From 6510bde556f1868ec1924782299f64b1f4c877a7 Mon Sep 17 00:00:00 2001 From: Andrew Peabody Date: Thu, 15 Feb 2024 01:20:26 +0000 Subject: [PATCH] add fleet block --- README.md | 3 +++ autogen/main/cluster.tf.tmpl | 7 +++++++ autogen/main/main.tf.tmpl | 2 ++ autogen/main/outputs.tf.tmpl | 5 +++++ autogen/main/variables.tf.tmpl | 12 ++++++++++++ cluster.tf | 7 +++++++ main.tf | 2 ++ modules/beta-autopilot-private-cluster/README.md | 3 +++ modules/beta-autopilot-private-cluster/cluster.tf | 7 +++++++ modules/beta-autopilot-private-cluster/main.tf | 2 ++ modules/beta-autopilot-private-cluster/outputs.tf | 5 +++++ modules/beta-autopilot-private-cluster/variables.tf | 12 ++++++++++++ modules/beta-autopilot-public-cluster/README.md | 3 +++ modules/beta-autopilot-public-cluster/cluster.tf | 7 +++++++ modules/beta-autopilot-public-cluster/main.tf | 2 ++ modules/beta-autopilot-public-cluster/outputs.tf | 5 +++++ modules/beta-autopilot-public-cluster/variables.tf | 12 ++++++++++++ .../beta-private-cluster-update-variant/README.md | 3 +++ .../beta-private-cluster-update-variant/cluster.tf | 7 +++++++ modules/beta-private-cluster-update-variant/main.tf | 2 ++ .../beta-private-cluster-update-variant/outputs.tf | 5 +++++ .../beta-private-cluster-update-variant/variables.tf | 12 ++++++++++++ modules/beta-private-cluster/README.md | 3 +++ modules/beta-private-cluster/cluster.tf | 7 +++++++ modules/beta-private-cluster/main.tf | 2 ++ modules/beta-private-cluster/outputs.tf | 5 +++++ modules/beta-private-cluster/variables.tf | 12 ++++++++++++ modules/beta-public-cluster-update-variant/README.md | 3 +++ .../beta-public-cluster-update-variant/cluster.tf | 7 +++++++ modules/beta-public-cluster-update-variant/main.tf | 2 ++ .../beta-public-cluster-update-variant/outputs.tf | 5 +++++ .../beta-public-cluster-update-variant/variables.tf | 12 ++++++++++++ modules/beta-public-cluster/README.md | 3 +++ modules/beta-public-cluster/cluster.tf | 7 +++++++ modules/beta-public-cluster/main.tf | 2 ++ modules/beta-public-cluster/outputs.tf | 5 +++++ modules/beta-public-cluster/variables.tf | 12 ++++++++++++ modules/private-cluster-update-variant/README.md | 3 +++ modules/private-cluster-update-variant/cluster.tf | 7 +++++++ modules/private-cluster-update-variant/main.tf | 2 ++ modules/private-cluster-update-variant/outputs.tf | 5 +++++ modules/private-cluster-update-variant/variables.tf | 12 ++++++++++++ modules/private-cluster/README.md | 3 +++ modules/private-cluster/cluster.tf | 7 +++++++ modules/private-cluster/main.tf | 2 ++ modules/private-cluster/outputs.tf | 5 +++++ modules/private-cluster/variables.tf | 12 ++++++++++++ outputs.tf | 5 +++++ variables.tf | 12 ++++++++++++ 49 files changed, 287 insertions(+) diff --git a/README.md b/README.md index 581cf77bc3..7c485a0cab 100644 --- a/README.md +++ b/README.md @@ -167,6 +167,8 @@ Then perform the following commands on the root folder: | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` |
[
"8443",
"9443",
"15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| fleet\_project | Register cluster with custom fleet host project. | `string` | `null` | no | +| fleet\_register | Register cluster with fleet. | `bool` | `null` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | | gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | @@ -239,6 +241,7 @@ Then perform the following commands on the root folder: | ca\_certificate | Cluster ca certificate (base64 encoded) | | cluster\_id | Cluster ID | | endpoint | Cluster endpoint | +| fleet\_membership | Fleet membership (if enabled) | | gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index bec9779ea5..dd9a67a9ee 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -347,6 +347,13 @@ resource "google_container_cluster" "primary" { vulnerability_mode = var.security_posture_vulnerability_mode } + dynamic "fleet" { + for_each = var.fleet_register == true ? [1] : [] + content { + project = var.fleet_project + } + } + ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index 2b75d8e5ca..31117d6a26 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -60,6 +60,8 @@ locals { windows_node_pools = zipmap(local.windows_node_pool_names, tolist(toset(var.windows_node_pools))) {% endif %} + fleet_membership = var.fleet_register ? google_container_cluster.primary.fleet[0].membership : null + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] gateway_api_config = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] diff --git a/autogen/main/outputs.tf.tmpl b/autogen/main/outputs.tf.tmpl index eb84418487..24110c2305 100644 --- a/autogen/main/outputs.tf.tmpl +++ b/autogen/main/outputs.tf.tmpl @@ -234,3 +234,8 @@ output "identity_service_enabled" { value = local.cluster_pod_security_policy_enabled } {% endif %} + +output "fleet_membership" { + description = "Fleet membership (if enabled)" + value = local.fleet_membership +} diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 682ea65300..a5e671ce73 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -857,3 +857,15 @@ variable "allow_net_admin" { default = null } {% endif %} + +variable "fleet_register" { + description = "Register cluster with fleet." + type = bool + default = null +} + +variable "fleet_project" { + description = "Register cluster with custom fleet host project." + type = string + default = null +} diff --git a/cluster.tf b/cluster.tf index be4e3cbc3f..f0107c5f29 100644 --- a/cluster.tf +++ b/cluster.tf @@ -231,6 +231,13 @@ resource "google_container_cluster" "primary" { vulnerability_mode = var.security_posture_vulnerability_mode } + dynamic "fleet" { + for_each = var.fleet_register == true ? [1] : [] + content { + project = var.fleet_project + } + } + ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/main.tf b/main.tf index 89889acbf1..6b3efc645a 100644 --- a/main.tf +++ b/main.tf @@ -54,6 +54,8 @@ locals { windows_node_pool_names = [for np in toset(var.windows_node_pools) : np.name] windows_node_pools = zipmap(local.windows_node_pool_names, tolist(toset(var.windows_node_pools))) + fleet_membership = var.fleet_register ? google_container_cluster.primary.fleet[0].membership : null + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] gateway_api_config = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 1fd8c3deeb..83f07e9260 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -98,6 +98,8 @@ Then perform the following commands on the root folder: | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `true` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` |
[
"8443",
"9443",
"15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| fleet\_project | Register cluster with custom fleet host project. | `string` | `null` | no | +| fleet\_register | Register cluster with fleet. | `bool` | `null` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | @@ -153,6 +155,7 @@ Then perform the following commands on the root folder: | cluster\_id | Cluster ID | | dns\_cache\_enabled | Whether DNS Cache enabled | | endpoint | Cluster endpoint | +| fleet\_membership | Fleet membership (if enabled) | | gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 00c767d99a..8f97159d64 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -147,6 +147,13 @@ resource "google_container_cluster" "primary" { vulnerability_mode = var.security_posture_vulnerability_mode } + dynamic "fleet" { + for_each = var.fleet_register == true ? [1] : [] + content { + project = var.fleet_project + } + } + ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf index a7e90a1f5f..82ad3162be 100644 --- a/modules/beta-autopilot-private-cluster/main.tf +++ b/modules/beta-autopilot-private-cluster/main.tf @@ -49,6 +49,8 @@ locals { master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version master_version = var.regional ? local.master_version_regional : local.master_version_zonal + fleet_membership = var.fleet_register ? google_container_cluster.primary.fleet[0].membership : null + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] gateway_api_config = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] diff --git a/modules/beta-autopilot-private-cluster/outputs.tf b/modules/beta-autopilot-private-cluster/outputs.tf index 8ba200ea1c..caa541a3aa 100644 --- a/modules/beta-autopilot-private-cluster/outputs.tf +++ b/modules/beta-autopilot-private-cluster/outputs.tf @@ -188,3 +188,8 @@ output "identity_service_enabled" { description = "Whether Identity Service is enabled" value = local.cluster_pod_security_policy_enabled } + +output "fleet_membership" { + description = "Fleet membership (if enabled)" + value = local.fleet_membership +} diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 2a24cc62dd..14a76ad7b2 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -460,3 +460,15 @@ variable "allow_net_admin" { type = bool default = null } + +variable "fleet_register" { + description = "Register cluster with fleet." + type = bool + default = null +} + +variable "fleet_project" { + description = "Register cluster with custom fleet host project." + type = string + default = null +} diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 56a0389895..f95ed41a79 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -89,6 +89,8 @@ Then perform the following commands on the root folder: | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `true` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` |
[
"8443",
"9443",
"15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| fleet\_project | Register cluster with custom fleet host project. | `string` | `null` | no | +| fleet\_register | Register cluster with fleet. | `bool` | `null` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | @@ -142,6 +144,7 @@ Then perform the following commands on the root folder: | cluster\_id | Cluster ID | | dns\_cache\_enabled | Whether DNS Cache enabled | | endpoint | Cluster endpoint | +| fleet\_membership | Fleet membership (if enabled) | | gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index bb7f73ae6b..c9b3b8e49a 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -147,6 +147,13 @@ resource "google_container_cluster" "primary" { vulnerability_mode = var.security_posture_vulnerability_mode } + dynamic "fleet" { + for_each = var.fleet_register == true ? [1] : [] + content { + project = var.fleet_project + } + } + ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/modules/beta-autopilot-public-cluster/main.tf b/modules/beta-autopilot-public-cluster/main.tf index 0199ec231b..abd0cedf49 100644 --- a/modules/beta-autopilot-public-cluster/main.tf +++ b/modules/beta-autopilot-public-cluster/main.tf @@ -49,6 +49,8 @@ locals { master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version master_version = var.regional ? local.master_version_regional : local.master_version_zonal + fleet_membership = var.fleet_register ? google_container_cluster.primary.fleet[0].membership : null + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] gateway_api_config = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] diff --git a/modules/beta-autopilot-public-cluster/outputs.tf b/modules/beta-autopilot-public-cluster/outputs.tf index e60b61f903..26b8e146b9 100644 --- a/modules/beta-autopilot-public-cluster/outputs.tf +++ b/modules/beta-autopilot-public-cluster/outputs.tf @@ -178,3 +178,8 @@ output "identity_service_enabled" { description = "Whether Identity Service is enabled" value = local.cluster_pod_security_policy_enabled } + +output "fleet_membership" { + description = "Fleet membership (if enabled)" + value = local.fleet_membership +} diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index caf41cda82..ca2e413c32 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -430,3 +430,15 @@ variable "allow_net_admin" { type = bool default = null } + +variable "fleet_register" { + description = "Register cluster with fleet." + type = bool + default = null +} + +variable "fleet_project" { + description = "Register cluster with custom fleet host project." + type = string + default = null +} diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 3bae57b7d9..d098bccc77 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -211,6 +211,8 @@ Then perform the following commands on the root folder: | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` |
[
"8443",
"9443",
"15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| fleet\_project | Register cluster with custom fleet host project. | `string` | `null` | no | +| fleet\_register | Register cluster with fleet. | `bool` | `null` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | | gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | @@ -293,6 +295,7 @@ Then perform the following commands on the root folder: | cluster\_id | Cluster ID | | dns\_cache\_enabled | Whether DNS Cache enabled | | endpoint | Cluster endpoint | +| fleet\_membership | Fleet membership (if enabled) | | gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 9aaf838470..3834883b49 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -281,6 +281,13 @@ resource "google_container_cluster" "primary" { vulnerability_mode = var.security_posture_vulnerability_mode } + dynamic "fleet" { + for_each = var.fleet_register == true ? [1] : [] + content { + project = var.fleet_project + } + } + ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index b7f8f664ed..d0d67faa0a 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -54,6 +54,8 @@ locals { windows_node_pool_names = [for np in toset(var.windows_node_pools) : np.name] windows_node_pools = zipmap(local.windows_node_pool_names, tolist(toset(var.windows_node_pools))) + fleet_membership = var.fleet_register ? google_container_cluster.primary.fleet[0].membership : null + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] gateway_api_config = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] diff --git a/modules/beta-private-cluster-update-variant/outputs.tf b/modules/beta-private-cluster-update-variant/outputs.tf index 64465ccde9..5354c37e90 100644 --- a/modules/beta-private-cluster-update-variant/outputs.tf +++ b/modules/beta-private-cluster-update-variant/outputs.tf @@ -214,3 +214,8 @@ output "identity_service_enabled" { description = "Whether Identity Service is enabled" value = local.cluster_pod_security_policy_enabled } + +output "fleet_membership" { + description = "Fleet membership (if enabled)" + value = local.fleet_membership +} diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 753d7b93bb..9eb6f2da6f 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -811,3 +811,15 @@ variable "enable_gcfs" { description = "Enable image streaming on cluster level." default = false } + +variable "fleet_register" { + description = "Register cluster with fleet." + type = bool + default = null +} + +variable "fleet_project" { + description = "Register cluster with custom fleet host project." + type = string + default = null +} diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 090a04a96e..5e20cb2f02 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -189,6 +189,8 @@ Then perform the following commands on the root folder: | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` |
[
"8443",
"9443",
"15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| fleet\_project | Register cluster with custom fleet host project. | `string` | `null` | no | +| fleet\_register | Register cluster with fleet. | `bool` | `null` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | | gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | @@ -271,6 +273,7 @@ Then perform the following commands on the root folder: | cluster\_id | Cluster ID | | dns\_cache\_enabled | Whether DNS Cache enabled | | endpoint | Cluster endpoint | +| fleet\_membership | Fleet membership (if enabled) | | gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index cc2ccb3999..568dab9f8e 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -281,6 +281,13 @@ resource "google_container_cluster" "primary" { vulnerability_mode = var.security_posture_vulnerability_mode } + dynamic "fleet" { + for_each = var.fleet_register == true ? [1] : [] + content { + project = var.fleet_project + } + } + ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index b7f8f664ed..d0d67faa0a 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -54,6 +54,8 @@ locals { windows_node_pool_names = [for np in toset(var.windows_node_pools) : np.name] windows_node_pools = zipmap(local.windows_node_pool_names, tolist(toset(var.windows_node_pools))) + fleet_membership = var.fleet_register ? google_container_cluster.primary.fleet[0].membership : null + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] gateway_api_config = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] diff --git a/modules/beta-private-cluster/outputs.tf b/modules/beta-private-cluster/outputs.tf index 64465ccde9..5354c37e90 100644 --- a/modules/beta-private-cluster/outputs.tf +++ b/modules/beta-private-cluster/outputs.tf @@ -214,3 +214,8 @@ output "identity_service_enabled" { description = "Whether Identity Service is enabled" value = local.cluster_pod_security_policy_enabled } + +output "fleet_membership" { + description = "Fleet membership (if enabled)" + value = local.fleet_membership +} diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 753d7b93bb..9eb6f2da6f 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -811,3 +811,15 @@ variable "enable_gcfs" { description = "Enable image streaming on cluster level." default = false } + +variable "fleet_register" { + description = "Register cluster with fleet." + type = bool + default = null +} + +variable "fleet_project" { + description = "Register cluster with custom fleet host project." + type = string + default = null +} diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 4811bc831d..1eab7c1789 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -202,6 +202,8 @@ Then perform the following commands on the root folder: | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` |
[
"8443",
"9443",
"15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| fleet\_project | Register cluster with custom fleet host project. | `string` | `null` | no | +| fleet\_register | Register cluster with fleet. | `bool` | `null` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | | gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | @@ -282,6 +284,7 @@ Then perform the following commands on the root folder: | cluster\_id | Cluster ID | | dns\_cache\_enabled | Whether DNS Cache enabled | | endpoint | Cluster endpoint | +| fleet\_membership | Fleet membership (if enabled) | | gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index fcc48cf172..95a95361fb 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -281,6 +281,13 @@ resource "google_container_cluster" "primary" { vulnerability_mode = var.security_posture_vulnerability_mode } + dynamic "fleet" { + for_each = var.fleet_register == true ? [1] : [] + content { + project = var.fleet_project + } + } + ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf index ee6ec17917..62b4e5a8f8 100644 --- a/modules/beta-public-cluster-update-variant/main.tf +++ b/modules/beta-public-cluster-update-variant/main.tf @@ -54,6 +54,8 @@ locals { windows_node_pool_names = [for np in toset(var.windows_node_pools) : np.name] windows_node_pools = zipmap(local.windows_node_pool_names, tolist(toset(var.windows_node_pools))) + fleet_membership = var.fleet_register ? google_container_cluster.primary.fleet[0].membership : null + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] gateway_api_config = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] diff --git a/modules/beta-public-cluster-update-variant/outputs.tf b/modules/beta-public-cluster-update-variant/outputs.tf index 5d199a4ed4..1445e0fa5a 100644 --- a/modules/beta-public-cluster-update-variant/outputs.tf +++ b/modules/beta-public-cluster-update-variant/outputs.tf @@ -204,3 +204,8 @@ output "identity_service_enabled" { description = "Whether Identity Service is enabled" value = local.cluster_pod_security_policy_enabled } + +output "fleet_membership" { + description = "Fleet membership (if enabled)" + value = local.fleet_membership +} diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 5863324c52..f3cdfb1e18 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -781,3 +781,15 @@ variable "enable_gcfs" { description = "Enable image streaming on cluster level." default = false } + +variable "fleet_register" { + description = "Register cluster with fleet." + type = bool + default = null +} + +variable "fleet_project" { + description = "Register cluster with custom fleet host project." + type = string + default = null +} diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 9376103d03..37944c00b6 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -180,6 +180,8 @@ Then perform the following commands on the root folder: | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` |
[
"8443",
"9443",
"15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| fleet\_project | Register cluster with custom fleet host project. | `string` | `null` | no | +| fleet\_register | Register cluster with fleet. | `bool` | `null` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | | gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | @@ -260,6 +262,7 @@ Then perform the following commands on the root folder: | cluster\_id | Cluster ID | | dns\_cache\_enabled | Whether DNS Cache enabled | | endpoint | Cluster endpoint | +| fleet\_membership | Fleet membership (if enabled) | | gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index dddf6c018e..9a9b107c73 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -281,6 +281,13 @@ resource "google_container_cluster" "primary" { vulnerability_mode = var.security_posture_vulnerability_mode } + dynamic "fleet" { + for_each = var.fleet_register == true ? [1] : [] + content { + project = var.fleet_project + } + } + ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index ee6ec17917..62b4e5a8f8 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -54,6 +54,8 @@ locals { windows_node_pool_names = [for np in toset(var.windows_node_pools) : np.name] windows_node_pools = zipmap(local.windows_node_pool_names, tolist(toset(var.windows_node_pools))) + fleet_membership = var.fleet_register ? google_container_cluster.primary.fleet[0].membership : null + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] gateway_api_config = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] diff --git a/modules/beta-public-cluster/outputs.tf b/modules/beta-public-cluster/outputs.tf index 5d199a4ed4..1445e0fa5a 100644 --- a/modules/beta-public-cluster/outputs.tf +++ b/modules/beta-public-cluster/outputs.tf @@ -204,3 +204,8 @@ output "identity_service_enabled" { description = "Whether Identity Service is enabled" value = local.cluster_pod_security_policy_enabled } + +output "fleet_membership" { + description = "Fleet membership (if enabled)" + value = local.fleet_membership +} diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 5863324c52..f3cdfb1e18 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -781,3 +781,15 @@ variable "enable_gcfs" { description = "Enable image streaming on cluster level." default = false } + +variable "fleet_register" { + description = "Register cluster with fleet." + type = bool + default = null +} + +variable "fleet_project" { + description = "Register cluster with custom fleet host project." + type = string + default = null +} diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 9407ab5fb6..b4341e9642 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -198,6 +198,8 @@ Then perform the following commands on the root folder: | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` |
[
"8443",
"9443",
"15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| fleet\_project | Register cluster with custom fleet host project. | `string` | `null` | no | +| fleet\_register | Register cluster with fleet. | `bool` | `null` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | | gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | @@ -272,6 +274,7 @@ Then perform the following commands on the root folder: | ca\_certificate | Cluster ca certificate (base64 encoded) | | cluster\_id | Cluster ID | | endpoint | Cluster endpoint | +| fleet\_membership | Fleet membership (if enabled) | | gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 91f632c958..2587045542 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -231,6 +231,13 @@ resource "google_container_cluster" "primary" { vulnerability_mode = var.security_posture_vulnerability_mode } + dynamic "fleet" { + for_each = var.fleet_register == true ? [1] : [] + content { + project = var.fleet_project + } + } + ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index 98283ce979..b4ebffb5eb 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -54,6 +54,8 @@ locals { windows_node_pool_names = [for np in toset(var.windows_node_pools) : np.name] windows_node_pools = zipmap(local.windows_node_pool_names, tolist(toset(var.windows_node_pools))) + fleet_membership = var.fleet_register ? google_container_cluster.primary.fleet[0].membership : null + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] gateway_api_config = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] diff --git a/modules/private-cluster-update-variant/outputs.tf b/modules/private-cluster-update-variant/outputs.tf index 5b6a461d7a..a1adcd7e6a 100644 --- a/modules/private-cluster-update-variant/outputs.tf +++ b/modules/private-cluster-update-variant/outputs.tf @@ -184,3 +184,8 @@ output "peering_name" { description = "The name of the peering between this cluster and the Google owned VPC." value = local.cluster_peering_name } + +output "fleet_membership" { + description = "Fleet membership (if enabled)" + value = local.fleet_membership +} diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 3d493dc4a7..3f06d84977 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -721,3 +721,15 @@ variable "config_connector" { description = "Whether ConfigConnector is enabled for this cluster." default = false } + +variable "fleet_register" { + description = "Register cluster with fleet." + type = bool + default = null +} + +variable "fleet_project" { + description = "Register cluster with custom fleet host project." + type = string + default = null +} diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 54e5080862..da7dc4990d 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -176,6 +176,8 @@ Then perform the following commands on the root folder: | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no | | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` |
[
"8443",
"9443",
"15017"
]
| no | | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | +| fleet\_project | Register cluster with custom fleet host project. | `string` | `null` | no | +| fleet\_register | Register cluster with fleet. | `bool` | `null` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | | gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | @@ -250,6 +252,7 @@ Then perform the following commands on the root folder: | ca\_certificate | Cluster ca certificate (base64 encoded) | | cluster\_id | Cluster ID | | endpoint | Cluster endpoint | +| fleet\_membership | Fleet membership (if enabled) | | gateway\_api\_channel | The gateway api channel of this cluster. | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 7bacc938d8..3c791800c3 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -231,6 +231,13 @@ resource "google_container_cluster" "primary" { vulnerability_mode = var.security_posture_vulnerability_mode } + dynamic "fleet" { + for_each = var.fleet_register == true ? [1] : [] + content { + project = var.fleet_project + } + } + ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index 98283ce979..b4ebffb5eb 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -54,6 +54,8 @@ locals { windows_node_pool_names = [for np in toset(var.windows_node_pools) : np.name] windows_node_pools = zipmap(local.windows_node_pool_names, tolist(toset(var.windows_node_pools))) + fleet_membership = var.fleet_register ? google_container_cluster.primary.fleet[0].membership : null + release_channel = var.release_channel != null ? [{ channel : var.release_channel }] : [] gateway_api_config = var.gateway_api_channel != null ? [{ channel : var.gateway_api_channel }] : [] diff --git a/modules/private-cluster/outputs.tf b/modules/private-cluster/outputs.tf index 5b6a461d7a..a1adcd7e6a 100644 --- a/modules/private-cluster/outputs.tf +++ b/modules/private-cluster/outputs.tf @@ -184,3 +184,8 @@ output "peering_name" { description = "The name of the peering between this cluster and the Google owned VPC." value = local.cluster_peering_name } + +output "fleet_membership" { + description = "Fleet membership (if enabled)" + value = local.fleet_membership +} diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 3d493dc4a7..3f06d84977 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -721,3 +721,15 @@ variable "config_connector" { description = "Whether ConfigConnector is enabled for this cluster." default = false } + +variable "fleet_register" { + description = "Register cluster with fleet." + type = bool + default = null +} + +variable "fleet_project" { + description = "Register cluster with custom fleet host project." + type = string + default = null +} diff --git a/outputs.tf b/outputs.tf index 232d0b1f29..b9ebcec0c7 100644 --- a/outputs.tf +++ b/outputs.tf @@ -174,3 +174,8 @@ output "mesh_certificates_config" { ] } + +output "fleet_membership" { + description = "Fleet membership (if enabled)" + value = local.fleet_membership +} diff --git a/variables.tf b/variables.tf index 0b47543630..97770d56ce 100644 --- a/variables.tf +++ b/variables.tf @@ -691,3 +691,15 @@ variable "config_connector" { description = "Whether ConfigConnector is enabled for this cluster." default = false } + +variable "fleet_register" { + description = "Register cluster with fleet." + type = bool + default = null +} + +variable "fleet_project" { + description = "Register cluster with custom fleet host project." + type = string + default = null +}