feat(TPG>=6.14)!: promote enable_fqdn_network_policy to GA (#2225)

DrFaust92 · web-flow · commit 2c3240874f29 · 2025-01-03T11:15:10.000-08:00
Signed-off-by: drfaust92 &lt;ilia.lazebnik@gmail.com&gt;
diff --git a/README.md b/README.md
@@ -167,6 +167,7 @@ Then perform the following commands on the root folder:
 | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no |
 | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no |
 | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no |
+| enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no |
 | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no |
 | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
 | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no |
@@ -391,7 +392,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP][terraform-provider-google] v6.11+
+- [Terraform Provider for GCP][terraform-provider-google] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/autogen/main/README.md b/autogen/main/README.md
@@ -288,9 +288,9 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
 {% if beta_cluster %}
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.14+
 {% else %}
-- [Terraform Provider for GCP][terraform-provider-google] v6.11+
+- [Terraform Provider for GCP][terraform-provider-google] v6.14+
 {% endif %}
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
@@ -259,9 +259,7 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-{% if beta_cluster %}
   enable_fqdn_network_policy = var.enable_fqdn_network_policy
-{% endif %}
 {% if autopilot_cluster %}
   enable_autopilot = true
 {% endif %}
diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
@@ -639,13 +639,13 @@ variable "workload_config_audit_mode" {
   type        = string
   default     = "DISABLED"
 }
+{% endif %}
 
 variable "enable_fqdn_network_policy" {
   type        = bool
   description = "Enable FQDN Network Policies on the cluster"
   default     = null
 }
-{% endif %}
 
 variable "enable_cilium_clusterwide_network_policy" {
   type          = bool
diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl
@@ -24,33 +24,33 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
 {% elif beta_cluster and autopilot_cluster %}
   required_providers {
     google = {
       source = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
 {% elif autopilot_cluster  %}
   required_providers {
     google = {
       source = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
 {% else %}
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
 {% endif %}
     kubernetes = {
diff --git a/cluster.tf b/cluster.tf
@@ -199,6 +199,7 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  enable_fqdn_network_policy = var.enable_fqdn_network_policy
   dynamic "master_authorized_networks_config" {
     for_each = var.gcp_public_cidrs_access_enabled != null || length(var.master_authorized_networks) > 0 ? [true] : []
     content {
diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md
@@ -216,7 +216,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md
@@ -203,7 +203,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
@@ -445,7 +445,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf
@@ -21,11 +21,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
@@ -423,7 +423,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
@@ -433,7 +433,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf
@@ -21,11 +21,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
@@ -411,7 +411,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf
@@ -21,11 +21,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md
@@ -195,6 +195,7 @@ Then perform the following commands on the root folder:
 | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no |
 | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no |
 | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no |
+| enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no |
 | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no |
 | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
 | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no |
@@ -425,7 +426,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP][terraform-provider-google] v6.11+
+- [Terraform Provider for GCP][terraform-provider-google] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
@@ -199,6 +199,7 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  enable_fqdn_network_policy = var.enable_fqdn_network_policy
   dynamic "master_authorized_networks_config" {
     for_each = var.enable_private_endpoint || var.gcp_public_cidrs_access_enabled != null || length(var.master_authorized_networks) > 0 ? [true] : []
     content {
diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf
@@ -594,6 +594,12 @@ variable "enable_secret_manager_addon" {
   default     = false
 }
 
+variable "enable_fqdn_network_policy" {
+  type        = bool
+  description = "Enable FQDN Network Policies on the cluster"
+  default     = null
+}
+
 variable "enable_cilium_clusterwide_network_policy" {
   type        = bool
   description = "Enable Cilium Cluster Wide Network Policies on the cluster"
diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf
@@ -21,7 +21,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md
@@ -173,6 +173,7 @@ Then perform the following commands on the root folder:
 | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no |
 | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no |
 | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no |
+| enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no |
 | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no |
 | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
 | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no |
@@ -403,7 +404,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP][terraform-provider-google] v6.11+
+- [Terraform Provider for GCP][terraform-provider-google] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
@@ -199,6 +199,7 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  enable_fqdn_network_policy = var.enable_fqdn_network_policy
   dynamic "master_authorized_networks_config" {
     for_each = var.enable_private_endpoint || var.gcp_public_cidrs_access_enabled != null || length(var.master_authorized_networks) > 0 ? [true] : []
     content {
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
@@ -594,6 +594,12 @@ variable "enable_secret_manager_addon" {
   default     = false
 }
 
+variable "enable_fqdn_network_policy" {
+  type        = bool
+  description = "Enable FQDN Network Policies on the cluster"
+  default     = null
+}
+
 variable "enable_cilium_clusterwide_network_policy" {
   type        = bool
   description = "Enable Cilium Cluster Wide Network Policies on the cluster"
diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf
@@ -21,7 +21,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/variables.tf b/variables.tf
@@ -558,6 +558,12 @@ variable "enable_secret_manager_addon" {
   default     = false
 }
 
+variable "enable_fqdn_network_policy" {
+  type        = bool
+  description = "Enable FQDN Network Policies on the cluster"
+  default     = null
+}
+
 variable "enable_cilium_clusterwide_network_policy" {
   type        = bool
   description = "Enable Cilium Cluster Wide Network Policies on the cluster"
diff --git a/versions.tf b/versions.tf
@@ -21,7 +21,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

Original file line number	Diff line number	Diff line change
`@@ -259,9 +259,7 @@ resource "google_container_cluster" "primary" {`
`259`	`259`	`}`
`260`	`260`	`}`
`261`	`261`
`262`		`-{% if beta_cluster %}`
`263`	`262`	`enable_fqdn_network_policy = var.enable_fqdn_network_policy`
`264`		`-{% endif %}`
`265`	`263`	`{% if autopilot_cluster %}`
`266`	`264`	`enable_autopilot = true`
`267`	`265`	`{% endif %}`
Original file line number	Diff line number	Diff line change
`@@ -639,13 +639,13 @@ variable "workload_config_audit_mode" {`
`639`	`639`	`type = string`
`640`	`640`	`default = "DISABLED"`
`641`	`641`	`}`
	`642`	`+{% endif %}`
`642`	`643`
`643`	`644`	`variable "enable_fqdn_network_policy" {`
`644`	`645`	`type = bool`
`645`	`646`	`description = "Enable FQDN Network Policies on the cluster"`
`646`	`647`	`default = null`
`647`	`648`	`}`
`648`		`-{% endif %}`
`649`	`649`
`650`	`650`	`variable "enable_cilium_clusterwide_network_policy" {`
`651`	`651`	`type = bool`
Original file line number	Diff line number	Diff line change
`@@ -199,6 +199,7 @@ resource "google_container_cluster" "primary" {`
`199`	`199`	`}`
`200`	`200`	`}`
`201`	`201`
	`202`	`+ enable_fqdn_network_policy = var.enable_fqdn_network_policy`
`202`	`203`	`dynamic "master_authorized_networks_config" {`
`203`	`204`	`for_each = var.gcp_public_cidrs_access_enabled != null \|\| length(var.master_authorized_networks) > 0 ? [true] : []`
`204`	`205`	`content {`
Original file line number	Diff line number	Diff line change
`@@ -21,11 +21,11 @@ terraform {`
`21`	`21`	`required_providers {`
`22`	`22`	`google = {`
`23`	`23`	`source = "hashicorp/google"`
`24`		`- version = ">= 6.11.0, < 7"`
	`24`	`+ version = ">= 6.14.0, < 7"`
`25`	`25`	`}`
`26`	`26`	`google-beta = {`
`27`	`27`	`source = "hashicorp/google-beta"`
`28`		`- version = ">= 6.11.0, < 7"`
	`28`	`+ version = ">= 6.14.0, < 7"`
`29`	`29`	`}`
`30`	`30`	`kubernetes = {`
`31`	`31`	`source = "hashicorp/kubernetes"`