Merge branch 'main' into apeabody-patch-4

Author: apeabody

CHANGELOG.md

@@ -6,6 +6,32 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 Extending the adopted spec, each change should have a link to its corresponding pull request appended.
 
+## [38.0.0](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v37.1.0...v38.0.0) (2025-08-13)
+
+
+### ⚠ BREAKING CHANGES
+
+* add data cache count ([#2404](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2404))
+* **TPG>=6.42:** add support for gke_auto_upgrade_config ([#2395](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2395))
+* add support for flex start ([#2386](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2386))
+* **TPG>=6.41:** add support performance_monitoring_unit ([#2391](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2391))
+* **TPG>=6.39:** Fleet app operator permissions custom roles ([#2377](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2377))
+
+### Features
+
+* add data cache count ([#2404](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2404)) ([85c0487](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/85c0487a8e96d9f77bab5108329c6d7582b392d3))
+* add support for cluster level total_egress_bandwidth_tier ([#2394](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2394)) ([1b69e34](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/1b69e34f83511f4e63d342439102acda59128c8f))
+* add support for flex start ([#2386](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2386)) ([c0c80e6](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/c0c80e6c5b97e235d76285ab49d2c5808f2d42af))
+* Simple GKE modules for ADC ([#2397](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2397)) ([1859b17](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/1859b172249ec604b0e6edc8bce3cb003f9f6603))
+* **TPG>=6.39:** Fleet app operator permissions custom roles ([#2377](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2377)) ([c008237](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/c008237839c4a29779f893f51baabdc92846b07a))
+* **TPG>=6.41:** add support performance_monitoring_unit ([#2391](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2391)) ([e5ade9c](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/e5ade9c674e5cc32022f51062ec5952eb3c2f5cb))
+* **TPG>=6.42:** add support for gke_auto_upgrade_config ([#2395](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2395)) ([19a0929](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/19a09296015c512794f13f4f6b821a4e67459870))
+
+
+### Bug Fixes
+
+* wrap cgroup_mode coalesce with try() to handle empty values ([#2396](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2396)) ([6148cb7](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/6148cb7c9f15dbcffbb895bae44a9c0cad6ad660))
+
 ## [37.1.0](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v37.0.0...v37.1.0) (2025-07-17)
 
 

README.md

@@ -268,6 +268,7 @@ Then perform the following commands on the root folder:
 | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
 | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
+| total\_egress\_bandwidth\_tier | Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. | `string` | `null` | no |
 | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no |
 | windows\_node\_pools | List of maps containing Windows node pools | `list(map(string))` | `[]` | no |
 | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no |
@@ -352,9 +353,10 @@ The node_pools variable takes the following parameters:
 | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional |
 | insecure_kubelet_readonly_port_enabled | (boolean) Whether or not to enable the insecure Kubelet readonly port. | null | Optional |
 | key | The key required for the taint | | Required |
-| logging_variant | The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.  | DEFAULT | Optional |
-| local_ssd_count | The amount of local SSD disks that will be attached to each cluster node and may be used as a `hostpath` volume or a `local` PersistentVolume.  | 0 | Optional |
+| logging_variant | The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. | DEFAULT | Optional |
+| local_ssd_count | The amount of local SSD disks that will be attached to each cluster node and may be used as a `hostpath` volume or a `local` PersistentVolume. | 0 | Optional |
 | local_ssd_ephemeral_storage_count | The amount of local SSD disks that will be attached to each cluster node and assigned as scratch space as an `emptyDir` volume. If unspecified, ephemeral storage is backed by the cluster node boot disk. | 0 | Optional |
+| ephemeral_storage_local_ssd_data_cache_count | Number of raw-block local NVMe SSD disks to be attached to the node utilized for GKE Data Cache. | 0 | Optional |
 | local_nvme_ssd_count | Number of raw-block local NVMe SSD disks to be attached to the node.Each local SSD is 375 GB in size. If zero, it means no raw-block local NVMe SSD disks to be attached to the node. | 0 | Optional |
 | machine_type | The name of a Google Compute Engine machine type | e2-medium | Optional |
 | min_cpu_platform | Minimum CPU platform to be used by the nodes in the pool. The nodes may be scheduled on the specified or newer CPU platform. | " " | Optional |

autogen/main/README.md

@@ -228,9 +228,10 @@ The node_pools variable takes the following parameters:
 | initial_node_count | The initial number of nodes for the pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Changing this will force recreation of the resource. Defaults to the value of min_count | " " | Optional |
 | insecure_kubelet_readonly_port_enabled | (boolean) Whether or not to enable the insecure Kubelet readonly port. | null | Optional |
 | key | The key required for the taint | | Required |
-| logging_variant | The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT.  | DEFAULT | Optional |
-| local_ssd_count | The amount of local SSD disks that will be attached to each cluster node and may be used as a `hostpath` volume or a `local` PersistentVolume.  | 0 | Optional |
+| logging_variant | The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX_THROUGHPUT. | DEFAULT | Optional |
+| local_ssd_count | The amount of local SSD disks that will be attached to each cluster node and may be used as a `hostpath` volume or a `local` PersistentVolume. | 0 | Optional |
 | local_ssd_ephemeral_storage_count | The amount of local SSD disks that will be attached to each cluster node and assigned as scratch space as an `emptyDir` volume. If unspecified, ephemeral storage is backed by the cluster node boot disk. | 0 | Optional |
+| ephemeral_storage_local_ssd_data_cache_count | Number of raw-block local NVMe SSD disks to be attached to the node utilized for GKE Data Cache. | 0 | Optional |
 {% if beta_cluster %}
 | local_ssd_ephemeral_count | The amount of local SSD disks that will be attached to each cluster node and assigned as scratch space as an `emptyDir` volume. If unspecified, ephemeral storage is backed by the cluster node boot disk. | 0 | Optional |
 {% endif %}

autogen/main/cluster.tf.tmpl

@@ -237,7 +237,7 @@ resource "google_container_cluster" "primary" {
   {% if autopilot_cluster != true %}
 
   dynamic "identity_service_config" {
-    for_each = var.enable_identity_service !=null ? [var.enable_identity_service] : []
+    for_each = var.enable_identity_service != null ? [var.enable_identity_service] : []
     content {
       enabled = identity_service_config.value
     }
@@ -267,6 +267,13 @@ resource "google_container_cluster" "primary" {
 
   in_transit_encryption_config = var.in_transit_encryption_config
 
+  dynamic "network_performance_config" {
+    for_each = var.total_egress_bandwidth_tier != null ? [1] : []
+    content {
+      total_egress_bandwidth_tier = var.total_egress_bandwidth_tier
+    }
+  }
+
   dynamic "secret_manager_config" {
     for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
     content {
@@ -856,6 +863,8 @@ locals {
     "local_ssd_encryption_mode",
     "max_run_duration",
     "flex_start",
+    "local_ssd_ephemeral_storage_count",
+    "ephemeral_storage_local_ssd_data_cache_count",
   ]
 }
 
@@ -1107,14 +1116,15 @@ resource "google_container_node_pool" "windows_pools" {
     disk_type       = lookup(each.value, "disk_type", "pd-standard")
 
     dynamic "ephemeral_storage_local_ssd_config" {
-      for_each = lookup(each.value, "local_ssd_ephemeral_storage_count", 0) > 0 ? [each.value.local_ssd_ephemeral_storage_count] : []
+      for_each = lookup(each.value, "local_ssd_ephemeral_storage_count", 0) > 0 || lookup(each.value, "ephemeral_storage_local_ssd_data_cache_count", 0) > 0 ? [1] : []
       content {
-        local_ssd_count = ephemeral_storage_local_ssd_config.value
+        local_ssd_count  = lookup(each.value, "local_ssd_ephemeral_storage_count", 0)
+        data_cache_count = lookup(each.value, "ephemeral_storage_local_ssd_data_cache_count", 0)
       }
     }
     {% if beta_cluster %}
     dynamic "ephemeral_storage_config" {
-      for_each = lookup(each.value, "local_ssd_ephemeral_count",0) > 0 ? [each.value.local_ssd_ephemeral_count] : []
+      for_each = lookup(each.value, "local_ssd_ephemeral_count", 0) > 0 ? [each.value.local_ssd_ephemeral_count] : []
       content {
         local_ssd_count = ephemeral_storage_config.value
       }

autogen/main/variables.tf.tmpl

@@ -710,6 +710,12 @@ variable "in_transit_encryption_config" {
   default     = null
 }
 
+variable "total_egress_bandwidth_tier" {
+  type        = string
+  description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`."
+  default     = null
+}
+
 variable "security_posture_mode" {
   description = "Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`."
   type        = string

autogen/main/versions.tf.tmpl

@@ -63,6 +63,6 @@ terraform {
     }
   }
   provider_meta "{% if beta_cluster %}google-beta{% else %}google{% endif %}" {
-    module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v37.1.0"
+    module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v38.0.0"
   }
 }

autogen/safer-cluster/versions.tf.tmpl

@@ -23,6 +23,6 @@ terraform {
   required_version = ">=1.3"
 
   provider_meta "google-beta" {
-    module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v37.1.0"
+    module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v38.0.0"
   }
 }

cluster.tf

@@ -206,6 +206,13 @@ resource "google_container_cluster" "primary" {
 
   in_transit_encryption_config = var.in_transit_encryption_config
 
+  dynamic "network_performance_config" {
+    for_each = var.total_egress_bandwidth_tier != null ? [1] : []
+    content {
+      total_egress_bandwidth_tier = var.total_egress_bandwidth_tier
+    }
+  }
+
   dynamic "secret_manager_config" {
     for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
     content {
@@ -812,9 +819,10 @@ resource "google_container_node_pool" "pools" {
     disk_type       = lookup(each.value, "disk_type", "pd-standard")
 
     dynamic "ephemeral_storage_local_ssd_config" {
-      for_each = lookup(each.value, "local_ssd_ephemeral_storage_count", 0) > 0 ? [each.value.local_ssd_ephemeral_storage_count] : []
+      for_each = lookup(each.value, "local_ssd_ephemeral_storage_count", 0) > 0 || lookup(each.value, "ephemeral_storage_local_ssd_data_cache_count", 0) > 0 ? [1] : []
       content {
-        local_ssd_count = ephemeral_storage_local_ssd_config.value
+        local_ssd_count  = lookup(each.value, "local_ssd_ephemeral_storage_count", 0)
+        data_cache_count = lookup(each.value, "ephemeral_storage_local_ssd_data_cache_count", 0)
       }
     }
 
@@ -1177,9 +1185,10 @@ resource "google_container_node_pool" "windows_pools" {
     disk_type       = lookup(each.value, "disk_type", "pd-standard")
 
     dynamic "ephemeral_storage_local_ssd_config" {
-      for_each = lookup(each.value, "local_ssd_ephemeral_storage_count", 0) > 0 ? [each.value.local_ssd_ephemeral_storage_count] : []
+      for_each = lookup(each.value, "local_ssd_ephemeral_storage_count", 0) > 0 || lookup(each.value, "ephemeral_storage_local_ssd_data_cache_count", 0) > 0 ? [1] : []
       content {
-        local_ssd_count = ephemeral_storage_local_ssd_config.value
+        local_ssd_count  = lookup(each.value, "local_ssd_ephemeral_storage_count", 0)
+        data_cache_count = lookup(each.value, "ephemeral_storage_local_ssd_data_cache_count", 0)
       }
     }
 

docs/upgrading_to_v38.0.md

@@ -0,0 +1,9 @@
+# Upgrading to v38.0
+The v38.0 release of *kubernetes-engine* is a backwards incompatible release.
+
+### Google Cloud Platform Provider upgrade
+The Terraform Kubernetes Engine Module now requires version 6.42 or higher of the Google Cloud Platform Providers.
+
+### Update variant random ID keepers updated
+
+The v38.0 release updates the keepers for the update variant modules. This will force a recreation of the nodepools. To avoid this, it is possible to edit the remote state of the `random_id` resource to add the new attributes.

metadata.display.yaml

@@ -411,6 +411,9 @@ spec:
         timeouts:
           name: timeouts
           title: Timeouts
+        total_egress_bandwidth_tier:
+          name: total_egress_bandwidth_tier
+          title: Total Egress Bandwidth Tier
         upstream_nameservers:
           name: upstream_nameservers
           title: Upstream Nameservers