Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add support for additive_vpc_scope_dns_domain #1998

Merged
merged 7 commits into from
Jul 19, 2024
Merged

feat: add support for additive_vpc_scope_dns_domain #1998

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
d958ebc
add support for additive_vpc_scope_dns_domain
DrFaust92 Jul 16, 2024
85899e3
Merge branch 'master' into additive-dns-scope
apeabody Jul 17, 2024
57f19b3
Update autogen/main/variables.tf.tmpl
DrFaust92 Jul 17, 2024
77d314c
Merge branch 'master' into additive-dns-scope
apeabody Jul 17, 2024
0a7deac
add support for additive_vpc_scope_dns_domain
DrFaust92 Jul 18, 2024
9235680
Merge branch 'master' into additive-dns-scope
apeabody Jul 18, 2024
e46b7b9
Merge branch 'master' into additive-dns-scope
apeabody Jul 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions autogen/main/cluster.tf.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -466,9 +466,12 @@ resource "google_container_cluster" "primary" {
dynamic "dns_config" {
for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : []
content {
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
{% if beta_cluster %}
additive_vpc_scope_dns_domain = var.additive_vpc_scope_dns_domain
{% endif %}
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
}
}

Expand Down
7 changes: 7 additions & 0 deletions autogen/main/variables.tf.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -741,6 +741,13 @@ variable "cluster_dns_domain" {
default = ""
}

{% if beta_cluster %}
variable "additive_vpc_scope_dns_domain" {
type = string
description = "(Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = `CLOUD_DNS` and cluster_dns_scope = `CLUSTER_SCOPE` must both be set as well."
default = ""
}
{% endif %}
variable "gce_pd_csi_driver" {
type = bool
description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
Expand Down
1 change: 1 addition & 0 deletions modules/beta-private-cluster-update-variant/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,7 @@ Then perform the following commands on the root folder:
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additive\_vpc\_scope\_dns\_domain | (Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
Expand Down
7 changes: 4 additions & 3 deletions modules/beta-private-cluster-update-variant/cluster.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -395,9 +395,10 @@ resource "google_container_cluster" "primary" {
dynamic "dns_config" {
for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : []
content {
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
additive_vpc_scope_dns_domain = var.additive_vpc_scope_dns_domain
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
}
}

Expand Down
5 changes: 5 additions & 0 deletions modules/beta-private-cluster-update-variant/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -710,6 +710,11 @@ variable "cluster_dns_domain" {
default = ""
}

variable "additive_vpc_scope_dns_domain" {
type = string
description = "(Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = `CLOUD_DNS` and cluster_dns_scope = `CLUSTER_SCOPE` must both be set as well."
default = ""
}
variable "gce_pd_csi_driver" {
type = bool
description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
Expand Down
1 change: 1 addition & 0 deletions modules/beta-private-cluster/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,7 @@ Then perform the following commands on the root folder:
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additive\_vpc\_scope\_dns\_domain | (Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
Expand Down
7 changes: 4 additions & 3 deletions modules/beta-private-cluster/cluster.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -395,9 +395,10 @@ resource "google_container_cluster" "primary" {
dynamic "dns_config" {
for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : []
content {
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
additive_vpc_scope_dns_domain = var.additive_vpc_scope_dns_domain
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
}
}

Expand Down
5 changes: 5 additions & 0 deletions modules/beta-private-cluster/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -710,6 +710,11 @@ variable "cluster_dns_domain" {
default = ""
}

variable "additive_vpc_scope_dns_domain" {
type = string
description = "(Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = `CLOUD_DNS` and cluster_dns_scope = `CLUSTER_SCOPE` must both be set as well."
default = ""
}
variable "gce_pd_csi_driver" {
type = bool
description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
Expand Down
1 change: 1 addition & 0 deletions modules/beta-public-cluster-update-variant/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,7 @@ Then perform the following commands on the root folder:
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additive\_vpc\_scope\_dns\_domain | (Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
Expand Down
7 changes: 4 additions & 3 deletions modules/beta-public-cluster-update-variant/cluster.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -395,9 +395,10 @@ resource "google_container_cluster" "primary" {
dynamic "dns_config" {
for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : []
content {
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
additive_vpc_scope_dns_domain = var.additive_vpc_scope_dns_domain
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
}
}

Expand Down
5 changes: 5 additions & 0 deletions modules/beta-public-cluster-update-variant/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -680,6 +680,11 @@ variable "cluster_dns_domain" {
default = ""
}

variable "additive_vpc_scope_dns_domain" {
type = string
description = "(Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = `CLOUD_DNS` and cluster_dns_scope = `CLUSTER_SCOPE` must both be set as well."
default = ""
}
variable "gce_pd_csi_driver" {
type = bool
description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
Expand Down
1 change: 1 addition & 0 deletions modules/beta-public-cluster/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,7 @@ Then perform the following commands on the root folder:
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additive\_vpc\_scope\_dns\_domain | (Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
Expand Down
7 changes: 4 additions & 3 deletions modules/beta-public-cluster/cluster.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -395,9 +395,10 @@ resource "google_container_cluster" "primary" {
dynamic "dns_config" {
for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : []
content {
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
additive_vpc_scope_dns_domain = var.additive_vpc_scope_dns_domain
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
}
}

Expand Down
5 changes: 5 additions & 0 deletions modules/beta-public-cluster/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -680,6 +680,11 @@ variable "cluster_dns_domain" {
default = ""
}

variable "additive_vpc_scope_dns_domain" {
type = string
description = "(Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = `CLOUD_DNS` and cluster_dns_scope = `CLUSTER_SCOPE` must both be set as well."
default = ""
}
variable "gce_pd_csi_driver" {
type = bool
description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
Expand Down