From 9e79d5b084d9b81ede617607ddb2ca560dedc80a Mon Sep 17 00:00:00 2001 From: Sam Cook Date: Tue, 5 Apr 2022 16:33:49 +0100 Subject: [PATCH] feat: Add dns_config options to beta clusters Terraform now supports Google's integrated Cloud DNS solution, add configuration to enable this in beta clusters. closes #1013 --- autogen/main/cluster.tf.tmpl | 11 +++++++++ autogen/main/variables.tf.tmpl | 24 +++++++++++++++++++ cluster.tf | 1 + .../beta-autopilot-private-cluster/cluster.tf | 1 + .../beta-autopilot-public-cluster/cluster.tf | 1 + .../README.md | 4 ++++ .../cluster.tf | 9 +++++++ .../variables.tf | 24 +++++++++++++++++++ modules/beta-private-cluster/README.md | 4 ++++ modules/beta-private-cluster/cluster.tf | 9 +++++++ modules/beta-private-cluster/variables.tf | 24 +++++++++++++++++++ .../README.md | 4 ++++ .../cluster.tf | 9 +++++++ .../variables.tf | 24 +++++++++++++++++++ modules/beta-public-cluster/README.md | 4 ++++ modules/beta-public-cluster/cluster.tf | 9 +++++++ modules/beta-public-cluster/variables.tf | 24 +++++++++++++++++++ .../private-cluster-update-variant/cluster.tf | 1 + modules/private-cluster/cluster.tf | 1 + 19 files changed, 188 insertions(+) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 60831abc97..4793f1685e 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -71,6 +71,17 @@ resource "google_container_cluster" "primary" { {% endif %} min_master_version = var.release_channel != null ? null : local.master_version +{% if beta_cluster and autopilot_cluster != true %} + dynamic "dns_config" { + for_each = var.enable_cloud_dns ? [1]: [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } +{% endif %} + {% if beta_cluster and autopilot_cluster != true %} dynamic "cluster_telemetry" { for_each = local.cluster_telemetry_type_is_set ? [1] : [] diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index c1bb121768..2524d10864 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -674,4 +674,28 @@ variable "gce_pd_csi_driver" { description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver." default = false } + +variable "enable_cloud_dns" { + type = bool + description = "(Beta) Whether to enable Google Cloud DNS integration." + default = false +} + +variable "cluster_dns_provider" { + type = string + description = "(Beta) Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "(Beta) The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "(Beta) The suffix used for all cluster service records." + default = "" +} {% endif %} diff --git a/cluster.tf b/cluster.tf index a06712b2d1..198243ae50 100644 --- a/cluster.tf +++ b/cluster.tf @@ -52,6 +52,7 @@ resource "google_container_cluster" "primary" { min_master_version = var.release_channel != null ? null : local.master_version + logging_service = var.logging_service monitoring_service = var.monitoring_service cluster_autoscaling { diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 7a9ae23e5f..12f48bf9cc 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -53,6 +53,7 @@ resource "google_container_cluster" "primary" { } min_master_version = var.release_channel != null ? null : local.master_version + logging_service = var.logging_service monitoring_service = var.monitoring_service vertical_pod_autoscaling { diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index ef848bc88d..d2c2af0bfe 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -53,6 +53,7 @@ resource "google_container_cluster" "primary" { } min_master_version = var.release_channel != null ? null : local.master_version + logging_service = var.logging_service monitoring_service = var.monitoring_service vertical_pod_autoscaling { diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index c51e71be19..141ba92311 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -165,6 +165,9 @@ Then perform the following commands on the root folder: | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | | cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no | | cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
  })
| 
{
  "autoscaling_profile": "BALANCED",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_dns\_domain | (Beta) The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | (Beta) Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | (Beta) The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | @@ -180,6 +183,7 @@ Then perform the following commands on the root folder: | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no | | dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | +| enable\_cloud\_dns | (Beta) Whether to enable Google Cloud DNS integration. | `bool` | `false` | no | | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 8bb01a865c..1a935463df 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -61,6 +61,15 @@ resource "google_container_cluster" "primary" { } min_master_version = var.release_channel != null ? null : local.master_version + dynamic "dns_config" { + for_each = var.enable_cloud_dns ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + dynamic "cluster_telemetry" { for_each = local.cluster_telemetry_type_is_set ? [1] : [] content { diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index b0deff1945..2cd37dccbb 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -643,3 +643,27 @@ variable "gce_pd_csi_driver" { description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver." default = false } + +variable "enable_cloud_dns" { + type = bool + description = "(Beta) Whether to enable Google Cloud DNS integration." + default = false +} + +variable "cluster_dns_provider" { + type = string + description = "(Beta) Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "(Beta) The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "(Beta) The suffix used for all cluster service records." + default = "" +} diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 98379fe5a1..e95dd610ec 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -143,6 +143,9 @@ Then perform the following commands on the root folder: | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | | cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no | | cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
  })
| 
{
  "autoscaling_profile": "BALANCED",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_dns\_domain | (Beta) The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | (Beta) Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | (Beta) The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | @@ -158,6 +161,7 @@ Then perform the following commands on the root folder: | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no | | dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | +| enable\_cloud\_dns | (Beta) Whether to enable Google Cloud DNS integration. | `bool` | `false` | no | | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index fe874b7622..db5d0f769e 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -61,6 +61,15 @@ resource "google_container_cluster" "primary" { } min_master_version = var.release_channel != null ? null : local.master_version + dynamic "dns_config" { + for_each = var.enable_cloud_dns ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + dynamic "cluster_telemetry" { for_each = local.cluster_telemetry_type_is_set ? [1] : [] content { diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index b0deff1945..2cd37dccbb 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -643,3 +643,27 @@ variable "gce_pd_csi_driver" { description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver." default = false } + +variable "enable_cloud_dns" { + type = bool + description = "(Beta) Whether to enable Google Cloud DNS integration." + default = false +} + +variable "cluster_dns_provider" { + type = string + description = "(Beta) Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "(Beta) The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "(Beta) The suffix used for all cluster service records." + default = "" +} diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 8801d7ccde..98e47bdeaa 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -159,6 +159,9 @@ Then perform the following commands on the root folder: | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | | cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no | | cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
  })
| 
{
  "autoscaling_profile": "BALANCED",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_dns\_domain | (Beta) The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | (Beta) Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | (Beta) The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | @@ -173,6 +176,7 @@ Then perform the following commands on the root folder: | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no | | dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | +| enable\_cloud\_dns | (Beta) Whether to enable Google Cloud DNS integration. | `bool` | `false` | no | | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 762955d34b..e16d646e84 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -61,6 +61,15 @@ resource "google_container_cluster" "primary" { } min_master_version = var.release_channel != null ? null : local.master_version + dynamic "dns_config" { + for_each = var.enable_cloud_dns ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + dynamic "cluster_telemetry" { for_each = local.cluster_telemetry_type_is_set ? [1] : [] content { diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index cfbd3e080b..0dbef34685 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -612,3 +612,27 @@ variable "gce_pd_csi_driver" { description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver." default = false } + +variable "enable_cloud_dns" { + type = bool + description = "(Beta) Whether to enable Google Cloud DNS integration." + default = false +} + +variable "cluster_dns_provider" { + type = string + description = "(Beta) Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "(Beta) The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "(Beta) The suffix used for all cluster service records." + default = "" +} diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 7d9d2577c5..d11019bfb0 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -137,6 +137,9 @@ Then perform the following commands on the root folder: | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | | cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no | | cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
  })
| 
{
  "autoscaling_profile": "BALANCED",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_dns\_domain | (Beta) The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | (Beta) Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | (Beta) The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | @@ -151,6 +154,7 @@ Then perform the following commands on the root folder: | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no | | dns\_cache | (Beta) The status of the NodeLocal DNSCache addon. | `bool` | `false` | no | | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no | +| enable\_cloud\_dns | (Beta) Whether to enable Google Cloud DNS integration. | `bool` | `false` | no | | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index a6d20774d3..c671ff5316 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -61,6 +61,15 @@ resource "google_container_cluster" "primary" { } min_master_version = var.release_channel != null ? null : local.master_version + dynamic "dns_config" { + for_each = var.enable_cloud_dns ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + dynamic "cluster_telemetry" { for_each = local.cluster_telemetry_type_is_set ? [1] : [] content { diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index cfbd3e080b..0dbef34685 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -612,3 +612,27 @@ variable "gce_pd_csi_driver" { description = "(Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver." default = false } + +variable "enable_cloud_dns" { + type = bool + description = "(Beta) Whether to enable Google Cloud DNS integration." + default = false +} + +variable "cluster_dns_provider" { + type = string + description = "(Beta) Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "(Beta) The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "(Beta) The suffix used for all cluster service records." + default = "" +} diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index b5e4df2dcb..7b46ffd606 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -52,6 +52,7 @@ resource "google_container_cluster" "primary" { min_master_version = var.release_channel != null ? null : local.master_version + logging_service = var.logging_service monitoring_service = var.monitoring_service cluster_autoscaling { diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index ffa8c1a385..714149a284 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -52,6 +52,7 @@ resource "google_container_cluster" "primary" { min_master_version = var.release_channel != null ? null : local.master_version + logging_service = var.logging_service monitoring_service = var.monitoring_service cluster_autoscaling {