diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl index 0893b0c0ee..9fe70cca1d 100644 --- a/autogen/safer-cluster/main.tf.tmpl +++ b/autogen/safer-cluster/main.tf.tmpl @@ -141,6 +141,12 @@ module "gke" { dns_cache = var.dns_cache + cluster_dns_provider = var.cluster_dns_provider + + cluster_dns_scope = var.cluster_dns_scope + + cluster_dns_domain = var.cluster_dns_domain + config_connector = var.config_connector default_max_pods_per_node = var.default_max_pods_per_node diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl index 60e20e24b2..ee681faf8a 100644 --- a/autogen/safer-cluster/variables.tf.tmpl +++ b/autogen/safer-cluster/variables.tf.tmpl @@ -273,6 +273,24 @@ variable "dns_cache" { default = false } +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "default_max_pods_per_node" { description = "The maximum number of pods to schedule per node" default = 110 diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md index fb247e7dd4..759de5064a 100644 --- a/modules/safer-cluster-update-variant/README.md +++ b/modules/safer-cluster-update-variant/README.md @@ -204,6 +204,9 @@ For simplicity, we suggest using `roles/container.admin` and | add\_cluster\_firewall\_rules | Create additional firewall rules | `bool` | `false` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | +| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | compute\_engine\_service\_account | Use the given service account for nodes rather than creating a new dedicated service account. | `string` | `""` | no | | config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf index 856a116f2e..1b8331b598 100644 --- a/modules/safer-cluster-update-variant/main.tf +++ b/modules/safer-cluster-update-variant/main.tf @@ -137,6 +137,12 @@ module "gke" { dns_cache = var.dns_cache + cluster_dns_provider = var.cluster_dns_provider + + cluster_dns_scope = var.cluster_dns_scope + + cluster_dns_domain = var.cluster_dns_domain + config_connector = var.config_connector default_max_pods_per_node = var.default_max_pods_per_node diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf index 49fe3afbde..002850230d 100644 --- a/modules/safer-cluster-update-variant/variables.tf +++ b/modules/safer-cluster-update-variant/variables.tf @@ -273,6 +273,24 @@ variable "dns_cache" { default = false } +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "default_max_pods_per_node" { description = "The maximum number of pods to schedule per node" default = 110 diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md index fb247e7dd4..759de5064a 100644 --- a/modules/safer-cluster/README.md +++ b/modules/safer-cluster/README.md @@ -204,6 +204,9 @@ For simplicity, we suggest using `roles/container.admin` and | add\_cluster\_firewall\_rules | Create additional firewall rules | `bool` | `false` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | +| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | compute\_engine\_service\_account | Use the given service account for nodes rather than creating a new dedicated service account. | `string` | `""` | no | | config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf index 960a376ba3..5529beae19 100644 --- a/modules/safer-cluster/main.tf +++ b/modules/safer-cluster/main.tf @@ -137,6 +137,12 @@ module "gke" { dns_cache = var.dns_cache + cluster_dns_provider = var.cluster_dns_provider + + cluster_dns_scope = var.cluster_dns_scope + + cluster_dns_domain = var.cluster_dns_domain + config_connector = var.config_connector default_max_pods_per_node = var.default_max_pods_per_node diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf index 49fe3afbde..002850230d 100644 --- a/modules/safer-cluster/variables.tf +++ b/modules/safer-cluster/variables.tf @@ -273,6 +273,24 @@ variable "dns_cache" { default = false } +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "default_max_pods_per_node" { description = "The maximum number of pods to schedule per node" default = 110