fix!: re-align node_config_defaults to cluster types (#2256)

Author: apeabody

README.md

@@ -203,6 +203,7 @@ Then perform the following commands on the root folder:
 | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no |
 | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no |
 | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no |
+| logging\_variant | (Optional) The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX\_THROUGHPUT. | `string` | `null` | no |
 | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no |
 | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no |
 | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no |

autogen/main/cluster.tf.tmpl

@@ -706,26 +706,18 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  {% if autopilot_cluster != true %}
   node_pool_defaults {
     node_config_defaults {
-      {% if autopilot_cluster %}
       logging_variant = var.logging_variant
-      dynamic "gcfs_config" {
-        for_each = var.enable_gcfs != null ? [true] : []
-        content {
-          enabled = var.enable_gcfs
-        }
-      }
-      {% endif %}
-      {% if autopilot_cluster != true %}
       gcfs_config {
         enabled = var.enable_gcfs
       }
       insecure_kubelet_readonly_port_enabled = var.insecure_kubelet_readonly_port_enabled != null ? upper(tostring(var.insecure_kubelet_readonly_port_enabled)) : null
-      {% endif %}
     }
   }
 
+  {% endif %}
   {% if beta_cluster %}
   depends_on = [google_project_iam_member.service_agent]
   {% endif %}

autogen/main/variables.tf.tmpl

@@ -607,17 +607,14 @@ variable "enable_confidential_nodes" {
   description = "An optional flag to enable confidential node config."
   default = false
 }
+{% if autopilot_cluster != true %}
 
 variable "enable_gcfs" {
   type        = bool
   description = "Enable image streaming on cluster level."
-  {% if autopilot_cluster != true %}
   default     = false
-  {% endif %}
-  {% if autopilot_cluster %}
-  default     = true
-  {% endif %}
 }
+{% endif %}
 
 variable "enable_secret_manager_addon" {
   description = "Enable the Secret Manager add-on for this cluster"
@@ -1022,7 +1019,7 @@ variable "fleet_project_grant_service_agent" {
   default = false
 }
 {% endif %}
-{% if beta_cluster and autopilot_cluster %}
+{% if autopilot_cluster != true %}
 
 variable "logging_variant" {
   description = "(Optional) The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT."

cluster.tf

@@ -537,6 +537,7 @@ resource "google_container_cluster" "primary" {
 
   node_pool_defaults {
     node_config_defaults {
+      logging_variant = var.logging_variant
       gcfs_config {
         enabled = var.enable_gcfs
       }

examples/island_cluster_anywhere_in_gcp_design/main.tf

@@ -65,7 +65,6 @@ module "gke" {
       disk_size_gb              = 100
       disk_type                 = "pd-standard"
       image_type                = "COS_CONTAINERD"
-      logging_variant           = "DEFAULT"
       auto_repair               = true
       auto_upgrade              = true
       service_account           = google_service_account.gke-sa[each.key].email

examples/island_cluster_with_vm_router/main.tf

@@ -181,7 +181,6 @@ module "gke" {
       disk_size_gb              = 100
       disk_type                 = "pd-standard"
       image_type                = "COS_CONTAINERD"
-      logging_variant           = "DEFAULT"
       auto_repair               = true
       auto_upgrade              = true
       service_account           = google_service_account.gke-sa.email

examples/node_pool/main.tf

@@ -44,6 +44,7 @@ module "gke" {
   cluster_autoscaling               = var.cluster_autoscaling
   deletion_protection               = false
   service_account                   = "default"
+  logging_variant                   = "MAX_THROUGHPUT"
 
   node_pools = [
     {
@@ -53,6 +54,7 @@ module "gke" {
       service_account = var.compute_engine_service_account
       auto_upgrade    = true
       enable_gcfs     = false
+      logging_variant = "DEFAULT"
     },
     {
       name              = "pool-02"

modules/beta-autopilot-private-cluster/README.md

@@ -93,7 +93,6 @@ Then perform the following commands on the root folder:
 | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no |
 | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no |
 | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no |
-| enable\_gcfs | Enable image streaming on cluster level. | `bool` | `true` | no |
 | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no |
 | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no |
 | enable\_private\_endpoint | Whether the master's internal IP address is used as the cluster endpoint | `bool` | `false` | no |
@@ -122,7 +121,6 @@ Then perform the following commands on the root folder:
 | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no |
 | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no |
 | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no |
-| logging\_variant | (Optional) The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX\_THROUGHPUT. | `string` | `null` | no |
 | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no |
 | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no |
 | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no |

modules/beta-autopilot-private-cluster/cluster.tf

@@ -375,17 +375,5 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  node_pool_defaults {
-    node_config_defaults {
-      logging_variant = var.logging_variant
-      dynamic "gcfs_config" {
-        for_each = var.enable_gcfs != null ? [true] : []
-        content {
-          enabled = var.enable_gcfs
-        }
-      }
-    }
-  }
-
   depends_on = [google_project_iam_member.service_agent]
 }

modules/beta-autopilot-private-cluster/variables.tf

@@ -394,12 +394,6 @@ variable "enable_confidential_nodes" {
   default     = false
 }
 
-variable "enable_gcfs" {
-  type        = bool
-  description = "Enable image streaming on cluster level."
-  default     = true
-}
-
 variable "enable_secret_manager_addon" {
   description = "Enable the Secret Manager add-on for this cluster"
   type        = bool
@@ -604,12 +598,6 @@ variable "fleet_project_grant_service_agent" {
   default     = false
 }
 
-variable "logging_variant" {
-  description = "(Optional) The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT."
-  type        = string
-  default     = null
-}
-
 variable "monitoring_metric_writer_role" {
   description = "The monitoring metrics writer role to assign to the GKE node service account"
   type        = string