diff --git a/modules/gke-cluster-autopilot/README.md b/modules/gke-cluster-autopilot/README.md
index 3c019162d9..2ad1cf4b07 100644
--- a/modules/gke-cluster-autopilot/README.md
+++ b/modules/gke-cluster-autopilot/README.md
@@ -35,7 +35,6 @@ module "cluster-1" {
# tftest modules=1 resources=1 inventory=basic.yaml
```
-
### Cloud DNS
This example shows how to [use Cloud DNS as a Kubernetes DNS provider](https://cloud.google.com/kubernetes-engine/docs/how-to/cloud-dns) for GKE Standard clusters.
@@ -62,6 +61,31 @@ module "cluster-1" {
# tftest modules=1 resources=1 inventory=dns.yaml
```
+### Logging configuration
+
+This example shows how to [collect logs for the Kubernetes control plane components](https://cloud.google.com/stackdriver/docs/solutions/gke/installing). The logs for these components are not collected by default.
+
+> **Note**
+> System and workload logs collection is pre-configured for Autopilot clusters and cannot be disabled.
+
+```hcl
+module "cluster-1" {
+ source = "./fabric/modules/gke-cluster-autopilot"
+ project_id = var.project_id
+ name = "cluster-1"
+ location = "europe-west1"
+ vpc_config = {
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ }
+ logging_config = {
+ enable_api_server_logs = true
+ enable_scheduler_logs = true
+ enable_controller_manager_logs = true
+ }
+}
+# tftest modules=1 resources=1 inventory=logging-config.yaml
+```
### Backup for GKE
@@ -95,23 +119,24 @@ module "cluster-1" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [location](variables.tf#L112) | Autopilot cluster are always regional. | string | ✓ | |
-| [name](variables.tf#L147) | Cluster name. | string | ✓ | |
-| [project_id](variables.tf#L173) | Cluster project id. | string | ✓ | |
-| [vpc_config](variables.tf#L196) | VPC-level configuration. | object({…}) | ✓ | |
+| [location](variables.tf#L110) | Autopilot cluster are always regional. | string | ✓ | |
+| [name](variables.tf#L155) | Cluster name. | string | ✓ | |
+| [project_id](variables.tf#L181) | Cluster project id. | string | ✓ | |
+| [vpc_config](variables.tf#L204) | VPC-level configuration. | object({…}) | ✓ | |
| [backup_configs](variables.tf#L17) | Configuration for Backup for GKE. | object({…}) | | {} |
| [description](variables.tf#L37) | Cluster description. | string | | null |
| [enable_addons](variables.tf#L43) | Addons enabled in the cluster (true means enabled). | object({…}) | | {…} |
-| [enable_features](variables.tf#L64) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {…} |
-| [issue_client_certificate](variables.tf#L100) | Enable issuing client certificate. | bool | | false |
-| [labels](variables.tf#L106) | Cluster resource labels. | map(string) | | null |
-| [maintenance_config](variables.tf#L118) | Maintenance window configuration. | object({…}) | | {…} |
-| [min_master_version](variables.tf#L141) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null |
-| [node_locations](variables.tf#L152) | Zones in which the cluster's nodes are located. | list(string) | | [] |
-| [private_cluster_config](variables.tf#L159) | Private cluster configuration. | object({…}) | | null |
-| [release_channel](variables.tf#L178) | Release channel for GKE upgrades. | string | | null |
-| [service_account](variables.tf#L184) | The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot. | string | | null |
-| [tags](variables.tf#L190) | Network tags applied to nodes. | list(string) | | null |
+| [enable_features](variables.tf#L64) | Enable cluster-level features. Certain features allow configuration. | object({…}) | | {} |
+| [issue_client_certificate](variables.tf#L98) | Enable issuing client certificate. | bool | | false |
+| [labels](variables.tf#L104) | Cluster resource labels. | map(string) | | null |
+| [logging_config](variables.tf#L115) | Logging configuration. | object({…}) | | {} |
+| [maintenance_config](variables.tf#L126) | Maintenance window configuration. | object({…}) | | {…} |
+| [min_master_version](variables.tf#L149) | Minimum version of the master, defaults to the version of the most recent official release. | string | | null |
+| [node_locations](variables.tf#L160) | Zones in which the cluster's nodes are located. | list(string) | | [] |
+| [private_cluster_config](variables.tf#L167) | Private cluster configuration. | object({…}) | | null |
+| [release_channel](variables.tf#L186) | Release channel for GKE upgrades. | string | | null |
+| [service_account](variables.tf#L192) | The Google Cloud Platform Service Account to be used by the node VMs created by GKE Autopilot. | string | | null |
+| [tags](variables.tf#L198) | Network tags applied to nodes. | list(string) | | null |
## Outputs
@@ -120,11 +145,11 @@ module "cluster-1" {
| [ca_certificate](outputs.tf#L17) | Public certificate of the cluster (base64-encoded). | ✓ |
| [cluster](outputs.tf#L23) | Cluster resource. | ✓ |
| [endpoint](outputs.tf#L29) | Cluster endpoint. | |
-| [id](outputs.tf#L34) | FUlly qualified cluster id. | |
+| [id](outputs.tf#L34) | Fully qualified cluster id. | |
| [location](outputs.tf#L39) | Cluster location. | |
| [master_version](outputs.tf#L44) | Master version. | |
| [name](outputs.tf#L49) | Cluster name. | |
-| [notifications](outputs.tf#L54) | GKE PubSub notifications topic. | |
+| [notifications](outputs.tf#L54) | GKE Pub/Sub notifications topic. | |
| [self_link](outputs.tf#L59) | Cluster self link. | ✓ |
| [workload_identity_pool](outputs.tf#L65) | Workload identity pool. | |
diff --git a/modules/gke-cluster-autopilot/main.tf b/modules/gke-cluster-autopilot/main.tf
index 40cd74e077..d5826b8591 100644
--- a/modules/gke-cluster-autopilot/main.tf
+++ b/modules/gke-cluster-autopilot/main.tf
@@ -121,6 +121,16 @@ resource "google_container_cluster" "cluster" {
}
}
+ logging_config {
+ enable_components = toset(compact([
+ var.logging_config.enable_api_server_logs ? "APISERVER" : null,
+ var.logging_config.enable_controller_manager_logs ? "CONTROLLER_MANAGER" : null,
+ var.logging_config.enable_scheduler_logs ? "SCHEDULER" : null,
+ "SYSTEM_COMPONENTS",
+ "WORKLOADS",
+ ]))
+ }
+
dynamic "gateway_api_config" {
for_each = var.enable_features.gateway_api ? [""] : []
content {
diff --git a/modules/gke-cluster-autopilot/outputs.tf b/modules/gke-cluster-autopilot/outputs.tf
index f48975c5bf..029ab06a22 100644
--- a/modules/gke-cluster-autopilot/outputs.tf
+++ b/modules/gke-cluster-autopilot/outputs.tf
@@ -32,7 +32,7 @@ output "endpoint" {
}
output "id" {
- description = "FUlly qualified cluster id."
+ description = "Fully qualified cluster id."
value = google_container_cluster.cluster.id
}
@@ -52,7 +52,7 @@ output "name" {
}
output "notifications" {
- description = "GKE PubSub notifications topic."
+ description = "GKE Pub/Sub notifications topic."
value = try(google_pubsub_topic.notifications[0].id, null)
}
diff --git a/modules/gke-cluster-autopilot/variables.tf b/modules/gke-cluster-autopilot/variables.tf
index c3bd9fa6aa..c4aa1f93e8 100644
--- a/modules/gke-cluster-autopilot/variables.tf
+++ b/modules/gke-cluster-autopilot/variables.tf
@@ -92,9 +92,7 @@ variable "enable_features" {
}))
vertical_pod_autoscaling = optional(bool, false)
})
- default = {
-
- }
+ default = {}
}
variable "issue_client_certificate" {
@@ -114,6 +112,16 @@ variable "location" {
type = string
}
+variable "logging_config" {
+ description = "Logging configuration."
+ type = object({
+ enable_api_server_logs = optional(bool, false)
+ enable_scheduler_logs = optional(bool, false)
+ enable_controller_manager_logs = optional(bool, false)
+ })
+ default = {}
+ nullable = false
+}
variable "maintenance_config" {
description = "Maintenance window configuration."
diff --git a/tests/modules/gke_cluster_autopilot/examples/logging-config.yaml b/tests/modules/gke_cluster_autopilot/examples/logging-config.yaml
new file mode 100644
index 0000000000..c6dad6ebc3
--- /dev/null
+++ b/tests/modules/gke_cluster_autopilot/examples/logging-config.yaml
@@ -0,0 +1,26 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.cluster-1.google_container_cluster.cluster:
+ logging_config:
+ - enable_components:
+ - APISERVER
+ - CONTROLLER_MANAGER
+ - SCHEDULER
+ - SYSTEM_COMPONENTS
+ - WORKLOADS
+
+counts:
+ google_container_cluster: 1