From 8ec88d918ebc54f9d5e55d0b0c089ea963e483ab Mon Sep 17 00:00:00 2001 From: Peter Schuurman Date: Wed, 15 May 2024 22:58:16 -0700 Subject: [PATCH] Add support for StatefulHA Addon --- README.md | 1 + autogen/main/cluster.tf.tmpl | 8 ++++++++ autogen/main/main.tf.tmpl | 1 + autogen/main/variables.tf.tmpl | 6 ++++++ autogen/main/versions.tf.tmpl | 4 ++-- cluster.tf | 8 ++++++++ examples/simple_regional/main.tf | 1 + main.tf | 1 + modules/beta-autopilot-private-cluster/versions.tf | 4 ++-- modules/beta-autopilot-public-cluster/versions.tf | 4 ++-- modules/beta-private-cluster-update-variant/README.md | 1 + modules/beta-private-cluster-update-variant/cluster.tf | 8 ++++++++ modules/beta-private-cluster-update-variant/main.tf | 1 + modules/beta-private-cluster-update-variant/variables.tf | 6 ++++++ modules/beta-private-cluster-update-variant/versions.tf | 4 ++-- modules/beta-private-cluster/README.md | 1 + modules/beta-private-cluster/cluster.tf | 8 ++++++++ modules/beta-private-cluster/main.tf | 1 + modules/beta-private-cluster/variables.tf | 6 ++++++ modules/beta-private-cluster/versions.tf | 4 ++-- modules/beta-public-cluster-update-variant/README.md | 1 + modules/beta-public-cluster-update-variant/cluster.tf | 8 ++++++++ modules/beta-public-cluster-update-variant/main.tf | 1 + modules/beta-public-cluster-update-variant/variables.tf | 6 ++++++ modules/beta-public-cluster-update-variant/versions.tf | 4 ++-- modules/beta-public-cluster/README.md | 1 + modules/beta-public-cluster/cluster.tf | 8 ++++++++ modules/beta-public-cluster/main.tf | 1 + modules/beta-public-cluster/variables.tf | 6 ++++++ modules/beta-public-cluster/versions.tf | 4 ++-- modules/private-cluster-update-variant/README.md | 1 + modules/private-cluster-update-variant/cluster.tf | 8 ++++++++ modules/private-cluster-update-variant/main.tf | 1 + modules/private-cluster-update-variant/variables.tf | 6 ++++++ modules/private-cluster/README.md | 1 + modules/private-cluster/cluster.tf | 8 ++++++++ modules/private-cluster/main.tf | 1 + modules/private-cluster/variables.tf | 6 ++++++ .../simple_regional/testdata/TestSimpleRegional.json | 3 +++ variables.tf | 6 ++++++ 40 files changed, 145 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 21f945a86a..3ac5b03b75 100644 --- a/README.md +++ b/README.md @@ -228,6 +228,7 @@ Then perform the following commands on the root folder: | shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. |
object({
metadata = string
})
|
{
"metadata": "INCLUDE_ALL_METADATA"
}
| no | | shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no | | stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no | +| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index e09755281c..c6028215d8 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -309,6 +309,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "stateful_ha_config" { + for_each = local.stateful_ha_config + + content { + enabled = stateful_ha_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index 49b847fcba..11b15736b7 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -109,6 +109,7 @@ locals { logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] + stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : [] {% endif %} {% if beta_cluster and autopilot_cluster != true %} cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? { diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 663a10661b..e807f87373 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -725,6 +725,12 @@ variable "gcs_fuse_csi_driver" { default = false } +variable "stateful_ha" { + type = bool + description = "Whether the Stateful HA Addon is enabled for this cluster." + default = false +} + {% endif %} variable "timeouts" { type = map(string) diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index 4dbcebecae..31c1e0d04a 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -24,11 +24,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.9.0, < 6" + version = ">= 5.25.0, < 6" } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.9.0, < 6" + version = ">= 5.25.0, < 6" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/cluster.tf b/cluster.tf index e945124d1a..c67758d5ef 100644 --- a/cluster.tf +++ b/cluster.tf @@ -229,6 +229,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "stateful_ha_config" { + for_each = local.stateful_ha_config + + content { + enabled = stateful_ha_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf index 11a34fa0c6..5fc839611d 100644 --- a/examples/simple_regional/main.tf +++ b/examples/simple_regional/main.tf @@ -45,4 +45,5 @@ module "gke" { gcs_fuse_csi_driver = true fleet_project = var.project_id deletion_protection = false + stateful_ha = true } diff --git a/main.tf b/main.tf index 4025b6063c..2536671a13 100644 --- a/main.tf +++ b/main.tf @@ -94,6 +94,7 @@ locals { logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] + stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : [] cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index 1d0a0e5984..7580b366e9 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.9.0, < 6" + version = ">= 5.25.0, < 6" } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.9.0, < 6" + version = ">= 5.25.0, < 6" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index 073f851245..5cf26c9d4e 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.9.0, < 6" + version = ">= 5.25.0, < 6" } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.9.0, < 6" + version = ">= 5.25.0, < 6" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index cbf79f9060..095c7c9ba2 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -278,6 +278,7 @@ Then perform the following commands on the root folder: | shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. |
object({
metadata = string
})
|
{
"metadata": "INCLUDE_ALL_METADATA"
}
| no | | shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no | | stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no | +| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index d2adf527b0..fc9b5085b9 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -252,6 +252,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "stateful_ha_config" { + for_each = local.stateful_ha_config + + content { + enabled = stateful_ha_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index f7ef1e33d2..3389a4a7a1 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -94,6 +94,7 @@ locals { logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] + stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : [] cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? { load_balancer_type = var.cloudrun_load_balancer_type } : {} diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 03742b1504..270105e6bd 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -696,6 +696,12 @@ variable "gcs_fuse_csi_driver" { default = false } +variable "stateful_ha" { + type = bool + description = "Whether the Stateful HA Addon is enabled for this cluster." + default = false +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index b5a118d0d6..3d48de936d 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.9.0, < 6" + version = ">= 5.25.0, < 6" } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.9.0, < 6" + version = ">= 5.25.0, < 6" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 0293e59c66..4808bf3f4c 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -256,6 +256,7 @@ Then perform the following commands on the root folder: | shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. |
object({
metadata = string
})
|
{
"metadata": "INCLUDE_ALL_METADATA"
}
| no | | shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no | | stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no | +| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 22ca1b7823..46bbae50c9 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -252,6 +252,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "stateful_ha_config" { + for_each = local.stateful_ha_config + + content { + enabled = stateful_ha_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index f7ef1e33d2..3389a4a7a1 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -94,6 +94,7 @@ locals { logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] + stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : [] cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? { load_balancer_type = var.cloudrun_load_balancer_type } : {} diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 03742b1504..270105e6bd 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -696,6 +696,12 @@ variable "gcs_fuse_csi_driver" { default = false } +variable "stateful_ha" { + type = bool + description = "Whether the Stateful HA Addon is enabled for this cluster." + default = false +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 2232e58ef1..1b0043e5ec 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.9.0, < 6" + version = ">= 5.25.0, < 6" } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.9.0, < 6" + version = ">= 5.25.0, < 6" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 61707e4a3c..ad82e7ee66 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -267,6 +267,7 @@ Then perform the following commands on the root folder: | shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. |
object({
metadata = string
})
|
{
"metadata": "INCLUDE_ALL_METADATA"
}
| no | | shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no | | stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no | +| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 2d7b25218e..2845da3817 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -252,6 +252,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "stateful_ha_config" { + for_each = local.stateful_ha_config + + content { + enabled = stateful_ha_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf index d92b11fadd..a14251068c 100644 --- a/modules/beta-public-cluster-update-variant/main.tf +++ b/modules/beta-public-cluster-update-variant/main.tf @@ -94,6 +94,7 @@ locals { logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] + stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : [] cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? { load_balancer_type = var.cloudrun_load_balancer_type } : {} diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 2490cfd338..17508a59bf 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -666,6 +666,12 @@ variable "gcs_fuse_csi_driver" { default = false } +variable "stateful_ha" { + type = bool + description = "Whether the Stateful HA Addon is enabled for this cluster." + default = false +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index bbfa6c9a90..1c2823a6b6 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.9.0, < 6" + version = ">= 5.25.0, < 6" } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.9.0, < 6" + version = ">= 5.25.0, < 6" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 939fd0f460..adca29f57b 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -245,6 +245,7 @@ Then perform the following commands on the root folder: | shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. |
object({
metadata = string
})
|
{
"metadata": "INCLUDE_ALL_METADATA"
}
| no | | shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no | | stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no | +| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index b634e2a418..233e597658 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -252,6 +252,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "stateful_ha_config" { + for_each = local.stateful_ha_config + + content { + enabled = stateful_ha_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index d92b11fadd..a14251068c 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -94,6 +94,7 @@ locals { logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] + stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : [] cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? { load_balancer_type = var.cloudrun_load_balancer_type } : {} diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 2490cfd338..17508a59bf 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -666,6 +666,12 @@ variable "gcs_fuse_csi_driver" { default = false } +variable "stateful_ha" { + type = bool + description = "Whether the Stateful HA Addon is enabled for this cluster." + default = false +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index c5f1cb6548..02d99f1f80 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 5.9.0, < 6" + version = ">= 5.25.0, < 6" } google-beta = { source = "hashicorp/google-beta" - version = ">= 5.9.0, < 6" + version = ">= 5.25.0, < 6" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 2771ea8bf9..d1b4b25caa 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -261,6 +261,7 @@ Then perform the following commands on the root folder: | shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. |
object({
metadata = string
})
|
{
"metadata": "INCLUDE_ALL_METADATA"
}
| no | | shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no | | stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no | +| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 51447d8df2..a1b98e44a9 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -229,6 +229,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "stateful_ha_config" { + for_each = local.stateful_ha_config + + content { + enabled = stateful_ha_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index f2a6e28ea8..fb7f0edf1c 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -94,6 +94,7 @@ locals { logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] + stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : [] cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index e7e2e0e5d0..408517098c 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -672,6 +672,12 @@ variable "gcs_fuse_csi_driver" { default = false } +variable "stateful_ha" { + type = bool + description = "Whether the Stateful HA Addon is enabled for this cluster." + default = false +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index d27738eb3f..1500378df1 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -239,6 +239,7 @@ Then perform the following commands on the root folder: | shadow\_firewall\_rules\_log\_config | The log\_config for shadow firewall rules. You can set this variable to `null` to disable logging. |
object({
metadata = string
})
|
{
"metadata": "INCLUDE_ALL_METADATA"
}
| no | | shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no | | stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no | +| stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index ff09024061..9dcb9055e8 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -229,6 +229,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "stateful_ha_config" { + for_each = local.stateful_ha_config + + content { + enabled = stateful_ha_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index f2a6e28ea8..fb7f0edf1c 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -94,6 +94,7 @@ locals { logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] + stateful_ha_config = var.stateful_ha ? [{ enabled = true }] : [] cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index e7e2e0e5d0..408517098c 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -672,6 +672,12 @@ variable "gcs_fuse_csi_driver" { default = false } +variable "stateful_ha" { + type = bool + description = "Whether the Stateful HA Addon is enabled for this cluster." + default = false +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/test/integration/simple_regional/testdata/TestSimpleRegional.json b/test/integration/simple_regional/testdata/TestSimpleRegional.json index 1c22283ddb..85c8e55db7 100644 --- a/test/integration/simple_regional/testdata/TestSimpleRegional.json +++ b/test/integration/simple_regional/testdata/TestSimpleRegional.json @@ -17,6 +17,9 @@ }, "networkPolicyConfig": { "disabled": true + }, + "statefulHaConfig": { + "enabled": true } }, "autopilot": {}, diff --git a/variables.tf b/variables.tf index 1989020509..17bc3245f8 100644 --- a/variables.tf +++ b/variables.tf @@ -642,6 +642,12 @@ variable "gcs_fuse_csi_driver" { default = false } +variable "stateful_ha" { + type = bool + description = "Whether the Stateful HA Addon is enabled for this cluster." + default = false +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations."