From 27f180fff3fbb42ddfa8581a6bd155e71373c4de Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Sun, 10 Jul 2022 22:51:41 +0300 Subject: [PATCH 1/4] cloud-dns support --- README.md | 3 +++ autogen/main/cluster.tf.tmpl | 9 +++++++++ autogen/main/variables.tf.tmpl | 18 ++++++++++++++++++ cluster.tf | 9 +++++++++ .../beta-autopilot-private-cluster/README.md | 3 +++ .../variables.tf | 18 ++++++++++++++++++ .../beta-autopilot-public-cluster/README.md | 3 +++ .../beta-autopilot-public-cluster/variables.tf | 18 ++++++++++++++++++ .../README.md | 3 +++ .../cluster.tf | 9 +++++++++ .../variables.tf | 18 ++++++++++++++++++ modules/beta-private-cluster/README.md | 3 +++ modules/beta-private-cluster/cluster.tf | 9 +++++++++ modules/beta-private-cluster/variables.tf | 18 ++++++++++++++++++ .../README.md | 3 +++ .../cluster.tf | 9 +++++++++ .../variables.tf | 18 ++++++++++++++++++ modules/beta-public-cluster/README.md | 3 +++ modules/beta-public-cluster/cluster.tf | 9 +++++++++ modules/beta-public-cluster/variables.tf | 18 ++++++++++++++++++ .../private-cluster-update-variant/README.md | 3 +++ .../private-cluster-update-variant/cluster.tf | 9 +++++++++ .../variables.tf | 18 ++++++++++++++++++ modules/private-cluster/README.md | 3 +++ modules/private-cluster/cluster.tf | 9 +++++++++ modules/private-cluster/variables.tf | 18 ++++++++++++++++++ variables.tf | 18 ++++++++++++++++++ 27 files changed, 279 insertions(+) diff --git a/README.md b/README.md index 522564c06e..45a1a4f897 100644 --- a/README.md +++ b/README.md @@ -133,6 +133,9 @@ Then perform the following commands on the root folder: | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled       = bool
    min_cpu_cores = number
    max_cpu_cores = number
    min_memory_gb = number
    max_memory_gb = number
    gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
  })
| 
{
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index c08a6570ee..07991976f8 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -748,6 +748,15 @@ resource "google_container_node_pool" "pools" { } } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + lifecycle { ignore_changes = [initial_node_count] diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 2ebcbd8ece..f8e0ef980d 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -574,6 +574,24 @@ variable "node_metadata" { } {% endif %} +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/cluster.tf b/cluster.tf index 6de632f8a9..6df3d57255 100644 --- a/cluster.tf +++ b/cluster.tf @@ -398,6 +398,15 @@ resource "google_container_node_pool" "pools" { } } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + lifecycle { ignore_changes = [initial_node_count] diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index f4dc735b6a..ae5d59a001 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -72,6 +72,9 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | +| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 12109590f2..f1d85c5936 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -383,6 +383,24 @@ variable "database_encryption" { } +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 975fb058a1..70eeb585d5 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -66,6 +66,9 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | +| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index c0888cbf0a..5109980251 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -352,6 +352,24 @@ variable "database_encryption" { } +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index fbaaeb9e0f..206452fd10 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -167,6 +167,9 @@ Then perform the following commands on the root folder: | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | | cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no | | cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
  })
| 
{
  "autoscaling_profile": "BALANCED",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 48a54cd332..1904cf5b29 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -666,6 +666,15 @@ resource "google_container_node_pool" "pools" { } } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + lifecycle { ignore_changes = [initial_node_count] diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 5b23173cbd..b92c5e37d9 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -544,6 +544,24 @@ variable "node_metadata" { } } +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index af7801ef69..9e37ed00f5 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -145,6 +145,9 @@ Then perform the following commands on the root folder: | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | | cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no | | cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
  })
| 
{
  "autoscaling_profile": "BALANCED",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index ad630ef7c5..9a3b9904f0 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -575,6 +575,15 @@ resource "google_container_node_pool" "pools" { } } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + lifecycle { ignore_changes = [initial_node_count] diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 5b23173cbd..b92c5e37d9 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -544,6 +544,24 @@ variable "node_metadata" { } } +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 39c87f0ec6..70697bbd5f 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -161,6 +161,9 @@ Then perform the following commands on the root folder: | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | | cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no | | cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
  })
| 
{
  "autoscaling_profile": "BALANCED",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index e728537596..a12eb785d5 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -647,6 +647,15 @@ resource "google_container_node_pool" "pools" { } } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + lifecycle { ignore_changes = [initial_node_count] diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 12eaf34b4c..41dcaeb315 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -513,6 +513,24 @@ variable "node_metadata" { } } +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 1cec3ada38..b3a8b63636 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -139,6 +139,9 @@ Then perform the following commands on the root folder: | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | | cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no | | cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
  })
| 
{
  "autoscaling_profile": "BALANCED",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 012ce31570..9233a0e87f 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -556,6 +556,15 @@ resource "google_container_node_pool" "pools" { } } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + lifecycle { ignore_changes = [initial_node_count] diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 12eaf34b4c..41dcaeb315 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -513,6 +513,24 @@ variable "node_metadata" { } } +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index cdc59dbd55..82469ca522 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -161,6 +161,9 @@ Then perform the following commands on the root folder: | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled       = bool
    min_cpu_cores = number
    max_cpu_cores = number
    min_memory_gb = number
    max_memory_gb = number
    gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
  })
| 
{
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index d8ecd2eb5f..f027f1fffb 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -502,6 +502,15 @@ resource "google_container_node_pool" "pools" { } } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + lifecycle { ignore_changes = [initial_node_count] diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 2c98a8532c..e7f0e602d0 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -490,6 +490,24 @@ variable "node_metadata" { } } +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index e7251e2710..336286b32e 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -139,6 +139,9 @@ Then perform the following commands on the root folder: | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled       = bool
    min_cpu_cores = number
    max_cpu_cores = number
    min_memory_gb = number
    max_memory_gb = number
    gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
  })
| 
{
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | +| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | +| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index aaedfaf344..ad034c2784 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -411,6 +411,15 @@ resource "google_container_node_pool" "pools" { } } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + lifecycle { ignore_changes = [initial_node_count] diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 2c98a8532c..e7f0e602d0 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -490,6 +490,24 @@ variable "node_metadata" { } } +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/variables.tf b/variables.tf index 1ee6995719..48e9c772d8 100644 --- a/variables.tf +++ b/variables.tf @@ -466,6 +466,24 @@ variable "node_metadata" { } } +variable "cluster_dns_provider" { + type = string + description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." + default = "PROVIDER_UNSPECIFIED" +} + +variable "cluster_dns_scope" { + type = string + description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " + default = "DNS_SCOPE_UNSPECIFIED" +} + +variable "cluster_dns_domain" { + type = string + description = "The suffix used for all cluster service records." + default = "" +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." From 4769d308bbabd682301e98f85024bda9515d32d9 Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Sun, 10 Jul 2022 23:42:44 +0300 Subject: [PATCH 2/4] fix --- autogen/main/cluster.tf.tmpl | 18 +++++++++--------- cluster.tf | 18 +++++++++--------- .../beta-autopilot-private-cluster/cluster.tf | 9 +++++++++ .../beta-autopilot-public-cluster/cluster.tf | 9 +++++++++ .../cluster.tf | 18 +++++++++--------- modules/beta-private-cluster/cluster.tf | 18 +++++++++--------- .../cluster.tf | 18 +++++++++--------- modules/beta-public-cluster/cluster.tf | 18 +++++++++--------- .../private-cluster-update-variant/cluster.tf | 18 +++++++++--------- modules/private-cluster/cluster.tf | 18 +++++++++--------- 10 files changed, 90 insertions(+), 72 deletions(-) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 07991976f8..81ad113b7b 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -301,6 +301,15 @@ resource "google_container_cluster" "primary" { } {% endif %} + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + timeouts { create = lookup(var.timeouts, "create", "45m") update = lookup(var.timeouts, "update", "45m") @@ -748,15 +757,6 @@ resource "google_container_node_pool" "pools" { } } - dynamic "dns_config" { - for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] - content { - cluster_dns = var.cluster_dns_provider - cluster_dns_scope = var.cluster_dns_scope - cluster_dns_domain = var.cluster_dns_domain - } - } - lifecycle { ignore_changes = [initial_node_count] diff --git a/cluster.tf b/cluster.tf index 6df3d57255..95a737521b 100644 --- a/cluster.tf +++ b/cluster.tf @@ -161,6 +161,15 @@ resource "google_container_cluster" "primary" { ignore_changes = [node_pool, initial_node_count, resource_labels["asmv"], resource_labels["mesh_id"]] } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + timeouts { create = lookup(var.timeouts, "create", "45m") update = lookup(var.timeouts, "update", "45m") @@ -398,15 +407,6 @@ resource "google_container_node_pool" "pools" { } } - dynamic "dns_config" { - for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] - content { - cluster_dns = var.cluster_dns_provider - cluster_dns_scope = var.cluster_dns_scope - cluster_dns_domain = var.cluster_dns_domain - } - } - lifecycle { ignore_changes = [initial_node_count] diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 551de2fac2..d798b85206 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -141,6 +141,15 @@ resource "google_container_cluster" "primary" { } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + timeouts { create = lookup(var.timeouts, "create", "45m") update = lookup(var.timeouts, "update", "45m") diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 5faebd7065..0e8209327e 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -141,6 +141,15 @@ resource "google_container_cluster" "primary" { } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + timeouts { create = lookup(var.timeouts, "create", "45m") update = lookup(var.timeouts, "update", "45m") diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 1904cf5b29..f3ed94e5c4 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -254,6 +254,15 @@ resource "google_container_cluster" "primary" { ignore_changes = [node_pool, initial_node_count, resource_labels["asmv"], resource_labels["mesh_id"]] } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + timeouts { create = lookup(var.timeouts, "create", "45m") update = lookup(var.timeouts, "update", "45m") @@ -666,15 +675,6 @@ resource "google_container_node_pool" "pools" { } } - dynamic "dns_config" { - for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] - content { - cluster_dns = var.cluster_dns_provider - cluster_dns_scope = var.cluster_dns_scope - cluster_dns_domain = var.cluster_dns_domain - } - } - lifecycle { ignore_changes = [initial_node_count] diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 9a3b9904f0..e89f8e271a 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -254,6 +254,15 @@ resource "google_container_cluster" "primary" { ignore_changes = [node_pool, initial_node_count, resource_labels["asmv"], resource_labels["mesh_id"]] } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + timeouts { create = lookup(var.timeouts, "create", "45m") update = lookup(var.timeouts, "update", "45m") @@ -575,15 +584,6 @@ resource "google_container_node_pool" "pools" { } } - dynamic "dns_config" { - for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] - content { - cluster_dns = var.cluster_dns_provider - cluster_dns_scope = var.cluster_dns_scope - cluster_dns_domain = var.cluster_dns_domain - } - } - lifecycle { ignore_changes = [initial_node_count] diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index a12eb785d5..dc41d3425a 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -254,6 +254,15 @@ resource "google_container_cluster" "primary" { ignore_changes = [node_pool, initial_node_count, resource_labels["asmv"], resource_labels["mesh_id"]] } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + timeouts { create = lookup(var.timeouts, "create", "45m") update = lookup(var.timeouts, "update", "45m") @@ -647,15 +656,6 @@ resource "google_container_node_pool" "pools" { } } - dynamic "dns_config" { - for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] - content { - cluster_dns = var.cluster_dns_provider - cluster_dns_scope = var.cluster_dns_scope - cluster_dns_domain = var.cluster_dns_domain - } - } - lifecycle { ignore_changes = [initial_node_count] diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 9233a0e87f..640129233c 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -254,6 +254,15 @@ resource "google_container_cluster" "primary" { ignore_changes = [node_pool, initial_node_count, resource_labels["asmv"], resource_labels["mesh_id"]] } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + timeouts { create = lookup(var.timeouts, "create", "45m") update = lookup(var.timeouts, "update", "45m") @@ -556,15 +565,6 @@ resource "google_container_node_pool" "pools" { } } - dynamic "dns_config" { - for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] - content { - cluster_dns = var.cluster_dns_provider - cluster_dns_scope = var.cluster_dns_scope - cluster_dns_domain = var.cluster_dns_domain - } - } - lifecycle { ignore_changes = [initial_node_count] diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index f027f1fffb..f18460fe52 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -161,6 +161,15 @@ resource "google_container_cluster" "primary" { ignore_changes = [node_pool, initial_node_count, resource_labels["asmv"], resource_labels["mesh_id"]] } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + timeouts { create = lookup(var.timeouts, "create", "45m") update = lookup(var.timeouts, "update", "45m") @@ -502,15 +511,6 @@ resource "google_container_node_pool" "pools" { } } - dynamic "dns_config" { - for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] - content { - cluster_dns = var.cluster_dns_provider - cluster_dns_scope = var.cluster_dns_scope - cluster_dns_domain = var.cluster_dns_domain - } - } - lifecycle { ignore_changes = [initial_node_count] diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index ad034c2784..9cdfbdd8ae 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -161,6 +161,15 @@ resource "google_container_cluster" "primary" { ignore_changes = [node_pool, initial_node_count, resource_labels["asmv"], resource_labels["mesh_id"]] } + dynamic "dns_config" { + for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] + content { + cluster_dns = var.cluster_dns_provider + cluster_dns_scope = var.cluster_dns_scope + cluster_dns_domain = var.cluster_dns_domain + } + } + timeouts { create = lookup(var.timeouts, "create", "45m") update = lookup(var.timeouts, "update", "45m") @@ -411,15 +420,6 @@ resource "google_container_node_pool" "pools" { } } - dynamic "dns_config" { - for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] - content { - cluster_dns = var.cluster_dns_provider - cluster_dns_scope = var.cluster_dns_scope - cluster_dns_domain = var.cluster_dns_domain - } - } - lifecycle { ignore_changes = [initial_node_count] From e744660249361b652f9b075633428dedc4766105 Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Mon, 11 Jul 2022 14:31:54 +0300 Subject: [PATCH 3/4] lint --- autogen/main/cluster.tf.tmpl | 2 +- modules/beta-autopilot-private-cluster/cluster.tf | 2 +- modules/beta-autopilot-public-cluster/cluster.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 81ad113b7b..4775679795 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -308,7 +308,7 @@ resource "google_container_cluster" "primary" { cluster_dns_scope = var.cluster_dns_scope cluster_dns_domain = var.cluster_dns_domain } - } + } timeouts { create = lookup(var.timeouts, "create", "45m") diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index d798b85206..305f680d2c 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -148,7 +148,7 @@ resource "google_container_cluster" "primary" { cluster_dns_scope = var.cluster_dns_scope cluster_dns_domain = var.cluster_dns_domain } - } + } timeouts { create = lookup(var.timeouts, "create", "45m") diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 0e8209327e..a8f4cacaf8 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -148,7 +148,7 @@ resource "google_container_cluster" "primary" { cluster_dns_scope = var.cluster_dns_scope cluster_dns_domain = var.cluster_dns_domain } - } + } timeouts { create = lookup(var.timeouts, "create", "45m") From d06f1fa70a874e397db7182c381bad6d8b6f557e Mon Sep 17 00:00:00 2001 From: drfaust92 Date: Thu, 21 Jul 2022 20:54:00 +0300 Subject: [PATCH 4/4] autopilot --- autogen/main/cluster.tf.tmpl | 2 ++ autogen/main/variables.tf.tmpl | 2 ++ .../beta-autopilot-private-cluster/README.md | 3 --- .../beta-autopilot-private-cluster/cluster.tf | 9 --------- .../variables.tf | 18 ------------------ .../beta-autopilot-public-cluster/README.md | 3 --- .../beta-autopilot-public-cluster/cluster.tf | 9 --------- .../beta-autopilot-public-cluster/variables.tf | 18 ------------------ 8 files changed, 4 insertions(+), 60 deletions(-) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 1c5d63cbc2..8599190633 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -309,6 +309,7 @@ resource "google_container_cluster" "primary" { } {% endif %} + {% if autopilot_cluster != true %} dynamic "dns_config" { for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] content { @@ -318,6 +319,7 @@ resource "google_container_cluster" "primary" { } } + {% endif %} timeouts { create = lookup(var.timeouts, "create", "45m") update = lookup(var.timeouts, "update", "45m") diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index dc05911702..7150db0781 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -574,6 +574,7 @@ variable "node_metadata" { } {% endif %} +{% if autopilot_cluster != true %} variable "cluster_dns_provider" { type = string description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." @@ -592,6 +593,7 @@ variable "cluster_dns_domain" { default = "" } +{% endif %} variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index ae5d59a001..f4dc735b6a 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -72,9 +72,6 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | -| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | -| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | -| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 305f680d2c..551de2fac2 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -141,15 +141,6 @@ resource "google_container_cluster" "primary" { } - dynamic "dns_config" { - for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] - content { - cluster_dns = var.cluster_dns_provider - cluster_dns_scope = var.cluster_dns_scope - cluster_dns_domain = var.cluster_dns_domain - } - } - timeouts { create = lookup(var.timeouts, "create", "45m") update = lookup(var.timeouts, "update", "45m") diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index f1d85c5936..12109590f2 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -383,24 +383,6 @@ variable "database_encryption" { } -variable "cluster_dns_provider" { - type = string - description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." - default = "PROVIDER_UNSPECIFIED" -} - -variable "cluster_dns_scope" { - type = string - description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " - default = "DNS_SCOPE_UNSPECIFIED" -} - -variable "cluster_dns_domain" { - type = string - description = "The suffix used for all cluster service records." - default = "" -} - variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 70eeb585d5..975fb058a1 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -66,9 +66,6 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | -| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | -| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | -| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index a8f4cacaf8..5faebd7065 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -141,15 +141,6 @@ resource "google_container_cluster" "primary" { } - dynamic "dns_config" { - for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : [] - content { - cluster_dns = var.cluster_dns_provider - cluster_dns_scope = var.cluster_dns_scope - cluster_dns_domain = var.cluster_dns_domain - } - } - timeouts { create = lookup(var.timeouts, "create", "45m") update = lookup(var.timeouts, "update", "45m") diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index 5109980251..c0888cbf0a 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -352,24 +352,6 @@ variable "database_encryption" { } -variable "cluster_dns_provider" { - type = string - description = "Which in-cluster DNS provider should be used. PROVIDER_UNSPECIFIED (default) or PLATFORM_DEFAULT or CLOUD_DNS." - default = "PROVIDER_UNSPECIFIED" -} - -variable "cluster_dns_scope" { - type = string - description = "The scope of access to cluster DNS records. DNS_SCOPE_UNSPECIFIED (default) or CLUSTER_SCOPE or VPC_SCOPE. " - default = "DNS_SCOPE_UNSPECIFIED" -} - -variable "cluster_dns_domain" { - type = string - description = "The suffix used for all cluster service records." - default = "" -} - variable "timeouts" { type = map(string) description = "Timeout for cluster operations."