diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 2eae8a0666..b50f4fa28d 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -697,15 +697,10 @@ resource "google_container_cluster" "primary" { {% endif %} dynamic "control_plane_endpoints_config" { - for_each = var.dns_allow_external_traffic != null {% if private_cluster %}|| (var.enable_private_endpoint && var.deploy_using_private_endpoint) {% endif %}? [1] : [] + for_each = var.dns_allow_external_traffic != null ? [1] : [] content { dns_endpoint_config { - {% if private_cluster %} - # TODO: Migrate to only dns_allow_external_traffic in next breaking release - allow_external_traffic = var.dns_allow_external_traffic == true || var.deploy_using_private_endpoint -{% else %} allow_external_traffic = var.dns_allow_external_traffic -{% endif %} } } } diff --git a/docs/upgrading_to_v37.0.md b/docs/upgrading_to_v37.0.md new file mode 100644 index 0000000000..8a5dc497c3 --- /dev/null +++ b/docs/upgrading_to_v37.0.md @@ -0,0 +1,18 @@ +# Upgrading to v37.0 +The v37.0 release of *kubernetes-engine* is a backwards incompatible release. + +### Google Cloud Platform Provider upgrade +The Terraform Kubernetes Engine Module now requires version 6.27 or higher of the Google Cloud Platform Providers. + +### Private Cluster DNS Allow External Traffic +DNS allow external traffic is now controlled solely by `dns_allow_external_traffic` for private clusters. +To enable, set `dns_allow_external_traffic` to `true`. + +```diff + module "cluster" { +- version = "~> 36.0" ++ version = "~> 37.0" + ++ dns_allow_external_traffic = true +} +``` diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 5488c9629b..2a48cb2c9f 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -351,11 +351,10 @@ resource "google_container_cluster" "primary" { } dynamic "control_plane_endpoints_config" { - for_each = var.dns_allow_external_traffic != null || (var.enable_private_endpoint && var.deploy_using_private_endpoint) ? [1] : [] + for_each = var.dns_allow_external_traffic != null ? [1] : [] content { dns_endpoint_config { - # TODO: Migrate to only dns_allow_external_traffic in next breaking release - allow_external_traffic = var.dns_allow_external_traffic == true || var.deploy_using_private_endpoint + allow_external_traffic = var.dns_allow_external_traffic } } } diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 52abaffd15..d89273939d 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -592,11 +592,10 @@ resource "google_container_cluster" "primary" { } dynamic "control_plane_endpoints_config" { - for_each = var.dns_allow_external_traffic != null || (var.enable_private_endpoint && var.deploy_using_private_endpoint) ? [1] : [] + for_each = var.dns_allow_external_traffic != null ? [1] : [] content { dns_endpoint_config { - # TODO: Migrate to only dns_allow_external_traffic in next breaking release - allow_external_traffic = var.dns_allow_external_traffic == true || var.deploy_using_private_endpoint + allow_external_traffic = var.dns_allow_external_traffic } } } diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 7a1df2e694..cdc24c055e 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -592,11 +592,10 @@ resource "google_container_cluster" "primary" { } dynamic "control_plane_endpoints_config" { - for_each = var.dns_allow_external_traffic != null || (var.enable_private_endpoint && var.deploy_using_private_endpoint) ? [1] : [] + for_each = var.dns_allow_external_traffic != null ? [1] : [] content { dns_endpoint_config { - # TODO: Migrate to only dns_allow_external_traffic in next breaking release - allow_external_traffic = var.dns_allow_external_traffic == true || var.deploy_using_private_endpoint + allow_external_traffic = var.dns_allow_external_traffic } } } diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index ec287b5760..0238114a7f 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -541,11 +541,10 @@ resource "google_container_cluster" "primary" { } dynamic "control_plane_endpoints_config" { - for_each = var.dns_allow_external_traffic != null || (var.enable_private_endpoint && var.deploy_using_private_endpoint) ? [1] : [] + for_each = var.dns_allow_external_traffic != null ? [1] : [] content { dns_endpoint_config { - # TODO: Migrate to only dns_allow_external_traffic in next breaking release - allow_external_traffic = var.dns_allow_external_traffic == true || var.deploy_using_private_endpoint + allow_external_traffic = var.dns_allow_external_traffic } } } diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 06840c7572..21a88de883 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -541,11 +541,10 @@ resource "google_container_cluster" "primary" { } dynamic "control_plane_endpoints_config" { - for_each = var.dns_allow_external_traffic != null || (var.enable_private_endpoint && var.deploy_using_private_endpoint) ? [1] : [] + for_each = var.dns_allow_external_traffic != null ? [1] : [] content { dns_endpoint_config { - # TODO: Migrate to only dns_allow_external_traffic in next breaking release - allow_external_traffic = var.dns_allow_external_traffic == true || var.deploy_using_private_endpoint + allow_external_traffic = var.dns_allow_external_traffic } } }