"
+secondary_ranges = {
+ pods = "100.64.64.0/18"
+ services = "100.64.128.0/20"
+ master_cidr = "100.64.144.0/28"
+}
+proxy_subnet_cidr = "100.64.168.0/24"
+psc_subnet_cidr = "100.64.192.0/24"
+master_authorized_networks = [
+ {
+ cidr_block = "100.64.0.0/10"
+ display_name = "cluster net"
+ }
+]
+primary_net_cidrs = [
+ "10.0.0.0/8",
+ "192.168.0.0/16",
+ "172.16.0.0/12"
+]
diff --git a/examples/island_cluster_with_vm_router/vars.tf b/examples/island_cluster_with_vm_router/vars.tf
new file mode 100644
index 0000000000..37cf62d182
--- /dev/null
+++ b/examples/island_cluster_with_vm_router/vars.tf
@@ -0,0 +1,64 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+ type = string
+}
+
+variable "region" {
+ type = string
+}
+
+variable "cluster_name" {
+ type = string
+}
+
+variable "node_locations" {
+ type = list(string)
+}
+
+variable "subnet_cidr" {
+ type = string
+}
+
+variable "psc_subnet_cidr" {
+ type = string
+}
+
+variable "proxy_subnet_cidr" {
+ type = string
+}
+
+variable "secondary_ranges" {
+ type = map(string)
+}
+
+variable "master_authorized_networks" {
+ type = list(object({ cidr_block = string, display_name = string }))
+ description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
+}
+
+variable "primary_subnet" {
+ type = string
+}
+
+variable "primary_net_cidrs" {
+ type = list(string)
+}
+
+variable "router_machine_type" {
+ type = string
+}
diff --git a/examples/island_cluster_with_vm_router/versions.tf b/examples/island_cluster_with_vm_router/versions.tf
new file mode 100644
index 0000000000..7e297ed82e
--- /dev/null
+++ b/examples/island_cluster_with_vm_router/versions.tf
@@ -0,0 +1,28 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+ required_version = ">= 1.6"
+
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ }
+ google-beta = {
+ source = "hashicorp/google-beta"
+ }
+ }
+}
diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md
index e7fc994480..7f894a0c94 100644
--- a/modules/beta-autopilot-private-cluster/README.md
+++ b/modules/beta-autopilot-private-cluster/README.md
@@ -121,7 +121,7 @@ Then perform the following commands on the root folder:
| name | The name of the cluster (required) | `string` | n/a | yes |
| network | The VPC network to host the cluster in (required) | `string` | n/a | yes |
| network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
-| network\_tags | (Optional, Beta) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no |
+| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no |
| non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` | [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
| no |
| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf
index b0af2e3623..397c7755b9 100644
--- a/modules/beta-autopilot-private-cluster/cluster.tf
+++ b/modules/beta-autopilot-private-cluster/cluster.tf
@@ -107,6 +107,7 @@ resource "google_container_cluster" "primary" {
}
}
+
master_auth {
client_certificate_config {
issue_client_certificate = var.issue_client_certificate
diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf
index faa9d3d1f7..02d8e12e48 100644
--- a/modules/beta-autopilot-private-cluster/variables.tf
+++ b/modules/beta-autopilot-private-cluster/variables.tf
@@ -174,10 +174,11 @@ variable "enable_resource_consumption_export" {
variable "network_tags" {
- description = "(Optional, Beta) - List of network tags applied to auto-provisioned node pools."
+ description = "(Optional) - List of network tags applied to auto-provisioned node pools."
type = list(string)
default = []
}
+
variable "stub_domains" {
type = map(list(string))
description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md
index 81f6883bbd..7ff4ee1cdb 100644
--- a/modules/beta-autopilot-public-cluster/README.md
+++ b/modules/beta-autopilot-public-cluster/README.md
@@ -110,7 +110,7 @@ Then perform the following commands on the root folder:
| name | The name of the cluster (required) | `string` | n/a | yes |
| network | The VPC network to host the cluster in (required) | `string` | n/a | yes |
| network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
-| network\_tags | (Optional, Beta) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no |
+| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no |
| non\_masquerade\_cidrs | List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading. | `list(string)` | [
"10.0.0.0/8",
"172.16.0.0/12",
"192.168.0.0/16"
]
| no |
| notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no |
| project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf
index 43878c77b2..01ea54baf4 100644
--- a/modules/beta-autopilot-public-cluster/cluster.tf
+++ b/modules/beta-autopilot-public-cluster/cluster.tf
@@ -107,6 +107,7 @@ resource "google_container_cluster" "primary" {
}
}
+
master_auth {
client_certificate_config {
issue_client_certificate = var.issue_client_certificate
diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf
index 29a3db949b..fc10df626c 100644
--- a/modules/beta-autopilot-public-cluster/variables.tf
+++ b/modules/beta-autopilot-public-cluster/variables.tf
@@ -174,10 +174,11 @@ variable "enable_resource_consumption_export" {
variable "network_tags" {
- description = "(Optional, Beta) - List of network tags applied to auto-provisioned node pools."
+ description = "(Optional) - List of network tags applied to auto-provisioned node pools."
type = list(string)
default = []
}
+
variable "stub_domains" {
type = map(list(string))
description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
index 9fc4f48564..1315894262 100644
--- a/modules/beta-private-cluster-update-variant/README.md
+++ b/modules/beta-private-cluster-update-variant/README.md
@@ -242,7 +242,7 @@ Then perform the following commands on the root folder:
| master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no |
| monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no |
| monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no |
-| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no |
+| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no |
| monitoring\_observability\_metrics\_relay\_mode | Mode used to make advanced datapath metrics relay available. | `string` | `null` | no |
| monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no |
| name | The name of the cluster (required) | `string` | n/a | yes |
@@ -250,6 +250,7 @@ Then perform the following commands on the root folder:
| network\_policy | Enable network policy addon | `bool` | `false` | no |
| network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no |
| network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
+| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no |
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no |
| node\_pools | List of maps containing node pools | `list(map(any))` | [
{
"name": "default-node-pool"
}
]
| no |
| node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
index a153bb8663..5860bf18a0 100644
--- a/modules/beta-private-cluster-update-variant/cluster.tf
+++ b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -185,6 +185,15 @@ resource "google_container_cluster" "primary" {
}
}
+ dynamic "node_pool_auto_config" {
+ for_each = var.cluster_autoscaling.enabled && length(var.network_tags) > 0 ? [1] : []
+ content {
+ network_tags {
+ tags = var.network_tags
+ }
+ }
+ }
+
master_auth {
client_certificate_config {
issue_client_certificate = var.issue_client_certificate
diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
index d149edca13..03742b1504 100644
--- a/modules/beta-private-cluster-update-variant/variables.tf
+++ b/modules/beta-private-cluster-update-variant/variables.tf
@@ -300,6 +300,12 @@ variable "node_pools_oauth_scopes" {
}
}
+variable "network_tags" {
+ description = "(Optional) - List of network tags applied to auto-provisioned node pools."
+ type = list(string)
+ default = []
+}
+
variable "stub_domains" {
type = map(list(string))
description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
@@ -724,7 +730,7 @@ variable "monitoring_observability_metrics_relay_mode" {
variable "monitoring_enabled_components" {
type = list(string)
- description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration."
+ description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration."
default = []
}
@@ -746,6 +752,12 @@ variable "config_connector" {
default = false
}
+variable "enable_l4_ilb_subsetting" {
+ type = bool
+ description = "Enable L4 ILB Subsetting on the cluster"
+ default = false
+}
+
variable "istio" {
description = "(Beta) Enable Istio addon"
type = bool
@@ -782,12 +794,6 @@ variable "enable_pod_security_policy" {
default = false
}
-variable "enable_l4_ilb_subsetting" {
- type = bool
- description = "Enable L4 ILB Subsetting on the cluster"
- default = false
-}
-
variable "sandbox_enabled" {
type = bool
description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it)."
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
index df855450e7..7bd4dde460 100644
--- a/modules/beta-private-cluster/README.md
+++ b/modules/beta-private-cluster/README.md
@@ -220,7 +220,7 @@ Then perform the following commands on the root folder:
| master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no |
| monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no |
| monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no |
-| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no |
+| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no |
| monitoring\_observability\_metrics\_relay\_mode | Mode used to make advanced datapath metrics relay available. | `string` | `null` | no |
| monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no |
| name | The name of the cluster (required) | `string` | n/a | yes |
@@ -228,6 +228,7 @@ Then perform the following commands on the root folder:
| network\_policy | Enable network policy addon | `bool` | `false` | no |
| network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no |
| network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
+| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no |
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no |
| node\_pools | List of maps containing node pools | `list(map(any))` | [
{
"name": "default-node-pool"
}
]
| no |
| node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
index 12807cbdc7..8e67389f51 100644
--- a/modules/beta-private-cluster/cluster.tf
+++ b/modules/beta-private-cluster/cluster.tf
@@ -185,6 +185,15 @@ resource "google_container_cluster" "primary" {
}
}
+ dynamic "node_pool_auto_config" {
+ for_each = var.cluster_autoscaling.enabled && length(var.network_tags) > 0 ? [1] : []
+ content {
+ network_tags {
+ tags = var.network_tags
+ }
+ }
+ }
+
master_auth {
client_certificate_config {
issue_client_certificate = var.issue_client_certificate
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
index d149edca13..03742b1504 100644
--- a/modules/beta-private-cluster/variables.tf
+++ b/modules/beta-private-cluster/variables.tf
@@ -300,6 +300,12 @@ variable "node_pools_oauth_scopes" {
}
}
+variable "network_tags" {
+ description = "(Optional) - List of network tags applied to auto-provisioned node pools."
+ type = list(string)
+ default = []
+}
+
variable "stub_domains" {
type = map(list(string))
description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
@@ -724,7 +730,7 @@ variable "monitoring_observability_metrics_relay_mode" {
variable "monitoring_enabled_components" {
type = list(string)
- description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration."
+ description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration."
default = []
}
@@ -746,6 +752,12 @@ variable "config_connector" {
default = false
}
+variable "enable_l4_ilb_subsetting" {
+ type = bool
+ description = "Enable L4 ILB Subsetting on the cluster"
+ default = false
+}
+
variable "istio" {
description = "(Beta) Enable Istio addon"
type = bool
@@ -782,12 +794,6 @@ variable "enable_pod_security_policy" {
default = false
}
-variable "enable_l4_ilb_subsetting" {
- type = bool
- description = "Enable L4 ILB Subsetting on the cluster"
- default = false
-}
-
variable "sandbox_enabled" {
type = bool
description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it)."
diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
index 61d34f1e25..3918b354a1 100644
--- a/modules/beta-public-cluster-update-variant/README.md
+++ b/modules/beta-public-cluster-update-variant/README.md
@@ -231,7 +231,7 @@ Then perform the following commands on the root folder:
| master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no |
| monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no |
| monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no |
-| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no |
+| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no |
| monitoring\_observability\_metrics\_relay\_mode | Mode used to make advanced datapath metrics relay available. | `string` | `null` | no |
| monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no |
| name | The name of the cluster (required) | `string` | n/a | yes |
@@ -239,6 +239,7 @@ Then perform the following commands on the root folder:
| network\_policy | Enable network policy addon | `bool` | `false` | no |
| network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no |
| network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
+| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no |
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no |
| node\_pools | List of maps containing node pools | `list(map(any))` | [
{
"name": "default-node-pool"
}
]
| no |
| node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
index 1a1f44cb3d..eb30115d14 100644
--- a/modules/beta-public-cluster-update-variant/cluster.tf
+++ b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -185,6 +185,15 @@ resource "google_container_cluster" "primary" {
}
}
+ dynamic "node_pool_auto_config" {
+ for_each = var.cluster_autoscaling.enabled && length(var.network_tags) > 0 ? [1] : []
+ content {
+ network_tags {
+ tags = var.network_tags
+ }
+ }
+ }
+
master_auth {
client_certificate_config {
issue_client_certificate = var.issue_client_certificate
diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf
index 40023d59b2..2490cfd338 100644
--- a/modules/beta-public-cluster-update-variant/variables.tf
+++ b/modules/beta-public-cluster-update-variant/variables.tf
@@ -300,6 +300,12 @@ variable "node_pools_oauth_scopes" {
}
}
+variable "network_tags" {
+ description = "(Optional) - List of network tags applied to auto-provisioned node pools."
+ type = list(string)
+ default = []
+}
+
variable "stub_domains" {
type = map(list(string))
description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
@@ -694,7 +700,7 @@ variable "monitoring_observability_metrics_relay_mode" {
variable "monitoring_enabled_components" {
type = list(string)
- description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration."
+ description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration."
default = []
}
@@ -716,6 +722,12 @@ variable "config_connector" {
default = false
}
+variable "enable_l4_ilb_subsetting" {
+ type = bool
+ description = "Enable L4 ILB Subsetting on the cluster"
+ default = false
+}
+
variable "istio" {
description = "(Beta) Enable Istio addon"
type = bool
@@ -752,12 +764,6 @@ variable "enable_pod_security_policy" {
default = false
}
-variable "enable_l4_ilb_subsetting" {
- type = bool
- description = "Enable L4 ILB Subsetting on the cluster"
- default = false
-}
-
variable "sandbox_enabled" {
type = bool
description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it)."
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
index 1019f74e73..37853e7e76 100644
--- a/modules/beta-public-cluster/README.md
+++ b/modules/beta-public-cluster/README.md
@@ -209,7 +209,7 @@ Then perform the following commands on the root folder:
| master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no |
| monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no |
| monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no |
-| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no |
+| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no |
| monitoring\_observability\_metrics\_relay\_mode | Mode used to make advanced datapath metrics relay available. | `string` | `null` | no |
| monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no |
| name | The name of the cluster (required) | `string` | n/a | yes |
@@ -217,6 +217,7 @@ Then perform the following commands on the root folder:
| network\_policy | Enable network policy addon | `bool` | `false` | no |
| network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no |
| network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
+| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no |
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no |
| node\_pools | List of maps containing node pools | `list(map(any))` | [
{
"name": "default-node-pool"
}
]
| no |
| node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
index da18df1fc0..96879d12d7 100644
--- a/modules/beta-public-cluster/cluster.tf
+++ b/modules/beta-public-cluster/cluster.tf
@@ -185,6 +185,15 @@ resource "google_container_cluster" "primary" {
}
}
+ dynamic "node_pool_auto_config" {
+ for_each = var.cluster_autoscaling.enabled && length(var.network_tags) > 0 ? [1] : []
+ content {
+ network_tags {
+ tags = var.network_tags
+ }
+ }
+ }
+
master_auth {
client_certificate_config {
issue_client_certificate = var.issue_client_certificate
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
index 40023d59b2..2490cfd338 100644
--- a/modules/beta-public-cluster/variables.tf
+++ b/modules/beta-public-cluster/variables.tf
@@ -300,6 +300,12 @@ variable "node_pools_oauth_scopes" {
}
}
+variable "network_tags" {
+ description = "(Optional) - List of network tags applied to auto-provisioned node pools."
+ type = list(string)
+ default = []
+}
+
variable "stub_domains" {
type = map(list(string))
description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
@@ -694,7 +700,7 @@ variable "monitoring_observability_metrics_relay_mode" {
variable "monitoring_enabled_components" {
type = list(string)
- description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration."
+ description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration."
default = []
}
@@ -716,6 +722,12 @@ variable "config_connector" {
default = false
}
+variable "enable_l4_ilb_subsetting" {
+ type = bool
+ description = "Enable L4 ILB Subsetting on the cluster"
+ default = false
+}
+
variable "istio" {
description = "(Beta) Enable Istio addon"
type = bool
@@ -752,12 +764,6 @@ variable "enable_pod_security_policy" {
default = false
}
-variable "enable_l4_ilb_subsetting" {
- type = bool
- description = "Enable L4 ILB Subsetting on the cluster"
- default = false
-}
-
variable "sandbox_enabled" {
type = bool
description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it)."
diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md
index ddd8cc56e6..d980cb858f 100644
--- a/modules/private-cluster-update-variant/README.md
+++ b/modules/private-cluster-update-variant/README.md
@@ -187,6 +187,7 @@ Then perform the following commands on the root folder:
| enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no |
| enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no |
| enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no |
+| enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no |
| enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no |
| enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no |
| enable\_private\_endpoint | (Beta) Whether the master's internal IP address is used as the cluster endpoint | `bool` | `false` | no |
@@ -225,7 +226,7 @@ Then perform the following commands on the root folder:
| master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no |
| monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no |
| monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no |
-| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no |
+| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no |
| monitoring\_observability\_metrics\_relay\_mode | Mode used to make advanced datapath metrics relay available. | `string` | `null` | no |
| monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no |
| name | The name of the cluster (required) | `string` | n/a | yes |
@@ -233,6 +234,7 @@ Then perform the following commands on the root folder:
| network\_policy | Enable network policy addon | `bool` | `false` | no |
| network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no |
| network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
+| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no |
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no |
| node\_pools | List of maps containing node pools | `list(map(any))` | [
{
"name": "default-node-pool"
}
]
| no |
| node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
index 84d63e5fbf..a579e512d0 100644
--- a/modules/private-cluster-update-variant/cluster.tf
+++ b/modules/private-cluster-update-variant/cluster.tf
@@ -147,6 +147,8 @@ resource "google_container_cluster" "primary" {
enable_kubernetes_alpha = var.enable_kubernetes_alpha
enable_tpu = var.enable_tpu
+
+ enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
dynamic "master_authorized_networks_config" {
for_each = local.master_authorized_networks_config
content {
@@ -160,6 +162,15 @@ resource "google_container_cluster" "primary" {
}
}
+ dynamic "node_pool_auto_config" {
+ for_each = var.cluster_autoscaling.enabled && length(var.network_tags) > 0 ? [1] : []
+ content {
+ network_tags {
+ tags = var.network_tags
+ }
+ }
+ }
+
master_auth {
client_certificate_config {
issue_client_certificate = var.issue_client_certificate
diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf
index e0884739d7..e7e2e0e5d0 100644
--- a/modules/private-cluster-update-variant/variables.tf
+++ b/modules/private-cluster-update-variant/variables.tf
@@ -300,6 +300,12 @@ variable "node_pools_oauth_scopes" {
}
}
+variable "network_tags" {
+ description = "(Optional) - List of network tags applied to auto-provisioned node pools."
+ type = list(string)
+ default = []
+}
+
variable "stub_domains" {
type = map(list(string))
description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
@@ -700,7 +706,7 @@ variable "monitoring_observability_metrics_relay_mode" {
variable "monitoring_enabled_components" {
type = list(string)
- description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration."
+ description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration."
default = []
}
@@ -722,6 +728,12 @@ variable "config_connector" {
default = false
}
+variable "enable_l4_ilb_subsetting" {
+ type = bool
+ description = "Enable L4 ILB Subsetting on the cluster"
+ default = false
+}
+
variable "fleet_project" {
description = "(Optional) Register the cluster with the fleet in this project."
type = string
diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md
index 91d314167f..9fb785d5b9 100644
--- a/modules/private-cluster/README.md
+++ b/modules/private-cluster/README.md
@@ -165,6 +165,7 @@ Then perform the following commands on the root folder:
| enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no |
| enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no |
| enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no |
+| enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no |
| enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no |
| enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no |
| enable\_private\_endpoint | (Beta) Whether the master's internal IP address is used as the cluster endpoint | `bool` | `false` | no |
@@ -203,7 +204,7 @@ Then perform the following commands on the root folder:
| master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no |
| monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no |
| monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no |
-| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration. | `list(string)` | `[]` | no |
+| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no |
| monitoring\_observability\_metrics\_relay\_mode | Mode used to make advanced datapath metrics relay available. | `string` | `null` | no |
| monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no |
| name | The name of the cluster (required) | `string` | n/a | yes |
@@ -211,6 +212,7 @@ Then perform the following commands on the root folder:
| network\_policy | Enable network policy addon | `bool` | `false` | no |
| network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no |
| network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no |
+| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no |
| node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no |
| node\_pools | List of maps containing node pools | `list(map(any))` | [
{
"name": "default-node-pool"
}
]
| no |
| node\_pools\_labels | Map of maps containing node labels by node-pool name | `map(map(string))` | {
"all": {},
"default-node-pool": {}
} | no |
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
index 7bb8f67db2..67ee8f1e4a 100644
--- a/modules/private-cluster/cluster.tf
+++ b/modules/private-cluster/cluster.tf
@@ -147,6 +147,8 @@ resource "google_container_cluster" "primary" {
enable_kubernetes_alpha = var.enable_kubernetes_alpha
enable_tpu = var.enable_tpu
+
+ enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
dynamic "master_authorized_networks_config" {
for_each = local.master_authorized_networks_config
content {
@@ -160,6 +162,15 @@ resource "google_container_cluster" "primary" {
}
}
+ dynamic "node_pool_auto_config" {
+ for_each = var.cluster_autoscaling.enabled && length(var.network_tags) > 0 ? [1] : []
+ content {
+ network_tags {
+ tags = var.network_tags
+ }
+ }
+ }
+
master_auth {
client_certificate_config {
issue_client_certificate = var.issue_client_certificate
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
index e0884739d7..e7e2e0e5d0 100644
--- a/modules/private-cluster/variables.tf
+++ b/modules/private-cluster/variables.tf
@@ -300,6 +300,12 @@ variable "node_pools_oauth_scopes" {
}
}
+variable "network_tags" {
+ description = "(Optional) - List of network tags applied to auto-provisioned node pools."
+ type = list(string)
+ default = []
+}
+
variable "stub_domains" {
type = map(list(string))
description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
@@ -700,7 +706,7 @@ variable "monitoring_observability_metrics_relay_mode" {
variable "monitoring_enabled_components" {
type = list(string)
- description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration."
+ description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration."
default = []
}
@@ -722,6 +728,12 @@ variable "config_connector" {
default = false
}
+variable "enable_l4_ilb_subsetting" {
+ type = bool
+ description = "Enable L4 ILB Subsetting on the cluster"
+ default = false
+}
+
variable "fleet_project" {
description = "(Optional) Register the cluster with the fleet in this project."
type = string
diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md
index 8aa383cec1..274199a59f 100644
--- a/modules/safer-cluster-update-variant/README.md
+++ b/modules/safer-cluster-update-variant/README.md
@@ -249,6 +249,7 @@ For simplicity, we suggest using `roles/container.admin` and
| master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no |
| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no |
| monitoring\_enable\_managed\_prometheus | (Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no |
+| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no |
| monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no |
| name | The name of the cluster | `string` | n/a | yes |
| network | The VPC network to host the cluster in | `string` | n/a | yes |
diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf
index 3da128f44e..f79239f47d 100644
--- a/modules/safer-cluster-update-variant/main.tf
+++ b/modules/safer-cluster-update-variant/main.tf
@@ -104,6 +104,7 @@ module "gke" {
monitoring_service = var.monitoring_service
monitoring_enable_managed_prometheus = var.monitoring_enable_managed_prometheus
+ monitoring_enabled_components = var.monitoring_enabled_components
// We never use the default service account for the cluster. The default
// project/editor permissions can create problems if nodes were to be ever
diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf
index 2b51a97541..c98da16f81 100644
--- a/modules/safer-cluster-update-variant/variables.tf
+++ b/modules/safer-cluster-update-variant/variables.tf
@@ -280,6 +280,12 @@ variable "monitoring_enable_managed_prometheus" {
default = false
}
+variable "monitoring_enabled_components" {
+ type = list(string)
+ description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration."
+ default = []
+}
+
variable "grant_registry_access" {
type = bool
description = "Grants created cluster-specific service account storage.objectViewer role."
diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md
index 8aa383cec1..274199a59f 100644
--- a/modules/safer-cluster/README.md
+++ b/modules/safer-cluster/README.md
@@ -249,6 +249,7 @@ For simplicity, we suggest using `roles/container.admin` and
| master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no |
| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network | `string` | `"10.0.0.0/28"` | no |
| monitoring\_enable\_managed\_prometheus | (Beta) Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no |
+| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no |
| monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no |
| name | The name of the cluster | `string` | n/a | yes |
| network | The VPC network to host the cluster in | `string` | n/a | yes |
diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf
index 67a3a54ed4..ac8b6d9409 100644
--- a/modules/safer-cluster/main.tf
+++ b/modules/safer-cluster/main.tf
@@ -104,6 +104,7 @@ module "gke" {
monitoring_service = var.monitoring_service
monitoring_enable_managed_prometheus = var.monitoring_enable_managed_prometheus
+ monitoring_enabled_components = var.monitoring_enabled_components
// We never use the default service account for the cluster. The default
// project/editor permissions can create problems if nodes were to be ever
diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf
index 2b51a97541..c98da16f81 100644
--- a/modules/safer-cluster/variables.tf
+++ b/modules/safer-cluster/variables.tf
@@ -280,6 +280,12 @@ variable "monitoring_enable_managed_prometheus" {
default = false
}
+variable "monitoring_enabled_components" {
+ type = list(string)
+ description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration."
+ default = []
+}
+
variable "grant_registry_access" {
type = bool
description = "Grants created cluster-specific service account storage.objectViewer role."
diff --git a/test/integration/go.mod b/test/integration/go.mod
index 342f622d96..d5828f9c0a 100644
--- a/test/integration/go.mod
+++ b/test/integration/go.mod
@@ -5,8 +5,8 @@ go 1.21
toolchain go1.21.5
require (
- github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.13.1
- github.com/gruntwork-io/terratest v0.46.11
+ github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.13.2
+ github.com/gruntwork-io/terratest v0.46.13
github.com/stretchr/testify v1.9.0
github.com/tidwall/gjson v1.17.1
)
diff --git a/test/integration/go.sum b/test/integration/go.sum
index 0549f453d9..5bafcdb72a 100644
--- a/test/integration/go.sum
+++ b/test/integration/go.sum
@@ -187,8 +187,8 @@ cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoIS
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.13.1 h1:8eKlk/DQeXPb6ITTLLWk/LdmyC9FRNMQF2ZR0sKaGEA=
-github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.13.1/go.mod h1:jIatwk/2sLSDtnMaExpzZpQVuBbEhx+NeiP1obo/IlY=
+github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.13.2 h1:DQS5D0xaV1SVFNoGvHdYB0wYeZ24D9hVeFiLG2+r06I=
+github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.13.2/go.mod h1:uomWciQn6oAotW86ck0b0ix+sUeZHSXyS+IYAVFTPj8=
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
@@ -376,8 +376,8 @@ github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/ad
github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
github.com/gruntwork-io/go-commons v0.17.1 h1:2KS9wAqrgeOTWj33DSHzDNJ1FCprptWdLFqej+wB8x0=
github.com/gruntwork-io/go-commons v0.17.1/go.mod h1:S98JcR7irPD1bcruSvnqupg+WSJEJ6xaM89fpUZVISk=
-github.com/gruntwork-io/terratest v0.46.11 h1:1Z9G18I2FNuH87Ro0YtjW4NH9ky4GDpfzE7+ivkPeB8=
-github.com/gruntwork-io/terratest v0.46.11/go.mod h1:DVZG/s7eP1u3KOQJJfE6n7FDriMWpDvnj85XIlZMEM8=
+github.com/gruntwork-io/terratest v0.46.13 h1:FDaEoZ7DtkomV8pcwLdBV/VsytdjnPRqJkIriYEYwjs=
+github.com/gruntwork-io/terratest v0.46.13/go.mod h1:8sxu3Qup8TxtbzOHzq0MUrQffJj/G61/OwlsReaCwpo=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
diff --git a/variables.tf b/variables.tf
index ddfbb6d741..1989020509 100644
--- a/variables.tf
+++ b/variables.tf
@@ -300,6 +300,12 @@ variable "node_pools_oauth_scopes" {
}
}
+variable "network_tags" {
+ description = "(Optional) - List of network tags applied to auto-provisioned node pools."
+ type = list(string)
+ default = []
+}
+
variable "stub_domains" {
type = map(list(string))
description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
@@ -670,7 +676,7 @@ variable "monitoring_observability_metrics_relay_mode" {
variable "monitoring_enabled_components" {
type = list(string)
- description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS (provider version >= 3.89.0). Empty list is default GKE configuration."
+ description = "List of services to monitor: SYSTEM_COMPONENTS, WORKLOADS. Empty list is default GKE configuration."
default = []
}
@@ -692,6 +698,12 @@ variable "config_connector" {
default = false
}
+variable "enable_l4_ilb_subsetting" {
+ type = bool
+ description = "Enable L4 ILB Subsetting on the cluster"
+ default = false
+}
+
variable "fleet_project" {
description = "(Optional) Register the cluster with the fleet in this project."
type = string