fix(TPGv5)!: update to TPG v5 (#1761)

Co-authored-by: Andrew Peabody <[email protected]>

Author: g-awmalik

README.md

@@ -149,6 +149,7 @@ Then perform the following commands on the root folder:
 | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | <pre>[<br>  {<br>    "key_name": "",<br>    "state": "DECRYPTED"<br>  }<br>]</pre> | no |
 | datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no |
 | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no |
+| deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no |
 | description | The description of the cluster | `string` | `""` | no |
 | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no |
@@ -331,7 +332,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP][terraform-provider-google] v4.51
+- [Terraform Provider for GCP][terraform-provider-google] v5
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.

autogen/main/README.md

@@ -272,9 +272,9 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
 {% if beta_cluster %}
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5
 {% else %}
-- [Terraform Provider for GCP][terraform-provider-google] v4.51
+- [Terraform Provider for GCP][terraform-provider-google] v5
 {% endif %}
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.

autogen/main/cluster.tf.tmpl

@@ -31,10 +31,12 @@ resource "google_container_cluster" "primary" {
   project         = var.project_id
   resource_labels = var.cluster_resource_labels
 
-  location          = local.location
-  node_locations    = local.node_locations
-  cluster_ipv4_cidr = var.cluster_ipv4_cidr
-  network           = "projects/${local.network_project_id}/global/networks/${var.network}"
+  location            = local.location
+  node_locations      = local.node_locations
+  cluster_ipv4_cidr   = var.cluster_ipv4_cidr
+  network             = "projects/${local.network_project_id}/global/networks/${var.network}"
+  deletion_protection = var.deletion_protection
+
   {% if autopilot_cluster != true %}
   dynamic "network_policy" {
     for_each = local.cluster_network_policy

autogen/main/variables.tf.tmpl

@@ -592,6 +592,12 @@ variable "notification_config_topic" {
   default = ""
 }
 
+variable "deletion_protection" {
+  type        = bool
+  description = "Whether or not to allow Terraform to destroy the cluster."
+  default     = true
+}
+
 {% if beta_cluster %}
 variable "enable_tpu" {
   type        = bool

autogen/main/versions.tf.tmpl

@@ -24,11 +24,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+      version = ">= 5.0.0, < 6"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 4.81.0, < 5.0, !=4.65.0, !=4.65.1"
+      version = ">= 5.0.0, < 6"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
@@ -46,7 +46,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.80.0, < 5.0, !=4.65.0, !=4.65.1"
+      version = ">= 5.0.0, < 6"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

autogen/safer-cluster/main.tf.tmpl

@@ -24,14 +24,15 @@ module "gke" {
   {% else %}
   source             = "../beta-private-cluster/"
   {% endif %}
-  project_id         = var.project_id
-  name               = var.name
-  description        = var.description
-  regional           = var.regional
-  region             = var.region
-  zones              = var.zones
-  network            = var.network
-  network_project_id = var.network_project_id
+  project_id          = var.project_id
+  name                = var.name
+  description         = var.description
+  regional            = var.regional
+  region              = var.region
+  zones               = var.zones
+  network             = var.network
+  network_project_id  = var.network_project_id
+  deletion_protection = var.deletion_protection
 
   // We need to enforce a minimum Kubernetes Version to ensure
   // that the necessary security features are enabled.

autogen/safer-cluster/variables.tf.tmpl

@@ -520,3 +520,9 @@ variable "workload_config_audit_mode" {
   type        = string
   default     = "DISABLED"
 }
+
+variable "deletion_protection" {
+  type        = bool
+  description = "Whether or not to allow Terraform to destroy the cluster."
+  default     = true
+}

cluster.tf

@@ -27,10 +27,12 @@ resource "google_container_cluster" "primary" {
   project         = var.project_id
   resource_labels = var.cluster_resource_labels
 
-  location          = local.location
-  node_locations    = local.node_locations
-  cluster_ipv4_cidr = var.cluster_ipv4_cidr
-  network           = "projects/${local.network_project_id}/global/networks/${var.network}"
+  location            = local.location
+  node_locations      = local.node_locations
+  cluster_ipv4_cidr   = var.cluster_ipv4_cidr
+  network             = "projects/${local.network_project_id}/global/networks/${var.network}"
+  deletion_protection = var.deletion_protection
+
   dynamic "network_policy" {
     for_each = local.cluster_network_policy
 

docs/upgrading_to_v29.0.md

@@ -2,6 +2,41 @@
 The v29.0 release of *kubernetes-engine* is a backwards incompatible
 release.
 
+### Google Cloud Platform Provider upgrade
+The Terraform Kubernetes Engine Module now requires version 5.0 or higher of the Google Cloud Platform Providers.
+
+```diff
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+-      version = "~> 4.0"
++      version = "~> 5.0"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+-      version = "~> 4.0"
++      version = "~> 5.0"
+    }
+
+  }
+}
+```
+
+### Deletion Protection
+The Terraform Kubernetes Engine Module now includes the `deletion_protection` option which defaults to `true`.  To delete your cluster you should specify it explicitly to `false`:
+
+```diff
+  module "gke" {
+-   source  = "terraform-google-modules/kubernetes-engine/google"
+-   version = "~> 28.0"
++   source  = "terraform-google-modules/kubernetes-engine/google"
++   version = "~> 29.0"
+...
++   deletion_protection = false
+}
+```
+
 ### Update variant random ID keepers updated
 
 The v29.0 release updates the keepers for the update variant modules. This will force a recreation of the nodepools.

examples/acm-terraform-blog-part1/terraform/providers.tf

@@ -17,8 +17,7 @@
 terraform {
   required_providers {
     google-beta = {
-      source  = "hashicorp/google-beta"
-      version = ">= 3.73.0"
+      source = "hashicorp/google-beta"
     }
   }
 }