diff --git a/CHANGELOG.md b/CHANGELOG.md
index 10f7bb588..5248230da 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,8 @@ Added
* Configure and authorize Artifact Registry service account, Kubernetes service account, Cloud Storage service account and
Memorystore for Redis service account to use Cloud KMS key.
* Add parameters `adapter_class_name` and `adapter_absolute_path` in ActiveMQ module.
+* Add variable in modules of Redis and AWS Elasticache for Redis `max_memory_samples` which the number of samples to check
+ for every eviction.
## [0.2.1](https://github.com/aneoconsulting/ArmoniK.Infra/releases/tag/0.2.1) (2023-10-09)
diff --git a/kubernetes/gcp/gke/README.md b/kubernetes/gcp/gke/README.md
index fe9f158d3..805ce70e4 100644
--- a/kubernetes/gcp/gke/README.md
+++ b/kubernetes/gcp/gke/README.md
@@ -32,10 +32,10 @@ This module deploy:
| Name | Source | Version |
|------|--------|---------|
-| [autopilot](#module\_autopilot) | terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-public-cluster | 27.0.0 |
-| [gke](#module\_gke) | terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster | 27.0.0 |
-| [private\_autopilot](#module\_private\_autopilot) | terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster | 27.0.0 |
-| [private\_gke](#module\_private\_gke) | terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster | 27.0.0 |
+| [autopilot](#module\_autopilot) | terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-public-cluster | 28.0.0 |
+| [gke](#module\_gke) | terraform-google-modules/kubernetes-engine/google | 28.0.0 |
+| [private\_autopilot](#module\_private\_autopilot) | terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster | 28.0.0 |
+| [private\_gke](#module\_private\_gke) | terraform-google-modules/kubernetes-engine/google//modules/private-cluster | 28.0.0 |
## Resources
@@ -55,16 +55,13 @@ This module deploy:
| [add\_master\_webhook\_firewall\_rules](#input\_add\_master\_webhook\_firewall\_rules) | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports`. | `bool` | `false` | no |
| [add\_shadow\_firewall\_rules](#input\_add\_shadow\_firewall\_rules) | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
| [authenticator\_security\_group](#input\_authenticator\_security\_group) | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format `gke-security-groups@yourdomain.com`. | `string` | `null` | no |
-| [autopilot](#input\_autopilot) | Create autopilot GKE cluster. | `bool` | `true` | no |
-| [cloudrun](#input\_cloudrun) | (Beta) Enable CloudRun addon. | `bool` | `false` | no |
-| [cloudrun\_load\_balancer\_type](#input\_cloudrun\_load\_balancer\_type) | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no |
+| [autopilot](#input\_autopilot) | Create autopilot GKE cluster. | `bool` | `false` | no |
| [cluster\_autoscaling](#input\_cluster\_autoscaling) | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling). For `disk_tye` see [Persistent Disk types](https://cloud.google.com/compute/docs/disks#disk-types). | object({
enabled = bool
autoscaling_profile = string
auto_repair = bool
auto_upgrade = bool
disk_size = number
disk_type = string
gpu_resources = list(object({
resource_type = string
minimum = number
maximum = number
}))
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| [cluster\_dns\_domain](#input\_cluster\_dns\_domain) | The suffix used for all cluster service records. | `string` | `""` | no |
| [cluster\_dns\_provider](#input\_cluster\_dns\_provider) | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no |
| [cluster\_dns\_scope](#input\_cluster\_dns\_scope) | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no |
| [cluster\_ipv4\_cidr](#input\_cluster\_ipv4\_cidr) | The IP address range of the Kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no |
| [cluster\_resource\_labels](#input\_cluster\_resource\_labels) | The GCE resource labels (a map of key/value pairs) to be applied to the cluster. | `map(string)` | `{}` | no |
-| [cluster\_telemetry\_type](#input\_cluster\_telemetry\_type) | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY. | `string` | `null` | no |
| [config\_connector](#input\_config\_connector) | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no |
| [configure\_ip\_masq](#input\_configure\_ip\_masq) | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no |
| [database\_encryption](#input\_database\_encryption) | Application-layer Secrets Encryption settings. Valid values of state are: "ENCRYPTED"; "DECRYPTED". | list(object({
state = string
key_name = string
})) | [
{
"key_name": "",
"state": "DECRYPTED"
}
]
| no |
@@ -76,14 +73,9 @@ This module deploy:
| [disable\_legacy\_metadata\_endpoints](#input\_disable\_legacy\_metadata\_endpoints) | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no |
| [dns\_cache](#input\_dns\_cache) | The status of the NodeLocal DNSCache addon. | `bool` | `null` | no |
| [enable\_binary\_authorization](#input\_enable\_binary\_authorization) | Enable BinAuthZ Admission controller. | `bool` | `false` | no |
-| [enable\_confidential\_nodes](#input\_enable\_confidential\_nodes) | An optional flag to enable confidential node config. | `bool` | `false` | no |
| [enable\_cost\_allocation](#input\_enable\_cost\_allocation) | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery. | `bool` | `true` | no |
-| [enable\_identity\_service](#input\_enable\_identity\_service) | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
-| [enable\_intranode\_visibility](#input\_enable\_intranode\_visibility) | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. | `bool` | `false` | no |
| [enable\_kubernetes\_alpha](#input\_enable\_kubernetes\_alpha) | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no |
-| [enable\_l4\_ilb\_subsetting](#input\_enable\_l4\_ilb\_subsetting) | Enable L4 ILB Subsetting on the cluster. Used when `beta` set to `true`. | `bool` | `false` | no |
| [enable\_network\_egress\_export](#input\_enable\_network\_egress\_export) | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no |
-| [enable\_pod\_security\_policy](#input\_enable\_pod\_security\_policy) | enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created. Pod Security Policy was removed from GKE clusters with version >= 1.25.0.Used when `beta` set to `true`. | `bool` | `false` | no |
| [enable\_resource\_consumption\_export](#input\_enable\_resource\_consumption\_export) | Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. | `bool` | `true` | no |
| [enable\_shielded\_nodes](#input\_enable\_shielded\_nodes) | Enable Shielded Nodes features on all nodes in this cluster. | `bool` | `true` | no |
| [enable\_tpu](#input\_enable\_tpu) | Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! Used when `beta` set to `true`. | `bool` | `false` | no |
@@ -104,9 +96,6 @@ This module deploy:
| [ip\_range\_pods](#input\_ip\_range\_pods) | The name of the secondary subnet ip range to use for Kubernetes pods. | `string` | n/a | yes |
| [ip\_range\_services](#input\_ip\_range\_services) | The name of the secondary subnet range to use for Kubernetes services. | `string` | n/a | yes |
| [issue\_client\_certificate](#input\_issue\_client\_certificate) | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no |
-| [istio](#input\_istio) | (Beta) Enable Istio addon. | `bool` | `false` | no |
-| [istio\_auth](#input\_istio\_auth) | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no |
-| [kalm\_config](#input\_kalm\_config) | (Beta) Whether KALM is enabled for this cluster. | `bool` | `false` | no |
| [kubeconfig\_path](#input\_kubeconfig\_path) | Path to save the kubeconfig file. | `string` | `null` | no |
| [kubernetes\_version](#input\_kubernetes\_version) | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no |
| [logging\_enabled\_components](#input\_logging\_enabled\_components) | List of services to monitor: SYSTEM\_COMPONENTS, WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no |
@@ -145,7 +134,6 @@ This module deploy:
| [release\_channel](#input\_release\_channel) | The release channel of this cluster. This allows you to opt for the alpha releases as part of the `RAPID` option, `REGULAR` for standard release needs and `STABLE` when the tried-and-tested version becomes available. | `string` | `"REGULAR"` | no |
| [remove\_default\_node\_pool](#input\_remove\_default\_node\_pool) | Remove default node pool while setting up the cluster. | `bool` | `true` | no |
| [resource\_usage\_export\_dataset\_id](#input\_resource\_usage\_export\_dataset\_id) | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no |
-| [sandbox\_enabled](#input\_sandbox\_enabled) | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | `bool` | `false` | no |
| [service\_account](#input\_service\_account) | The service account to run nodes as if not overridden in `node_pools`. The create\_service\_account variable default value (true) will cause a cluster-specific service account to be created. This service account should already exists and it will be used by the node pools. If you wish to only override the service account name, you can use service\_account\_name variable. | `string` | `""` | no |
| [service\_account\_name](#input\_service\_account\_name) | The name of the service account that will be created if create\_service\_account is true. If you wish to use an existing service account, use service\_account variable. | `string` | `""` | no |
| [service\_external\_ips](#input\_service\_external\_ips) | Whether external ips specified by a service will be allowed in this cluster. | `bool` | `false` | no |
diff --git a/kubernetes/gcp/gke/examples/complete/autopilot/README.md b/kubernetes/gcp/gke/examples/complete/autopilot/README.md
index f7b7be54a..9ffbad133 100644
--- a/kubernetes/gcp/gke/examples/complete/autopilot/README.md
+++ b/kubernetes/gcp/gke/examples/complete/autopilot/README.md
@@ -21,7 +21,7 @@ terraform destroy
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
| [external](#requirement\_external) | ~> 2.3.1 |
-| [google](#requirement\_google) | ~> 4.75.0 |
+| [google](#requirement\_google) | >= 4.75.0 |
| [local](#requirement\_local) | ~> 2.4.0 |
| [null](#requirement\_null) | ~> 3.2.1 |
@@ -30,7 +30,7 @@ terraform destroy
| Name | Version |
|------|---------|
| [external](#provider\_external) | ~> 2.3.1 |
-| [google](#provider\_google) | ~> 4.75.0 |
+| [google](#provider\_google) | >= 4.75.0 |
| [local](#provider\_local) | ~> 2.4.0 |
| [null](#provider\_null) | ~> 3.2.1 |
diff --git a/kubernetes/gcp/gke/examples/complete/autopilot/main.tf b/kubernetes/gcp/gke/examples/complete/autopilot/main.tf
index a30a69b4b..a1907331c 100644
--- a/kubernetes/gcp/gke/examples/complete/autopilot/main.tf
+++ b/kubernetes/gcp/gke/examples/complete/autopilot/main.tf
@@ -66,8 +66,8 @@ module "gke" {
key_name = ""
}
]
- description = "Test GKE Autopilot with beta functionalities."
- enable_confidential_nodes = true
+ description = "Test GKE Autopilot with beta functionalities."
+ # enable_confidential_nodes = true
grant_registry_access = true # default value
horizontal_pod_autoscaling = true
http_load_balancing = true # default value
@@ -77,6 +77,7 @@ module "gke" {
display_name = "External"
}
]
- private = false # public autopilot GKE
+ private = false # public
+ autopilot = true # autopilot GKE
workload_config_audit_mode = "BASIC"
}
diff --git a/kubernetes/gcp/gke/examples/complete/autopilot/versions.tf b/kubernetes/gcp/gke/examples/complete/autopilot/versions.tf
index a8ddfe03a..ffcfa6fe8 100644
--- a/kubernetes/gcp/gke/examples/complete/autopilot/versions.tf
+++ b/kubernetes/gcp/gke/examples/complete/autopilot/versions.tf
@@ -8,7 +8,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.75.0"
+ version = ">= 4.75.0"
}
local = {
source = "hashicorp/local"
diff --git a/kubernetes/gcp/gke/examples/complete/standard/README.md b/kubernetes/gcp/gke/examples/complete/standard/README.md
index ee82b15da..6148b42af 100644
--- a/kubernetes/gcp/gke/examples/complete/standard/README.md
+++ b/kubernetes/gcp/gke/examples/complete/standard/README.md
@@ -21,7 +21,7 @@ terraform destroy
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
| [external](#requirement\_external) | ~> 2.3.1 |
-| [google](#requirement\_google) | ~> 4.75.0 |
+| [google](#requirement\_google) | >= 4.75.0 |
| [local](#requirement\_local) | ~> 2.4.0 |
| [null](#requirement\_null) | ~> 3.2.1 |
@@ -30,7 +30,7 @@ terraform destroy
| Name | Version |
|------|---------|
| [external](#provider\_external) | ~> 2.3.1 |
-| [google](#provider\_google) | ~> 4.75.0 |
+| [google](#provider\_google) | >= 4.75.0 |
| [local](#provider\_local) | ~> 2.4.0 |
| [null](#provider\_null) | ~> 3.2.1 |
diff --git a/kubernetes/gcp/gke/examples/complete/standard/main.tf b/kubernetes/gcp/gke/examples/complete/standard/main.tf
index 3385f9bf7..0d745c58f 100644
--- a/kubernetes/gcp/gke/examples/complete/standard/main.tf
+++ b/kubernetes/gcp/gke/examples/complete/standard/main.tf
@@ -64,7 +64,6 @@ module "gke" {
subnetwork = module.vpc.gke_subnet_name
subnetwork_cidr = module.vpc.gke_subnet_cidr_block
kubeconfig_path = abspath("${path.root}/generated/kubeconfig")
- autopilot = false
cluster_autoscaling = {
# default value
enabled = false
@@ -88,21 +87,21 @@ module "gke" {
key_name = ""
}
]
- default_max_pods_per_node = 256
- description = "Test GKE Standard with beta functionalities."
- enable_confidential_nodes = true
- enable_identity_service = true
- enable_intranode_visibility = true
- enable_shielded_nodes = true # default value
- filestore_csi_driver = true
- gce_pd_csi_driver = true
- gke_backup_agent_config = true
- grant_registry_access = true # default value
- horizontal_pod_autoscaling = true
- http_load_balancing = true # default value
- initial_node_count = 0 # default value
- istio = true
- logging_enabled_components = ["SYSTEM_COMPONENTS"]
+ default_max_pods_per_node = 256
+ description = "Test GKE Standard with beta functionalities."
+ # enable_confidential_nodes = true
+ # enable_identity_service = true
+ # enable_intranode_visibility = true
+ enable_shielded_nodes = true # default value
+ filestore_csi_driver = true
+ gce_pd_csi_driver = true
+ gke_backup_agent_config = true
+ grant_registry_access = true # default value
+ horizontal_pod_autoscaling = true
+ http_load_balancing = true # default value
+ initial_node_count = 0 # default value
+ # istio = true
+ logging_enabled_components = ["SYSTEM_COMPONENTS"]
master_authorized_networks = [
{
cidr_block = "0.0.0.0/0"
@@ -144,9 +143,9 @@ module "gke" {
"tag-${null_resource.timestamp.triggers["date"]}"
]
}
- private = false # public Standard GKE
- remove_default_node_pool = true # default value
- sandbox_enabled = true
+ private = false # public Standard GKE
+ remove_default_node_pool = true # default value
+ # sandbox_enabled = true
windows_node_pools = [] # default value
workload_config_audit_mode = "BASIC"
}
diff --git a/kubernetes/gcp/gke/examples/complete/standard/versions.tf b/kubernetes/gcp/gke/examples/complete/standard/versions.tf
index a8ddfe03a..ffcfa6fe8 100644
--- a/kubernetes/gcp/gke/examples/complete/standard/versions.tf
+++ b/kubernetes/gcp/gke/examples/complete/standard/versions.tf
@@ -8,7 +8,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.75.0"
+ version = ">= 4.75.0"
}
local = {
source = "hashicorp/local"
diff --git a/kubernetes/gcp/gke/examples/simple/README.md b/kubernetes/gcp/gke/examples/simple/README.md
index e93736ea9..a83be10ac 100644
--- a/kubernetes/gcp/gke/examples/simple/README.md
+++ b/kubernetes/gcp/gke/examples/simple/README.md
@@ -20,7 +20,7 @@ terraform destroy
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.75.0 |
+| [google](#requirement\_google) | >= 4.75.0 |
## Providers
diff --git a/kubernetes/gcp/gke/examples/simple/main.tf b/kubernetes/gcp/gke/examples/simple/main.tf
index 52c2731a3..73b919dc7 100644
--- a/kubernetes/gcp/gke/examples/simple/main.tf
+++ b/kubernetes/gcp/gke/examples/simple/main.tf
@@ -19,6 +19,6 @@ module "gke" {
subnetwork = module.vpc.gke_subnet_name
subnetwork_cidr = module.vpc.gke_subnet_cidr_block
kubeconfig_path = abspath("${path.root}/generated/kubeconfig")
- autopilot = true # default value
+ autopilot = false # default value
private = false # public GKE
}
diff --git a/kubernetes/gcp/gke/examples/simple/versions.tf b/kubernetes/gcp/gke/examples/simple/versions.tf
index c82cf2d6b..1f855f0d6 100644
--- a/kubernetes/gcp/gke/examples/simple/versions.tf
+++ b/kubernetes/gcp/gke/examples/simple/versions.tf
@@ -8,7 +8,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.75.0"
+ version = ">= 4.75.0"
}
}
}
diff --git a/kubernetes/gcp/gke/main.tf b/kubernetes/gcp/gke/main.tf
index 152242dbb..f88f1475b 100644
--- a/kubernetes/gcp/gke/main.tf
+++ b/kubernetes/gcp/gke/main.tf
@@ -21,11 +21,11 @@ locals {
display_name = "CLUSTER-VPC"
}
] : []))
- node_pools = var.autopilot ? null : [
+ node_pools = var.autopilot ? null : (length(coalesce(var.node_pools, [])) == 0 ? [{ name = "default-node-pool" }] : [
for node_pool in var.node_pools : merge(node_pool, {
name = "${var.name}-${node_pool["name"]}"
})
- ]
+ ])
# NOTE: Dataplane-V2 conflicts with the Calico network policy add-on because
# it provides redundant NetworkPolicy capabilities. If V2 is enabled, the
# Calico add-on should be disabled.
@@ -58,11 +58,11 @@ resource "google_kms_crypto_key_iam_member" "kms" {
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
}
-# Public GKE with beta functionalities
+# Public GKE
module "gke" {
count = local.public_gke ? 1 : 0
- source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster"
- version = "27.0.0"
+ source = "terraform-google-modules/kubernetes-engine/google"
+ version = "28.0.0"
description = local.description
# Required
ip_range_pods = var.ip_range_pods
@@ -72,55 +72,55 @@ module "gke" {
project_id = data.google_client_config.current.project
subnetwork = var.subnetwork
# Optional
- cloudrun = var.cloudrun
- cloudrun_load_balancer_type = var.cloudrun_load_balancer_type
- cluster_autoscaling = var.cluster_autoscaling
- cluster_resource_labels = var.cluster_resource_labels
- cluster_telemetry_type = var.cluster_telemetry_type
- create_service_account = local.create_service_account
- config_connector = var.config_connector
- database_encryption = var.database_encryption
- default_max_pods_per_node = var.default_max_pods_per_node
- enable_confidential_nodes = var.enable_confidential_nodes
- enable_cost_allocation = var.enable_cost_allocation
- enable_identity_service = var.enable_identity_service
- enable_intranode_visibility = var.enable_intranode_visibility
- enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
- enable_pod_security_policy = var.enable_pod_security_policy
+ # cloudrun = var.cloudrun
+ # cloudrun_load_balancer_type = var.cloudrun_load_balancer_type
+ cluster_autoscaling = var.cluster_autoscaling
+ cluster_resource_labels = var.cluster_resource_labels
+ # cluster_telemetry_type = var.cluster_telemetry_type
+ create_service_account = local.create_service_account
+ config_connector = var.config_connector
+ database_encryption = var.database_encryption
+ default_max_pods_per_node = var.default_max_pods_per_node
+ # enable_confidential_nodes = var.enable_confidential_nodes
+ enable_cost_allocation = var.enable_cost_allocation
+ # enable_identity_service = var.enable_identity_service
+ # enable_intranode_visibility = var.enable_intranode_visibility
+ # enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
+ # enable_pod_security_policy = var.enable_pod_security_policy
enable_resource_consumption_export = var.enable_resource_consumption_export
enable_shielded_nodes = var.enable_shielded_nodes
- enable_tpu = var.enable_tpu
- enable_vertical_pod_autoscaling = local.enable_vertical_pod_autoscaling
- filestore_csi_driver = var.filestore_csi_driver
- gce_pd_csi_driver = var.gce_pd_csi_driver
- gke_backup_agent_config = var.gke_backup_agent_config
- grant_registry_access = var.grant_registry_access
- horizontal_pod_autoscaling = var.horizontal_pod_autoscaling
- initial_node_count = local.initial_node_count
- istio = var.istio
- istio_auth = var.istio_auth
- kalm_config = var.kalm_config
- kubernetes_version = var.kubernetes_version
- logging_enabled_components = var.logging_enabled_components
- monitoring_enabled_components = var.monitoring_enabled_components
- network_policy = local.network_policy
- network_policy_provider = var.network_policy_provider
- node_metadata = var.node_metadata
- node_pools = local.node_pools
- node_pools_labels = var.node_pools_labels
- node_pools_resource_labels = var.node_pools_resource_labels
- node_pools_tags = var.node_pools_tags
- node_pools_taints = var.node_pools_taints
- region = local.region
- regional = var.regional
- remove_default_node_pool = var.remove_default_node_pool
- sandbox_enabled = var.sandbox_enabled
- service_account = var.service_account
- service_account_name = var.service_account_name
- windows_node_pools = var.windows_node_pools
- workload_config_audit_mode = var.workload_config_audit_mode
- workload_vulnerability_mode = var.workload_vulnerability_mode
- zones = local.zones
+ # enable_tpu = var.enable_tpu
+ enable_vertical_pod_autoscaling = local.enable_vertical_pod_autoscaling
+ filestore_csi_driver = var.filestore_csi_driver
+ gce_pd_csi_driver = var.gce_pd_csi_driver
+ gke_backup_agent_config = var.gke_backup_agent_config
+ grant_registry_access = var.grant_registry_access
+ horizontal_pod_autoscaling = var.horizontal_pod_autoscaling
+ initial_node_count = local.initial_node_count
+ # istio = var.istio
+ # istio_auth = var.istio_auth
+ # kalm_config = var.kalm_config
+ kubernetes_version = var.kubernetes_version
+ logging_enabled_components = var.logging_enabled_components
+ monitoring_enabled_components = var.monitoring_enabled_components
+ network_policy = local.network_policy
+ network_policy_provider = var.network_policy_provider
+ node_metadata = var.node_metadata
+ node_pools = local.node_pools
+ node_pools_labels = var.node_pools_labels
+ node_pools_resource_labels = var.node_pools_resource_labels
+ node_pools_tags = var.node_pools_tags
+ node_pools_taints = var.node_pools_taints
+ region = local.region
+ regional = var.regional
+ remove_default_node_pool = var.remove_default_node_pool
+ # sandbox_enabled = var.sandbox_enabled
+ service_account = var.service_account
+ service_account_name = var.service_account_name
+ windows_node_pools = var.windows_node_pools
+ # workload_config_audit_mode = var.workload_config_audit_mode
+ # workload_vulnerability_mode = var.workload_vulnerability_mode
+ zones = local.zones
# Optional and not used yet
add_cluster_firewall_rules = var.add_cluster_firewall_rules
add_master_webhook_firewall_rules = var.add_master_webhook_firewall_rules
@@ -172,11 +172,11 @@ module "gke" {
depends_on = [google_kms_crypto_key_iam_member.kms]
}
-# Private GKE with beta functionalities
+# Private GKE
module "private_gke" {
count = local.private_gke ? 1 : 0
- source = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster"
- version = "27.0.0"
+ source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
+ version = "28.0.0"
description = local.description
# Required
ip_range_pods = var.ip_range_pods
@@ -186,61 +186,61 @@ module "private_gke" {
project_id = data.google_client_config.current.project
subnetwork = var.subnetwork
# Optional
- cloudrun = var.cloudrun
- cloudrun_load_balancer_type = var.cloudrun_load_balancer_type
- cluster_autoscaling = var.cluster_autoscaling
- cluster_resource_labels = var.cluster_resource_labels
- cluster_telemetry_type = var.cluster_telemetry_type
- create_service_account = local.create_service_account
- config_connector = var.config_connector
- database_encryption = var.database_encryption
- default_max_pods_per_node = var.default_max_pods_per_node
- enable_confidential_nodes = var.enable_confidential_nodes
- deploy_using_private_endpoint = var.deploy_using_private_endpoint
- enable_cost_allocation = var.enable_cost_allocation
- enable_identity_service = var.enable_identity_service
- enable_intranode_visibility = var.enable_intranode_visibility
- enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
- enable_pod_security_policy = var.enable_pod_security_policy
+ # cloudrun = var.cloudrun
+ # cloudrun_load_balancer_type = var.cloudrun_load_balancer_type
+ cluster_autoscaling = var.cluster_autoscaling
+ cluster_resource_labels = var.cluster_resource_labels
+ # cluster_telemetry_type = var.cluster_telemetry_type
+ create_service_account = local.create_service_account
+ config_connector = var.config_connector
+ database_encryption = var.database_encryption
+ default_max_pods_per_node = var.default_max_pods_per_node
+ # enable_confidential_nodes = var.enable_confidential_nodes
+ # deploy_using_private_endpoint = var.deploy_using_private_endpoint
+ enable_cost_allocation = var.enable_cost_allocation
+ # enable_identity_service = var.enable_identity_service
+ # enable_intranode_visibility = var.enable_intranode_visibility
+ # enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
+ # enable_pod_security_policy = var.enable_pod_security_policy
# Whether the master's internal IP address is used as the cluster endpoint
enable_private_endpoint = var.private
# Whether nodes have internal IP addresses only
enable_private_nodes = var.private
enable_resource_consumption_export = var.enable_resource_consumption_export
enable_shielded_nodes = var.enable_shielded_nodes
- enable_tpu = var.enable_tpu
- enable_vertical_pod_autoscaling = local.enable_vertical_pod_autoscaling
- filestore_csi_driver = var.filestore_csi_driver
- gce_pd_csi_driver = var.gce_pd_csi_driver
- gke_backup_agent_config = var.gke_backup_agent_config
- grant_registry_access = var.grant_registry_access
- horizontal_pod_autoscaling = var.horizontal_pod_autoscaling
- initial_node_count = local.initial_node_count
- istio = var.istio
- istio_auth = var.istio_auth
- kalm_config = var.kalm_config
- logging_enabled_components = var.logging_enabled_components
- master_ipv4_cidr_block = var.master_ipv4_cidr_block
- master_global_access_enabled = var.master_global_access_enabled
- monitoring_enabled_components = var.monitoring_enabled_components
- network_policy = local.network_policy
- network_policy_provider = var.network_policy_provider
- node_metadata = var.node_metadata
- node_pools = local.node_pools
- node_pools_labels = var.node_pools_labels
- node_pools_resource_labels = var.node_pools_resource_labels
- node_pools_tags = var.node_pools_tags
- node_pools_taints = var.node_pools_taints
- region = local.region
- regional = var.regional
- remove_default_node_pool = var.remove_default_node_pool
- sandbox_enabled = var.sandbox_enabled
- service_account = var.service_account
- service_account_name = var.service_account_name
- windows_node_pools = var.windows_node_pools
- workload_config_audit_mode = var.workload_config_audit_mode
- workload_vulnerability_mode = var.workload_vulnerability_mode
- zones = local.zones
+ # enable_tpu = var.enable_tpu
+ enable_vertical_pod_autoscaling = local.enable_vertical_pod_autoscaling
+ filestore_csi_driver = var.filestore_csi_driver
+ gce_pd_csi_driver = var.gce_pd_csi_driver
+ gke_backup_agent_config = var.gke_backup_agent_config
+ grant_registry_access = var.grant_registry_access
+ horizontal_pod_autoscaling = var.horizontal_pod_autoscaling
+ initial_node_count = local.initial_node_count
+ # istio = var.istio
+ # istio_auth = var.istio_auth
+ # kalm_config = var.kalm_config
+ logging_enabled_components = var.logging_enabled_components
+ # master_ipv4_cidr_block = var.master_ipv4_cidr_block
+ # master_global_access_enabled = var.master_global_access_enabled
+ monitoring_enabled_components = var.monitoring_enabled_components
+ network_policy = local.network_policy
+ network_policy_provider = var.network_policy_provider
+ node_metadata = var.node_metadata
+ node_pools = local.node_pools
+ node_pools_labels = var.node_pools_labels
+ node_pools_resource_labels = var.node_pools_resource_labels
+ node_pools_tags = var.node_pools_tags
+ node_pools_taints = var.node_pools_taints
+ region = local.region
+ regional = var.regional
+ remove_default_node_pool = var.remove_default_node_pool
+ # sandbox_enabled = var.sandbox_enabled
+ service_account = var.service_account
+ service_account_name = var.service_account_name
+ windows_node_pools = var.windows_node_pools
+ # workload_config_audit_mode = var.workload_config_audit_mode
+ # workload_vulnerability_mode = var.workload_vulnerability_mode
+ zones = local.zones
# Optional and not used yet
add_cluster_firewall_rules = var.add_cluster_firewall_rules
add_master_webhook_firewall_rules = var.add_master_webhook_firewall_rules
@@ -296,7 +296,7 @@ module "private_gke" {
module "autopilot" {
count = local.public_autopilot ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-public-cluster"
- version = "27.0.0"
+ version = "28.0.0"
description = local.description
# Required
ip_range_pods = var.ip_range_pods
@@ -364,7 +364,7 @@ module "autopilot" {
module "private_autopilot" {
count = local.private_autopilot ? 1 : 0
source = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster"
- version = "27.0.0"
+ version = "28.0.0"
description = local.description
# Required
ip_range_pods = var.ip_range_pods
diff --git a/kubernetes/gcp/gke/variables.tf b/kubernetes/gcp/gke/variables.tf
index 103e62068..cbea26a7b 100644
--- a/kubernetes/gcp/gke/variables.tf
+++ b/kubernetes/gcp/gke/variables.tf
@@ -8,7 +8,7 @@ variable "private" {
variable "autopilot" {
description = "Create autopilot GKE cluster."
type = bool
- default = true
+ default = false
}
# Required
@@ -680,7 +680,7 @@ variable "upstream_nameservers" {
}
# Optional for beta GKE
-variable "cloudrun" {
+/*variable "cloudrun" {
description = "(Beta) Enable CloudRun addon."
type = bool
default = false
@@ -707,13 +707,13 @@ variable "cluster_telemetry_type" {
error_message = "Valid values for `cluster_telemetry_type` are: \"ENABLED\" | \"DISABLED\" | \"SYSTEM_ONLY\"."
}
}
-
+*/
variable "config_connector" {
description = "(Beta) Whether ConfigConnector is enabled for this cluster."
type = bool
default = false
}
-
+/*
variable "enable_confidential_nodes" {
description = "An optional flag to enable confidential node config."
type = bool
@@ -743,13 +743,13 @@ variable "enable_pod_security_policy" {
type = bool
default = false
}
-
+*/
variable "enable_tpu" {
description = "Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! Used when `beta` set to `true`."
type = bool
default = false
}
-
+/*
variable "istio" {
description = "(Beta) Enable Istio addon."
type = bool
@@ -777,7 +777,7 @@ variable "sandbox_enabled" {
type = bool
default = false
}
-
+*/
variable "workload_config_audit_mode" {
description = "(beta) Worload config audit mode."
type = string
diff --git a/kubernetes/gcp/node-pool/examples/complete/README.md b/kubernetes/gcp/node-pool/examples/complete/README.md
index e5d5589ed..336e07338 100644
--- a/kubernetes/gcp/node-pool/examples/complete/README.md
+++ b/kubernetes/gcp/node-pool/examples/complete/README.md
@@ -21,7 +21,7 @@ terraform destroy
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
| [external](#requirement\_external) | ~> 2.3.1 |
-| [google](#requirement\_google) | ~> 4.75.0 |
+| [google](#requirement\_google) | >= 4.75.0 |
| [local](#requirement\_local) | ~> 2.4.0 |
| [null](#requirement\_null) | ~> 3.2.1 |
@@ -30,7 +30,7 @@ terraform destroy
| Name | Version |
|------|---------|
| [external](#provider\_external) | ~> 2.3.1 |
-| [google](#provider\_google) | ~> 4.75.0 |
+| [google](#provider\_google) | >= 4.75.0 |
| [local](#provider\_local) | ~> 2.4.0 |
| [null](#provider\_null) | ~> 3.2.1 |
diff --git a/kubernetes/gcp/node-pool/examples/complete/main.tf b/kubernetes/gcp/node-pool/examples/complete/main.tf
index e7ef418a3..e689ac5bb 100644
--- a/kubernetes/gcp/node-pool/examples/complete/main.tf
+++ b/kubernetes/gcp/node-pool/examples/complete/main.tf
@@ -41,7 +41,7 @@ resource "null_resource" "timestamp" {
module "vpc" {
source = "../../../../../networking/gcp/vpc"
- name = "simple-gke-node-pool"
+ name = "complete-gke-node-pool"
gke_subnet = {
name = "simple-gke-node-pool"
nodes_cidr_block = "10.51.0.0/16",
@@ -53,14 +53,13 @@ module "vpc" {
module "gke" {
source = "../../../gke"
- name = "simple-gke-node-pool"
+ name = "complete-gke-node-pool"
network = module.vpc.name
ip_range_pods = module.vpc.gke_subnet_pods_range_name
ip_range_services = module.vpc.gke_subnet_svc_range_name
subnetwork = module.vpc.gke_subnet_name
subnetwork_cidr = module.vpc.gke_subnet_cidr_block
kubeconfig_path = abspath("${path.root}/generated/kubeconfig")
- autopilot = false # Standard GKE
private = false # public GKE
}
diff --git a/kubernetes/gcp/node-pool/examples/complete/versions.tf b/kubernetes/gcp/node-pool/examples/complete/versions.tf
index a8ddfe03a..ffcfa6fe8 100644
--- a/kubernetes/gcp/node-pool/examples/complete/versions.tf
+++ b/kubernetes/gcp/node-pool/examples/complete/versions.tf
@@ -8,7 +8,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.75.0"
+ version = ">= 4.75.0"
}
local = {
source = "hashicorp/local"
diff --git a/kubernetes/gcp/node-pool/examples/simple/README.md b/kubernetes/gcp/node-pool/examples/simple/README.md
index c84f2052e..b68af3f1a 100644
--- a/kubernetes/gcp/node-pool/examples/simple/README.md
+++ b/kubernetes/gcp/node-pool/examples/simple/README.md
@@ -20,14 +20,14 @@ terraform destroy
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0 |
-| [google](#requirement\_google) | ~> 4.75.0 |
+| [google](#requirement\_google) | >= 4.75.0 |
| [kubernetes](#requirement\_kubernetes) | ~> 2.21.1 |
## Providers
| Name | Version |
|------|---------|
-| [google](#provider\_google) | ~> 4.75.0 |
+| [google](#provider\_google) | >= 4.75.0 |
## Modules
diff --git a/kubernetes/gcp/node-pool/examples/simple/main.tf b/kubernetes/gcp/node-pool/examples/simple/main.tf
index 626aa5e9f..f6bf2fcc4 100644
--- a/kubernetes/gcp/node-pool/examples/simple/main.tf
+++ b/kubernetes/gcp/node-pool/examples/simple/main.tf
@@ -21,7 +21,6 @@ module "gke" {
subnetwork = module.vpc.gke_subnet_name
subnetwork_cidr = module.vpc.gke_subnet_cidr_block
kubeconfig_path = abspath("${path.root}/generated/kubeconfig")
- autopilot = false # Standard GKE
private = false # public GKE
}
diff --git a/kubernetes/gcp/node-pool/examples/simple/versions.tf b/kubernetes/gcp/node-pool/examples/simple/versions.tf
index 1b28b7bb9..b4cb74854 100644
--- a/kubernetes/gcp/node-pool/examples/simple/versions.tf
+++ b/kubernetes/gcp/node-pool/examples/simple/versions.tf
@@ -8,7 +8,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 4.75.0"
+ version = ">= 4.75.0"
}
kubernetes = {
source = "hashicorp/kubernetes"