From cb1110e7844b9e68a4a92925d0ccd6e48afb4e12 Mon Sep 17 00:00:00 2001 From: Amine Laabi Date: Tue, 12 Mar 2024 14:57:15 +0100 Subject: [PATCH] feat: add gke event filtering for notification in kubernetes engine module (#1840) --- README.md | 1 + autogen/main/cluster.tf.tmpl | 3 +++ autogen/main/variables.tf.tmpl | 6 ++++++ cluster.tf | 3 +++ modules/beta-autopilot-private-cluster/README.md | 1 + modules/beta-autopilot-private-cluster/cluster.tf | 3 +++ modules/beta-autopilot-private-cluster/variables.tf | 6 ++++++ modules/beta-autopilot-public-cluster/README.md | 1 + modules/beta-autopilot-public-cluster/cluster.tf | 3 +++ modules/beta-autopilot-public-cluster/variables.tf | 6 ++++++ modules/beta-private-cluster-update-variant/README.md | 1 + modules/beta-private-cluster-update-variant/cluster.tf | 3 +++ modules/beta-private-cluster-update-variant/variables.tf | 6 ++++++ modules/beta-private-cluster/README.md | 1 + modules/beta-private-cluster/cluster.tf | 3 +++ modules/beta-private-cluster/variables.tf | 6 ++++++ modules/beta-public-cluster-update-variant/README.md | 1 + modules/beta-public-cluster-update-variant/cluster.tf | 3 +++ modules/beta-public-cluster-update-variant/variables.tf | 6 ++++++ modules/beta-public-cluster/README.md | 1 + modules/beta-public-cluster/cluster.tf | 3 +++ modules/beta-public-cluster/variables.tf | 6 ++++++ modules/private-cluster-update-variant/README.md | 1 + modules/private-cluster-update-variant/cluster.tf | 3 +++ modules/private-cluster-update-variant/variables.tf | 6 ++++++ modules/private-cluster/README.md | 1 + modules/private-cluster/cluster.tf | 3 +++ modules/private-cluster/variables.tf | 6 ++++++ variables.tf | 6 ++++++ 29 files changed, 99 insertions(+) diff --git a/README.md b/README.md index f78a2470e1..91ee510acc 100644 --- a/README.md +++ b/README.md @@ -222,6 +222,7 @@ Then perform the following commands on the root folder: | node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` |
{
"all": [],
"default-node-pool": []
}
| no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` |
[
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
| no | | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | +| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 5d5b5a6bcc..d7fd05e8ad 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -628,6 +628,9 @@ resource "google_container_cluster" "primary" { pubsub { enabled = var.notification_config_topic != "" ? true : false topic = var.notification_config_topic + filter { + event_type = var.notification_filter_event_type + } } } {% if beta_cluster and autopilot_cluster != true %} diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index c429de7f35..ad9e3f1f1f 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -625,6 +625,12 @@ variable "notification_config_topic" { default = "" } +variable "notification_filter_event_type" { + type = list(string) + description = "Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT, and SECURITY_BULLETIN_EVENT." + default = [] +} + variable "deletion_protection" { type = bool description = "Whether or not to allow Terraform to destroy the cluster." diff --git a/cluster.tf b/cluster.tf index 1bdf843645..bfc44ff3d9 100644 --- a/cluster.tf +++ b/cluster.tf @@ -465,6 +465,9 @@ resource "google_container_cluster" "primary" { pubsub { enabled = var.notification_config_topic != "" ? true : false topic = var.notification_config_topic + filter { + event_type = var.notification_filter_event_type + } } } } diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 71a415fa3c..ab7c564231 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -130,6 +130,7 @@ Then perform the following commands on the root folder: | network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` |
[
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
| no | | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | +| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 331ce7b1a9..23d2bf5580 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -296,6 +296,9 @@ resource "google_container_cluster" "primary" { pubsub { enabled = var.notification_config_topic != "" ? true : false topic = var.notification_config_topic + filter { + event_type = var.notification_filter_event_type + } } } diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 017f13766e..88cadf8abf 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -430,6 +430,12 @@ variable "notification_config_topic" { default = "" } +variable "notification_filter_event_type" { + type = list(string) + description = "Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT, and SECURITY_BULLETIN_EVENT." + default = [] +} + variable "deletion_protection" { type = bool description = "Whether or not to allow Terraform to destroy the cluster." diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index d29fa7a7ae..52b472a7ac 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -119,6 +119,7 @@ Then perform the following commands on the root folder: | network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` |
[
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
| no | | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | +| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 57b9288fcf..0adee5d37d 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -277,6 +277,9 @@ resource "google_container_cluster" "primary" { pubsub { enabled = var.notification_config_topic != "" ? true : false topic = var.notification_config_topic + filter { + event_type = var.notification_filter_event_type + } } } diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index f73b556115..d5a2ad0cb8 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -400,6 +400,12 @@ variable "notification_config_topic" { default = "" } +variable "notification_filter_event_type" { + type = list(string) + description = "Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT, and SECURITY_BULLETIN_EVENT." + default = [] +} + variable "deletion_protection" { type = bool description = "Whether or not to allow Terraform to destroy the cluster." diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 7f0575c31d..5c823a11f8 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -270,6 +270,7 @@ Then perform the following commands on the root folder: | node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` |
{
"all": [],
"default-node-pool": []
}
| no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` |
[
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
| no | | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | +| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 630ccc6669..48e74f0c30 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -544,6 +544,9 @@ resource "google_container_cluster" "primary" { pubsub { enabled = var.notification_config_topic != "" ? true : false topic = var.notification_config_topic + filter { + event_type = var.notification_filter_event_type + } } } diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 1dc85ac867..6c0fa1aafa 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -599,6 +599,12 @@ variable "notification_config_topic" { default = "" } +variable "notification_filter_event_type" { + type = list(string) + description = "Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT, and SECURITY_BULLETIN_EVENT." + default = [] +} + variable "deletion_protection" { type = bool description = "Whether or not to allow Terraform to destroy the cluster." diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index e6faa6b955..b56788608b 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -248,6 +248,7 @@ Then perform the following commands on the root folder: | node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` |
{
"all": [],
"default-node-pool": []
}
| no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` |
[
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
| no | | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | +| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 88469dd152..1b7336df4d 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -544,6 +544,9 @@ resource "google_container_cluster" "primary" { pubsub { enabled = var.notification_config_topic != "" ? true : false topic = var.notification_config_topic + filter { + event_type = var.notification_filter_event_type + } } } diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 1dc85ac867..6c0fa1aafa 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -599,6 +599,12 @@ variable "notification_config_topic" { default = "" } +variable "notification_filter_event_type" { + type = list(string) + description = "Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT, and SECURITY_BULLETIN_EVENT." + default = [] +} + variable "deletion_protection" { type = bool description = "Whether or not to allow Terraform to destroy the cluster." diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 780d094616..666df46159 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -259,6 +259,7 @@ Then perform the following commands on the root folder: | node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` |
{
"all": [],
"default-node-pool": []
}
| no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` |
[
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
| no | | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | +| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 91608910c7..8bb60d0fa7 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -525,6 +525,9 @@ resource "google_container_cluster" "primary" { pubsub { enabled = var.notification_config_topic != "" ? true : false topic = var.notification_config_topic + filter { + event_type = var.notification_filter_event_type + } } } diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 6175048ab5..19b6d13654 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -569,6 +569,12 @@ variable "notification_config_topic" { default = "" } +variable "notification_filter_event_type" { + type = list(string) + description = "Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT, and SECURITY_BULLETIN_EVENT." + default = [] +} + variable "deletion_protection" { type = bool description = "Whether or not to allow Terraform to destroy the cluster." diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 4fc82a77dc..7c23ef23de 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -237,6 +237,7 @@ Then perform the following commands on the root folder: | node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` |
{
"all": [],
"default-node-pool": []
}
| no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` |
[
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
| no | | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | +| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 102b17e3da..01c2c88f00 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -525,6 +525,9 @@ resource "google_container_cluster" "primary" { pubsub { enabled = var.notification_config_topic != "" ? true : false topic = var.notification_config_topic + filter { + event_type = var.notification_filter_event_type + } } } diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 6175048ab5..19b6d13654 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -569,6 +569,12 @@ variable "notification_config_topic" { default = "" } +variable "notification_filter_event_type" { + type = list(string) + description = "Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT, and SECURITY_BULLETIN_EVENT." + default = [] +} + variable "deletion_protection" { type = bool description = "Whether or not to allow Terraform to destroy the cluster." diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 98d97d5a35..8b2eafc05a 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -255,6 +255,7 @@ Then perform the following commands on the root folder: | node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` |
{
"all": [],
"default-node-pool": []
}
| no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` |
[
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
| no | | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | +| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 2872a0649e..9bfdf0a00a 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -484,6 +484,9 @@ resource "google_container_cluster" "primary" { pubsub { enabled = var.notification_config_topic != "" ? true : false topic = var.notification_config_topic + filter { + event_type = var.notification_filter_event_type + } } } } diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 31e1435bce..26b97acc22 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -574,6 +574,12 @@ variable "notification_config_topic" { default = "" } +variable "notification_filter_event_type" { + type = list(string) + description = "Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT, and SECURITY_BULLETIN_EVENT." + default = [] +} + variable "deletion_protection" { type = bool description = "Whether or not to allow Terraform to destroy the cluster." diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 6ed41131d3..4fb6f586be 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -233,6 +233,7 @@ Then perform the following commands on the root folder: | node\_pools\_taints | Map of lists containing node taints by node-pool name | `map(list(object({ key = string, value = string, effect = string })))` |
{
"all": [],
"default-node-pool": []
}
| no | | non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` |
[
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
| no | | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | +| notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes | | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 4216d133d0..9c6b1f1585 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -484,6 +484,9 @@ resource "google_container_cluster" "primary" { pubsub { enabled = var.notification_config_topic != "" ? true : false topic = var.notification_config_topic + filter { + event_type = var.notification_filter_event_type + } } } } diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 31e1435bce..26b97acc22 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -574,6 +574,12 @@ variable "notification_config_topic" { default = "" } +variable "notification_filter_event_type" { + type = list(string) + description = "Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT, and SECURITY_BULLETIN_EVENT." + default = [] +} + variable "deletion_protection" { type = bool description = "Whether or not to allow Terraform to destroy the cluster." diff --git a/variables.tf b/variables.tf index 087a42b962..3af25f7cd7 100644 --- a/variables.tf +++ b/variables.tf @@ -544,6 +544,12 @@ variable "notification_config_topic" { default = "" } +variable "notification_filter_event_type" { + type = list(string) + description = "Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT, and SECURITY_BULLETIN_EVENT." + default = [] +} + variable "deletion_protection" { type = bool description = "Whether or not to allow Terraform to destroy the cluster."