diff --git a/modules/gke-cluster/README.md b/modules/gke-cluster/README.md
index 82861310..9071d8bb 100644
--- a/modules/gke-cluster/README.md
+++ b/modules/gke-cluster/README.md
@@ -81,17 +81,21 @@ module "cluster-1" {
| *database_encryption* | Enable and configure GKE application-layer secrets encryption. | object({...})
| | ...
|
| *default_max_pods_per_node* | Maximum number of pods per node in this cluster. | number
| | 110
|
| *description* | Cluster description. | string
| | null
|
+| *dns_config* | Configuration for Using Cloud DNS for GKE. | object({...})
| | ...
|
| *enable_autopilot* | Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node) | bool
| | false
|
| *enable_binary_authorization* | Enable Google Binary Authorization. | bool
| | null
|
| *enable_dataplane_v2* | Enable Dataplane V2 on the cluster, will disable network_policy addons config | bool
| | false
|
| *enable_intranode_visibility* | Enable intra-node visibility to make same node pod to pod traffic visible. | bool
| | null
|
+| *enable_l4_ilb_subsetting* | Enable L4ILB Subsetting. | bool
| | null
|
| *enable_shielded_nodes* | Enable Shielded Nodes features on all nodes in this cluster. | bool
| | null
|
| *enable_tpu* | Enable Cloud TPU resources in this cluster. | bool
| | null
|
| *labels* | Cluster resource labels. | map(string)
| | null
|
+| *logging_config* | Logging configuration (enabled components). | list(string)
| | null
|
| *logging_service* | Logging service (disable with an empty string). | string
| | logging.googleapis.com/kubernetes
|
-| *maintenance_start_time* | Maintenance start time in RFC3339 format 'HH:MM', where HH is [00-23] and MM is [00-59] GMT. | string
| | 03:00
|
+| *maintenance_config* | Maintenance window configuration | object({...})
| | ...
|
| *master_authorized_ranges* | External Ip address ranges that can access the Kubernetes cluster master through HTTPS. | map(string)
| | {}
|
| *min_master_version* | Minimum version of the master, defaults to the version of the most recent official release. | string
| | null
|
+| *monitoring_config* | Monitoring configuration (enabled components). | list(string)
| | null
|
| *monitoring_service* | Monitoring service (disable with an empty string). | string
| | monitoring.googleapis.com/kubernetes
|
| *node_locations* | Zones in which the cluster's nodes are located. | list(string)
| | []
|
| *peering_config* | Configure peering with the master VPC for private clusters. | object({...})
| | null
|
diff --git a/modules/gke-cluster/main.tf b/modules/gke-cluster/main.tf
index 90259fad..54ddb9c6 100644
--- a/modules/gke-cluster/main.tf
+++ b/modules/gke-cluster/main.tf
@@ -39,12 +39,13 @@ resource "google_container_cluster" "cluster" {
min_master_version = var.min_master_version
network = var.network
subnetwork = var.subnetwork
- logging_service = var.logging_service
- monitoring_service = var.monitoring_service
+ logging_service = var.logging_config == null ? var.logging_service : null
+ monitoring_service = var.monitoring_config == null ? var.monitoring_service : null
resource_labels = var.labels
default_max_pods_per_node = var.enable_autopilot ? null : var.default_max_pods_per_node
enable_binary_authorization = var.enable_binary_authorization
enable_intranode_visibility = var.enable_intranode_visibility
+ enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
enable_shielded_nodes = var.enable_shielded_nodes
enable_tpu = var.enable_tpu
initial_node_count = 1
@@ -92,11 +93,34 @@ resource "google_container_cluster" "cluster" {
services_secondary_range_name = var.secondary_range_services
}
- # TODO(ludomagno): make optional, and support beta feature
# https://www.terraform.io/docs/providers/google/r/container_cluster.html#daily_maintenance_window
maintenance_policy {
- daily_maintenance_window {
- start_time = var.maintenance_start_time
+ dynamic "daily_maintenance_window" {
+ for_each = var.maintenance_config != null && lookup(var.maintenance_config, "daily_maintenance_window", null) != null ? [var.maintenance_config.daily_maintenance_window] : []
+ iterator = config
+ content {
+ start_time = config.value.start_time
+ }
+ }
+
+ dynamic "recurring_window" {
+ for_each = var.maintenance_config != null && lookup(var.maintenance_config, "recurring_window", null) != null ? [var.maintenance_config.recurring_window] : []
+ iterator = config
+ content {
+ start_time = config.value.start_time
+ end_time = config.value.end_time
+ recurrence = config.value.recurrence
+ }
+ }
+
+ dynamic "maintenance_exclusion" {
+ for_each = var.maintenance_config != null && lookup(var.maintenance_config, "maintenance_exclusion", null) != null ? var.maintenance_config.maintenance_exclusion : []
+ iterator = config
+ content {
+ exclusion_name = config.value.exclusion_name
+ start_time = config.value.start_time
+ end_time = config.value.end_time
+ }
}
}
@@ -227,6 +251,29 @@ resource "google_container_cluster" "cluster" {
}
}
+ dynamic "monitoring_config" {
+ for_each = var.monitoring_config != null ? [""] : []
+ content {
+ enable_components = var.monitoring_config
+ }
+ }
+
+ dynamic "logging_config" {
+ for_each = var.logging_config != null ? [""] : []
+ content {
+ enable_components = var.logging_config
+ }
+ }
+
+ dynamic "dns_config" {
+ for_each = var.dns_config != null ? [var.dns_config] : []
+ iterator = config
+ content {
+ cluster_dns = config.value.cluster_dns
+ cluster_dns_scope = config.value.cluster_dns_scope
+ cluster_dns_domain = config.value.cluster_dns_domain
+ }
+ }
}
resource "google_compute_network_peering_routes_config" "gke_master" {
diff --git a/modules/gke-cluster/variables.tf b/modules/gke-cluster/variables.tf
index 6d2bda6a..5bcc316f 100644
--- a/modules/gke-cluster/variables.tf
+++ b/modules/gke-cluster/variables.tf
@@ -92,6 +92,20 @@ variable "description" {
default = null
}
+variable "dns_config" {
+ description = "Configuration for Using Cloud DNS for GKE."
+ type = object({
+ cluster_dns = string
+ cluster_dns_scope = string
+ cluster_dns_domain = string
+ })
+ default = {
+ cluster_dns = "PROVIDER_UNSPECIFIED"
+ cluster_dns_scope = "DNS_SCOPE_UNSPECIFIED"
+ cluster_dns_domain = ""
+ }
+}
+
variable "enable_autopilot" {
description = "Create cluster in autopilot mode. With autopilot there's no need to create node-pools and some features are not supported (e.g. setting default_max_pods_per_node)"
type = bool
@@ -116,6 +130,12 @@ variable "enable_intranode_visibility" {
default = null
}
+variable "enable_l4_ilb_subsetting" {
+ description = "Enable L4ILB Subsetting."
+ type = bool
+ default = null
+}
+
variable "enable_shielded_nodes" {
description = "Enable Shielded Nodes features on all nodes in this cluster."
type = bool
@@ -139,16 +159,42 @@ variable "location" {
type = string
}
+variable "logging_config" {
+ description = "Logging configuration (enabled components)."
+ type = list(string)
+ default = null
+}
+
variable "logging_service" {
description = "Logging service (disable with an empty string)."
type = string
default = "logging.googleapis.com/kubernetes"
}
-variable "maintenance_start_time" {
- description = "Maintenance start time in RFC3339 format 'HH:MM', where HH is [00-23] and MM is [00-59] GMT."
- type = string
- default = "03:00"
+variable "maintenance_config" {
+ description = "Maintenance window configuration"
+ type = object({
+ daily_maintenance_window = object({
+ start_time = string
+ })
+ recurring_window = object({
+ start_time = string
+ end_time = string
+ recurrence = string
+ })
+ maintenance_exclusion = list(object({
+ exclusion_name = string
+ start_time = string
+ end_time = string
+ }))
+ })
+ default = {
+ daily_maintenance_window = {
+ start_time = "03:00"
+ }
+ recurring_window = null
+ maintenance_exclusion = []
+ }
}
variable "master_authorized_ranges" {
@@ -163,6 +209,12 @@ variable "min_master_version" {
default = null
}
+variable "monitoring_config" {
+ description = "Monitoring configuration (enabled components)."
+ type = list(string)
+ default = null
+}
+
variable "monitoring_service" {
description = "Monitoring service (disable with an empty string)."
type = string
@@ -261,4 +313,3 @@ variable "workload_identity" {
type = bool
default = true
}
-