diff --git a/modules/gke-cluster/README.md b/modules/gke-cluster/README.md
index dabead4fbf..df7f14ca6b 100644
--- a/modules/gke-cluster/README.md
+++ b/modules/gke-cluster/README.md
@@ -103,25 +103,25 @@ module "cluster-autopilot" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [location](variables.tf#L118) | Cluster zone or region. | string | ✓ | |
-| [name](variables.tf#L175) | Cluster name. | string | ✓ | |
-| [project_id](variables.tf#L201) | Cluster project id. | string | ✓ | |
-| [vpc_config](variables.tf#L218) | VPC-level configuration. | object({…}) | ✓ | |
+| [location](variables.tf#L119) | Cluster zone or region. | string | ✓ | |
+| [name](variables.tf#L176) | Cluster name. | string | ✓ | |
+| [project_id](variables.tf#L202) | Cluster project id. | string | ✓ | |
+| [vpc_config](variables.tf#L219) | VPC-level configuration. | object({…}) | ✓ | |
| [cluster_autoscaling](variables.tf#L17) | Enable and configure limits for Node Auto-Provisioning with Cluster Autoscaler. | object({…}) | | null |
| [description](variables.tf#L38) | Cluster description. | string | | null |
| [enable_addons](variables.tf#L44) | Addons enabled in the cluster (true means enabled). | object({…}) | | {…} |
-| [enable_features](variables.tf#L68) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {…} |
-| [issue_client_certificate](variables.tf#L106) | Enable issuing client certificate. | bool | | false |
-| [labels](variables.tf#L112) | Cluster resource labels. | map(string) | | null |
-| [logging_config](variables.tf#L123) | Logging configuration. | list(string) | | ["SYSTEM_COMPONENTS"] |
-| [maintenance_config](variables.tf#L129) | Maintenance window configuration. | object({…}) | | {…} |
-| [max_pods_per_node](variables.tf#L152) | Maximum number of pods per node in this cluster. | number | | 110 |
-| [min_master_version](variables.tf#L158) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null |
-| [monitoring_config](variables.tf#L164) | Monitoring components. | object({…}) | | {…} |
-| [node_locations](variables.tf#L180) | Zones in which the cluster's nodes are located. | list(string) | | [] |
-| [private_cluster_config](variables.tf#L187) | Private cluster configuration. | object({…}) | | null |
-| [release_channel](variables.tf#L206) | Release channel for GKE upgrades. | string | | null |
-| [tags](variables.tf#L212) | Network tags applied to nodes. | list(string) | | null |
+| [enable_features](variables.tf#L68) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {…} |
+| [issue_client_certificate](variables.tf#L107) | Enable issuing client certificate. | bool | | false |
+| [labels](variables.tf#L113) | Cluster resource labels. | map(string) | | null |
+| [logging_config](variables.tf#L124) | Logging configuration. | list(string) | | ["SYSTEM_COMPONENTS"] |
+| [maintenance_config](variables.tf#L130) | Maintenance window configuration. | object({…}) | | {…} |
+| [max_pods_per_node](variables.tf#L153) | Maximum number of pods per node in this cluster. | number | | 110 |
+| [min_master_version](variables.tf#L159) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null |
+| [monitoring_config](variables.tf#L165) | Monitoring components. | object({…}) | | {…} |
+| [node_locations](variables.tf#L181) | Zones in which the cluster's nodes are located. | list(string) | | [] |
+| [private_cluster_config](variables.tf#L188) | Private cluster configuration. | object({…}) | | null |
+| [release_channel](variables.tf#L207) | Release channel for GKE upgrades. | string | | null |
+| [tags](variables.tf#L213) | Network tags applied to nodes. | list(string) | | null |
## Outputs
diff --git a/modules/gke-cluster/main.tf b/modules/gke-cluster/main.tf
index f55f46e8e3..e9c36ed11a 100644
--- a/modules/gke-cluster/main.tf
+++ b/modules/gke-cluster/main.tf
@@ -262,6 +262,13 @@ resource "google_container_cluster" "cluster" {
}
}
+ dynamic "mesh_certificates" {
+ for_each = var.enable_features.mesh_certificates != null ? [""] : []
+ content {
+ enable_certificates = var.enable_features.mesh_certificates
+ }
+ }
+
dynamic "monitoring_config" {
for_each = var.monitoring_config != null && !var.enable_features.autopilot ? [""] : []
content {
diff --git a/modules/gke-cluster/variables.tf b/modules/gke-cluster/variables.tf
index f02ed50470..ecfa11c93d 100644
--- a/modules/gke-cluster/variables.tf
+++ b/modules/gke-cluster/variables.tf
@@ -84,6 +84,7 @@ variable "enable_features" {
groups_for_rbac = optional(string)
intranode_visibility = optional(bool, false)
l4_ilb_subsetting = optional(bool, false)
+ mesh_certificates = optional(bool)
pod_security_policy = optional(bool, false)
resource_usage_export = optional(object({
dataset = string
@@ -232,4 +233,4 @@ variable "vpc_config" {
master_authorized_ranges = optional(map(string))
})
nullable = false
-}
\ No newline at end of file
+}