autoscaling" {
type = object({
- enabled = bool
- autoscaling_profile = string
- min_cpu_cores = number
- max_cpu_cores = number
- min_memory_gb = number
- max_memory_gb = number
- gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
- auto_repair = bool
- auto_upgrade = bool
- disk_size = optional(number)
- disk_type = optional(string)
- image_type = optional(string)
- strategy = optional(string)
- max_surge = optional(number)
- max_unavailable = optional(number)
- node_pool_soak_duration = optional(string)
- batch_soak_duration = optional(string)
- batch_percentage = optional(number)
- batch_node_count = optional(number)
+ enabled = bool
+ autoscaling_profile = string
+ min_cpu_cores = number
+ max_cpu_cores = number
+ min_memory_gb = number
+ max_memory_gb = number
+ gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
+ auto_repair = bool
+ auto_upgrade = bool
+ disk_size = optional(number)
+ disk_type = optional(string)
+ image_type = optional(string)
+ strategy = optional(string)
+ max_surge = optional(number)
+ max_unavailable = optional(number)
+ node_pool_soak_duration = optional(string)
+ batch_soak_duration = optional(string)
+ batch_percentage = optional(number)
+ batch_node_count = optional(number)
+ enable_secure_boot = optional(bool, false)
+ enable_integrity_monitoring = optional(bool, true)
})
default = {
- enabled = false
- autoscaling_profile = "BALANCED"
- max_cpu_cores = 0
- min_cpu_cores = 0
- max_memory_gb = 0
- min_memory_gb = 0
- gpu_resources = []
- auto_repair = true
- auto_upgrade = true
- disk_size = 100
- disk_type = "pd-standard"
- image_type = "COS_CONTAINERD"
+ enabled = false
+ autoscaling_profile = "BALANCED"
+ max_cpu_cores = 0
+ min_cpu_cores = 0
+ max_memory_gb = 0
+ min_memory_gb = 0
+ gpu_resources = []
+ auto_repair = true
+ auto_upgrade = true
+ disk_size = 100
+ disk_type = "pd-standard"
+ image_type = "COS_CONTAINERD"
+ enable_secure_boot = false
+ enable_integrity_monitoring = true
}
description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
}