feat: add support for cluster level total_egress_bandwidth_tier (#2394)

Signed-off-by: drfaust92 <[email protected]>

Author: DrFaust92

README.md

@@ -268,6 +268,7 @@ Then perform the following commands on the root folder:
 | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
 | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
+| total\_egress\_bandwidth\_tier | Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. | `string` | `null` | no |
 | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no |
 | windows\_node\_pools | List of maps containing Windows node pools | `list(map(string))` | `[]` | no |
 | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no |

autogen/main/cluster.tf.tmpl

@@ -237,7 +237,7 @@ resource "google_container_cluster" "primary" {
   {% if autopilot_cluster != true %}
 
   dynamic "identity_service_config" {
-    for_each = var.enable_identity_service !=null ? [var.enable_identity_service] : []
+    for_each = var.enable_identity_service != null ? [var.enable_identity_service] : []
     content {
       enabled = identity_service_config.value
     }
@@ -267,6 +267,13 @@ resource "google_container_cluster" "primary" {
 
   in_transit_encryption_config = var.in_transit_encryption_config
 
+  dynamic "network_performance_config" {
+    for_each = var.total_egress_bandwidth_tier != null ? [1] : []
+    content {
+      total_egress_bandwidth_tier = var.total_egress_bandwidth_tier
+    }
+  }
+
   dynamic "secret_manager_config" {
     for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
     content {

autogen/main/variables.tf.tmpl

@@ -710,6 +710,12 @@ variable "in_transit_encryption_config" {
   default     = null
 }
 
+variable "total_egress_bandwidth_tier" {
+  type        = string
+  description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`."
+  default     = null
+}
+
 variable "security_posture_mode" {
   description = "Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`."
   type        = string

cluster.tf

@@ -206,6 +206,13 @@ resource "google_container_cluster" "primary" {
 
   in_transit_encryption_config = var.in_transit_encryption_config
 
+  dynamic "network_performance_config" {
+    for_each = var.total_egress_bandwidth_tier != null ? [1] : []
+    content {
+      total_egress_bandwidth_tier = var.total_egress_bandwidth_tier
+    }
+  }
+
   dynamic "secret_manager_config" {
     for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
     content {

metadata.display.yaml

@@ -411,6 +411,9 @@ spec:
         timeouts:
           name: timeouts
           title: Timeouts
+        total_egress_bandwidth_tier:
+          name: total_egress_bandwidth_tier
+          title: Total Egress Bandwidth Tier
         upstream_nameservers:
           name: upstream_nameservers
           title: Upstream Nameservers

metadata.yaml

@@ -558,6 +558,9 @@ spec:
       - name: in_transit_encryption_config
         description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`.
         varType: string
+      - name: total_egress_bandwidth_tier
+        description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`.
+        varType: string
       - name: security_posture_mode
         description: Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`.
         varType: string

modules/beta-autopilot-private-cluster/README.md

@@ -163,6 +163,7 @@ Then perform the following commands on the root folder:
 | stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
 | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
+| total\_egress\_bandwidth\_tier | Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. | `string` | `null` | no |
 | workload\_config\_audit\_mode | (beta) Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC. | `string` | `"DISABLED"` | no |
 | workload\_vulnerability\_mode | (beta) Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC. | `string` | `""` | no |
 | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no |

modules/beta-autopilot-private-cluster/cluster.tf

@@ -126,6 +126,13 @@ resource "google_container_cluster" "primary" {
 
   in_transit_encryption_config = var.in_transit_encryption_config
 
+  dynamic "network_performance_config" {
+    for_each = var.total_egress_bandwidth_tier != null ? [1] : []
+    content {
+      total_egress_bandwidth_tier = var.total_egress_bandwidth_tier
+    }
+  }
+
   dynamic "secret_manager_config" {
     for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
     content {

modules/beta-autopilot-private-cluster/metadata.display.yaml

@@ -310,6 +310,9 @@ spec:
         timeouts:
           name: timeouts
           title: Timeouts
+        total_egress_bandwidth_tier:
+          name: total_egress_bandwidth_tier
+          title: Total Egress Bandwidth Tier
         workload_config_audit_mode:
           name: workload_config_audit_mode
           title: Workload Config Audit Mode

modules/beta-autopilot-private-cluster/metadata.yaml

@@ -387,6 +387,9 @@ spec:
       - name: in_transit_encryption_config
         description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`.
         varType: string
+      - name: total_egress_bandwidth_tier
+        description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`.
+        varType: string
       - name: security_posture_mode
         description: Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`.
         varType: string