From afe6ace7696c5ddecb449ec9732d6a9e5d00b4d1 Mon Sep 17 00:00:00 2001 From: Maikel Poot Date: Thu, 17 Jul 2025 14:01:43 +0200 Subject: [PATCH 1/4] feat: add enable_k8s_beta_apis support --- README.md | 1 + autogen/main/cluster.tf.tmpl | 7 +++++++ autogen/main/variables.tf.tmpl | 6 ++++++ cluster.tf | 7 +++++++ metadata.display.yaml | 3 +++ metadata.yaml | 4 ++++ modules/beta-autopilot-private-cluster/README.md | 1 + modules/beta-autopilot-private-cluster/cluster.tf | 7 +++++++ .../beta-autopilot-private-cluster/metadata.display.yaml | 3 +++ modules/beta-autopilot-private-cluster/metadata.yaml | 4 ++++ modules/beta-autopilot-private-cluster/variables.tf | 6 ++++++ modules/beta-autopilot-public-cluster/README.md | 1 + modules/beta-autopilot-public-cluster/cluster.tf | 7 +++++++ .../beta-autopilot-public-cluster/metadata.display.yaml | 3 +++ modules/beta-autopilot-public-cluster/metadata.yaml | 4 ++++ modules/beta-autopilot-public-cluster/variables.tf | 6 ++++++ modules/beta-private-cluster-update-variant/README.md | 1 + modules/beta-private-cluster-update-variant/cluster.tf | 7 +++++++ .../metadata.display.yaml | 3 +++ modules/beta-private-cluster-update-variant/metadata.yaml | 4 ++++ modules/beta-private-cluster-update-variant/variables.tf | 6 ++++++ modules/beta-private-cluster/README.md | 1 + modules/beta-private-cluster/cluster.tf | 7 +++++++ modules/beta-private-cluster/metadata.display.yaml | 3 +++ modules/beta-private-cluster/metadata.yaml | 4 ++++ modules/beta-private-cluster/variables.tf | 6 ++++++ modules/beta-public-cluster-update-variant/README.md | 1 + modules/beta-public-cluster-update-variant/cluster.tf | 7 +++++++ .../metadata.display.yaml | 3 +++ modules/beta-public-cluster-update-variant/metadata.yaml | 4 ++++ modules/beta-public-cluster-update-variant/variables.tf | 6 ++++++ modules/beta-public-cluster/README.md | 1 + modules/beta-public-cluster/cluster.tf | 7 +++++++ modules/beta-public-cluster/metadata.display.yaml | 3 +++ modules/beta-public-cluster/metadata.yaml | 4 ++++ modules/beta-public-cluster/variables.tf | 6 ++++++ modules/private-cluster-update-variant/README.md | 1 + modules/private-cluster-update-variant/cluster.tf | 7 +++++++ .../private-cluster-update-variant/metadata.display.yaml | 3 +++ modules/private-cluster-update-variant/metadata.yaml | 4 ++++ modules/private-cluster-update-variant/variables.tf | 6 ++++++ modules/private-cluster/README.md | 1 + modules/private-cluster/cluster.tf | 7 +++++++ modules/private-cluster/metadata.display.yaml | 3 +++ modules/private-cluster/metadata.yaml | 4 ++++ modules/private-cluster/variables.tf | 6 ++++++ variables.tf | 6 ++++++ 47 files changed, 202 insertions(+) diff --git a/README.md b/README.md index e9474b31c1..a7f66e41e4 100644 --- a/README.md +++ b/README.md @@ -175,6 +175,7 @@ Then perform the following commands on the root folder: | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no | | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index bc83fadb2b..9d66317187 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -37,6 +37,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + {% if autopilot_cluster != true %} dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 4402e8b31e..d982af4a0d 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -399,6 +399,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + {% if autopilot_cluster != true %} variable "stub_domains" { type = map(list(string)) diff --git a/cluster.tf b/cluster.tf index 3ceac845b8..00e117f621 100644 --- a/cluster.tf +++ b/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/metadata.display.yaml b/metadata.display.yaml index 69d4cc90a1..bc4f825f52 100644 --- a/metadata.display.yaml +++ b/metadata.display.yaml @@ -132,6 +132,9 @@ spec: enable_intranode_visibility: name: enable_intranode_visibility title: Enable Intranode Visibility + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_kubernetes_alpha: name: enable_kubernetes_alpha title: Enable Kubernetes Alpha diff --git a/metadata.yaml b/metadata.yaml index 6f9cb443c0..f3b64b9671 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -393,6 +393,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: stub_domains description: Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server varType: map(list(string)) diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 5eefbd1fb1..5b38a894fa 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -96,6 +96,7 @@ Then perform the following commands on the root folder: | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_multi\_networking | Whether multi-networking is enabled for this cluster | `bool` | `null` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 1a9f498abe..c124a40e02 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "release_channel" { for_each = local.release_channel diff --git a/modules/beta-autopilot-private-cluster/metadata.display.yaml b/modules/beta-autopilot-private-cluster/metadata.display.yaml index 1f0378bafb..a0e8030e51 100644 --- a/modules/beta-autopilot-private-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.display.yaml @@ -100,6 +100,9 @@ spec: enable_fqdn_network_policy: name: enable_fqdn_network_policy title: Enable Fqdn Network Policy + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_l4_ilb_subsetting: name: enable_l4_ilb_subsetting title: Enable L4 Ilb Subsetting diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml index bfa93c0186..39aae9f215 100644 --- a/modules/beta-autopilot-private-cluster/metadata.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.yaml @@ -241,6 +241,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: create_service_account description: Defines if service account specified to run nodes should be created. varType: bool diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 33636f5349..5793e0bfdc 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -208,6 +208,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "create_service_account" { diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index c46ddacdb1..b3cf9bca75 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -89,6 +89,7 @@ Then perform the following commands on the root folder: | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_multi\_networking | Whether multi-networking is enabled for this cluster | `bool` | `null` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 0c41f1a7bc..b7336ed2f5 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "release_channel" { for_each = local.release_channel diff --git a/modules/beta-autopilot-public-cluster/metadata.display.yaml b/modules/beta-autopilot-public-cluster/metadata.display.yaml index ee06f33a01..7074084b36 100644 --- a/modules/beta-autopilot-public-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.display.yaml @@ -97,6 +97,9 @@ spec: enable_fqdn_network_policy: name: enable_fqdn_network_policy title: Enable Fqdn Network Policy + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_l4_ilb_subsetting: name: enable_l4_ilb_subsetting title: Enable L4 Ilb Subsetting diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml index d33e7684db..a4809360bf 100644 --- a/modules/beta-autopilot-public-cluster/metadata.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.yaml @@ -241,6 +241,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: create_service_account description: Defines if service account specified to run nodes should be created. varType: bool diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index db033ed587..b55c76164b 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -208,6 +208,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "create_service_account" { diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 702def3f55..93a4d307c8 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -210,6 +210,7 @@ Then perform the following commands on the root folder: | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no | | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index d26aa3147d..a0975e5114 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/modules/beta-private-cluster-update-variant/metadata.display.yaml b/modules/beta-private-cluster-update-variant/metadata.display.yaml index 4f198937b0..e344f57c5f 100644 --- a/modules/beta-private-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.display.yaml @@ -145,6 +145,9 @@ spec: enable_intranode_visibility: name: enable_intranode_visibility title: Enable Intranode Visibility + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_kubernetes_alpha: name: enable_kubernetes_alpha title: Enable Kubernetes Alpha diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index 2d48263058..7b8ab6e840 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -359,6 +359,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: stub_domains description: Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server varType: map(list(string)) diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 013d93bedf..3d1b2f049a 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -376,6 +376,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "stub_domains" { type = map(list(string)) description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index af8f3e22ec..86d4ddfb71 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -188,6 +188,7 @@ Then perform the following commands on the root folder: | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no | | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 90feb8a8db..586cfdafac 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/modules/beta-private-cluster/metadata.display.yaml b/modules/beta-private-cluster/metadata.display.yaml index 3d435d2756..e3a7c2f302 100644 --- a/modules/beta-private-cluster/metadata.display.yaml +++ b/modules/beta-private-cluster/metadata.display.yaml @@ -145,6 +145,9 @@ spec: enable_intranode_visibility: name: enable_intranode_visibility title: Enable Intranode Visibility + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_kubernetes_alpha: name: enable_kubernetes_alpha title: Enable Kubernetes Alpha diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index 521ec29e9a..33541074e1 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -359,6 +359,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: stub_domains description: Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server varType: map(list(string)) diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 013d93bedf..3d1b2f049a 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -376,6 +376,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "stub_domains" { type = map(list(string)) description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 4d8918da3c..6624f976b0 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -203,6 +203,7 @@ Then perform the following commands on the root folder: | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no | | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index c0c15423f2..d728187a66 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/modules/beta-public-cluster-update-variant/metadata.display.yaml b/modules/beta-public-cluster-update-variant/metadata.display.yaml index 55d3654fe1..cdb34e1180 100644 --- a/modules/beta-public-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.display.yaml @@ -142,6 +142,9 @@ spec: enable_intranode_visibility: name: enable_intranode_visibility title: Enable Intranode Visibility + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_kubernetes_alpha: name: enable_kubernetes_alpha title: Enable Kubernetes Alpha diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index dfd19190e8..1787f278e5 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -359,6 +359,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: stub_domains description: Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server varType: map(list(string)) diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 2d8ded982d..e29ce46780 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -376,6 +376,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "stub_domains" { type = map(list(string)) description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 555b8d111a..8f91a0ac81 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -181,6 +181,7 @@ Then perform the following commands on the root folder: | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no | | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 7143e10972..9cf6e365a5 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/modules/beta-public-cluster/metadata.display.yaml b/modules/beta-public-cluster/metadata.display.yaml index b9026e7f18..7f25a4f0ab 100644 --- a/modules/beta-public-cluster/metadata.display.yaml +++ b/modules/beta-public-cluster/metadata.display.yaml @@ -142,6 +142,9 @@ spec: enable_intranode_visibility: name: enable_intranode_visibility title: Enable Intranode Visibility + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_kubernetes_alpha: name: enable_kubernetes_alpha title: Enable Kubernetes Alpha diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index 365ac01124..d63e4ee9d2 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -359,6 +359,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: stub_domains description: Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server varType: map(list(string)) diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 2d8ded982d..e29ce46780 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -376,6 +376,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "stub_domains" { type = map(list(string)) description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 26f905db9d..bc9594912c 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -204,6 +204,7 @@ Then perform the following commands on the root folder: | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no | | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index d2c7003783..727093e935 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/modules/private-cluster-update-variant/metadata.display.yaml b/modules/private-cluster-update-variant/metadata.display.yaml index 2e16adf851..c402f1d3f7 100644 --- a/modules/private-cluster-update-variant/metadata.display.yaml +++ b/modules/private-cluster-update-variant/metadata.display.yaml @@ -136,6 +136,9 @@ spec: enable_intranode_visibility: name: enable_intranode_visibility title: Enable Intranode Visibility + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_kubernetes_alpha: name: enable_kubernetes_alpha title: Enable Kubernetes Alpha diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml index 985854ad31..25c52c3c84 100644 --- a/modules/private-cluster-update-variant/metadata.yaml +++ b/modules/private-cluster-update-variant/metadata.yaml @@ -359,6 +359,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: stub_domains description: Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server varType: map(list(string)) diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index bcb541ab6d..a13defac71 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -376,6 +376,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "stub_domains" { type = map(list(string)) description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 74a4575743..6279d232cb 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -182,6 +182,7 @@ Then perform the following commands on the root folder: | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no | | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 8db30e495b..9804d1fe57 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/modules/private-cluster/metadata.display.yaml b/modules/private-cluster/metadata.display.yaml index 9de2e576d5..2acaf96118 100644 --- a/modules/private-cluster/metadata.display.yaml +++ b/modules/private-cluster/metadata.display.yaml @@ -136,6 +136,9 @@ spec: enable_intranode_visibility: name: enable_intranode_visibility title: Enable Intranode Visibility + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_kubernetes_alpha: name: enable_kubernetes_alpha title: Enable Kubernetes Alpha diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml index 7a9b9112eb..d39864ea42 100644 --- a/modules/private-cluster/metadata.yaml +++ b/modules/private-cluster/metadata.yaml @@ -359,6 +359,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: stub_domains description: Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server varType: map(list(string)) diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index bcb541ab6d..a13defac71 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -376,6 +376,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "stub_domains" { type = map(list(string)) description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" diff --git a/variables.tf b/variables.tf index fd5e608a3f..95ec6cf9ff 100644 --- a/variables.tf +++ b/variables.tf @@ -376,6 +376,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "stub_domains" { type = map(list(string)) description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" From ab0d07f07c733ad46e2a6da1063e8ae5720486cb Mon Sep 17 00:00:00 2001 From: Maikel Poot Date: Tue, 22 Jul 2025 10:44:17 +0200 Subject: [PATCH 2/4] chore: Add example as requested in pr-review --- .../README.md | 43 ++++++++++ .../main.tf | 78 +++++++++++++++++++ .../outputs.tf | 35 +++++++++ .../test_outputs.tf | 58 ++++++++++++++ .../variables.tf | 48 ++++++++++++ .../versions.tf | 27 +++++++ metadata.yaml | 2 + modules/auth/metadata.yaml | 2 + .../metadata.yaml | 2 + .../metadata.yaml | 2 + .../metadata.yaml | 2 + modules/beta-private-cluster/metadata.yaml | 2 + .../metadata.yaml | 2 + modules/beta-public-cluster/metadata.yaml | 2 + modules/binary-authorization/metadata.yaml | 2 + .../metadata.yaml | 2 + modules/fleet-membership/metadata.yaml | 2 + modules/hub-legacy/metadata.yaml | 2 + .../metadata.yaml | 2 + modules/private-cluster/metadata.yaml | 2 + .../metadata.yaml | 2 + modules/safer-cluster/metadata.yaml | 2 + modules/workload-identity/metadata.yaml | 2 + 23 files changed, 323 insertions(+) create mode 100644 examples/simple_regional_private_with_beta_apis/README.md create mode 100644 examples/simple_regional_private_with_beta_apis/main.tf create mode 100644 examples/simple_regional_private_with_beta_apis/outputs.tf create mode 100644 examples/simple_regional_private_with_beta_apis/test_outputs.tf create mode 100644 examples/simple_regional_private_with_beta_apis/variables.tf create mode 100644 examples/simple_regional_private_with_beta_apis/versions.tf diff --git a/examples/simple_regional_private_with_beta_apis/README.md b/examples/simple_regional_private_with_beta_apis/README.md new file mode 100644 index 0000000000..aff5898d61 --- /dev/null +++ b/examples/simple_regional_private_with_beta_apis/README.md @@ -0,0 +1,43 @@ +# Simple Regional Cluster + +This example illustrates how to create a simple private cluster. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| cluster\_name\_suffix | A suffix to append to the default cluster name | `string` | `""` | no | +| compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | `any` | n/a | yes | +| enable\_k8s\_beta\_apis | K8S beta apis to enable within the cluster | `any` | n/a | yes | +| ip\_range\_pods | The secondary ip range to use for pods | `any` | n/a | yes | +| network | The VPC network to host the cluster in | `any` | n/a | yes | +| project\_id | The project ID to host the cluster in | `any` | n/a | yes | +| region | The region to host the cluster in | `any` | n/a | yes | +| subnetwork | The subnetwork to host the cluster in | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| ca\_certificate | n/a | +| client\_token | n/a | +| cluster\_name | Cluster name | +| ip\_range\_pods | The secondary IP range used for pods | +| kubernetes\_endpoint | n/a | +| location | n/a | +| master\_kubernetes\_version | The master Kubernetes version | +| network | n/a | +| project\_id | n/a | +| region | n/a | +| service\_account | The default service account used for running nodes. | +| subnetwork | n/a | +| zones | List of zones in which the cluster resides | + + + +To provision this example, run the following from within this directory: +- `terraform init` to get the plugins +- `terraform plan` to see the infrastructure plan +- `terraform apply` to apply the infrastructure build +- `terraform destroy` to destroy the built infrastructure diff --git a/examples/simple_regional_private_with_beta_apis/main.tf b/examples/simple_regional_private_with_beta_apis/main.tf new file mode 100644 index 0000000000..5adf5980a1 --- /dev/null +++ b/examples/simple_regional_private_with_beta_apis/main.tf @@ -0,0 +1,78 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + cluster_type = "simple-regional-private" +} + +data "google_client_config" "default" {} + +provider "kubernetes" { + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + +data "google_compute_subnetwork" "subnetwork" { + name = var.subnetwork + project = var.project_id + region = var.region +} + +module "gke" { + source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" + version = "~> 37.0" + + project_id = var.project_id + name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" + regional = true + region = var.region + network = var.network + subnetwork = var.subnetwork + ip_range_pods = var.ip_range_pods + create_service_account = false + service_account = var.compute_engine_service_account + enable_private_endpoint = true + enable_private_nodes = true + enable_secret_manager_addon = true + default_max_pods_per_node = 20 + remove_default_node_pool = true + deletion_protection = false + enable_k8s_beta_apis = var.enable_k8s_beta_apis + + node_pools = [ + { + name = "pool-01" + min_count = 1 + max_count = 100 + local_ssd_count = 0 + disk_size_gb = 100 + disk_type = "pd-standard" + auto_repair = true + auto_upgrade = true + service_account = var.compute_engine_service_account + preemptible = false + max_pods_per_node = 12 + }, + ] + + master_authorized_networks = [ + { + cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range + display_name = "VPC" + }, + ] +} diff --git a/examples/simple_regional_private_with_beta_apis/outputs.tf b/examples/simple_regional_private_with_beta_apis/outputs.tf new file mode 100644 index 0000000000..01a13147c2 --- /dev/null +++ b/examples/simple_regional_private_with_beta_apis/outputs.tf @@ -0,0 +1,35 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "kubernetes_endpoint" { + sensitive = true + value = module.gke.endpoint +} + +output "client_token" { + sensitive = true + value = base64encode(data.google_client_config.default.access_token) +} + +output "ca_certificate" { + value = module.gke.ca_certificate +} + +output "service_account" { + description = "The default service account used for running nodes." + value = module.gke.service_account +} + diff --git a/examples/simple_regional_private_with_beta_apis/test_outputs.tf b/examples/simple_regional_private_with_beta_apis/test_outputs.tf new file mode 100644 index 0000000000..5cb60f7b95 --- /dev/null +++ b/examples/simple_regional_private_with_beta_apis/test_outputs.tf @@ -0,0 +1,58 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// These outputs are used to test the module with kitchen-terraform +// They do not need to be included in real-world uses of this module + +output "project_id" { + value = var.project_id +} + +output "region" { + value = module.gke.region +} + +output "cluster_name" { + description = "Cluster name" + value = module.gke.name +} + +output "network" { + value = var.network +} + +output "subnetwork" { + value = var.subnetwork +} + +output "location" { + value = module.gke.location +} + +output "ip_range_pods" { + description = "The secondary IP range used for pods" + value = var.ip_range_pods +} + +output "zones" { + description = "List of zones in which the cluster resides" + value = module.gke.zones +} + +output "master_kubernetes_version" { + description = "The master Kubernetes version" + value = module.gke.master_version +} diff --git a/examples/simple_regional_private_with_beta_apis/variables.tf b/examples/simple_regional_private_with_beta_apis/variables.tf new file mode 100644 index 0000000000..4113046f8f --- /dev/null +++ b/examples/simple_regional_private_with_beta_apis/variables.tf @@ -0,0 +1,48 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the cluster in" +} + +variable "cluster_name_suffix" { + description = "A suffix to append to the default cluster name" + default = "" +} + +variable "region" { + description = "The region to host the cluster in" +} + +variable "network" { + description = "The VPC network to host the cluster in" +} + +variable "subnetwork" { + description = "The subnetwork to host the cluster in" +} + +variable "ip_range_pods" { + description = "The secondary ip range to use for pods" +} + +variable "compute_engine_service_account" { + description = "Service account to associate to the nodes in the cluster" +} + +variable "enable_k8s_beta_apis" { + description = "K8S beta apis to enable within the cluster" +} diff --git a/examples/simple_regional_private_with_beta_apis/versions.tf b/examples/simple_regional_private_with_beta_apis/versions.tf new file mode 100644 index 0000000000..61934a306b --- /dev/null +++ b/examples/simple_regional_private_with_beta_apis/versions.tf @@ -0,0 +1,27 @@ +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_providers { + google = { + source = "hashicorp/google" + } + kubernetes = { + source = "hashicorp/kubernetes" + } + } + required_version = ">= 0.13" +} diff --git a/metadata.yaml b/metadata.yaml index 558456bc63..67cf1c97a1 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -118,6 +118,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/auth/metadata.yaml b/modules/auth/metadata.yaml index 050e1cace0..a14f22253d 100644 --- a/modules/auth/metadata.yaml +++ b/modules/auth/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml index 2922bc62ae..bb323529d7 100644 --- a/modules/beta-autopilot-private-cluster/metadata.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml index 0290b0b5ef..179d193c06 100644 --- a/modules/beta-autopilot-public-cluster/metadata.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index bc972fcfa2..14702a7608 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index 19d1919f76..91162ab009 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index bfeb7ccafb..53fef6ef96 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index a2f335e3b9..0020088551 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/binary-authorization/metadata.yaml b/modules/binary-authorization/metadata.yaml index a96d06d58e..3b09393baa 100644 --- a/modules/binary-authorization/metadata.yaml +++ b/modules/binary-authorization/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/fleet-app-operator-permissions/metadata.yaml b/modules/fleet-app-operator-permissions/metadata.yaml index c4547902d3..05e1dbae77 100644 --- a/modules/fleet-app-operator-permissions/metadata.yaml +++ b/modules/fleet-app-operator-permissions/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/fleet-membership/metadata.yaml b/modules/fleet-membership/metadata.yaml index 7ac062561c..4c34cf1ead 100644 --- a/modules/fleet-membership/metadata.yaml +++ b/modules/fleet-membership/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/hub-legacy/metadata.yaml b/modules/hub-legacy/metadata.yaml index 7497fe9c7c..b9b7f237f9 100644 --- a/modules/hub-legacy/metadata.yaml +++ b/modules/hub-legacy/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml index 84a11cf4aa..dc2f59f900 100644 --- a/modules/private-cluster-update-variant/metadata.yaml +++ b/modules/private-cluster-update-variant/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml index 0b13a8870f..be4c099a34 100644 --- a/modules/private-cluster/metadata.yaml +++ b/modules/private-cluster/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/safer-cluster-update-variant/metadata.yaml b/modules/safer-cluster-update-variant/metadata.yaml index c812274db5..6fde2f85c0 100644 --- a/modules/safer-cluster-update-variant/metadata.yaml +++ b/modules/safer-cluster-update-variant/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/safer-cluster/metadata.yaml b/modules/safer-cluster/metadata.yaml index b1571aa65c..8a737977f0 100644 --- a/modules/safer-cluster/metadata.yaml +++ b/modules/safer-cluster/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/workload-identity/metadata.yaml b/modules/workload-identity/metadata.yaml index b33bd7c9d1..2820087a23 100644 --- a/modules/workload-identity/metadata.yaml +++ b/modules/workload-identity/metadata.yaml @@ -84,6 +84,8 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta + - name: simple_regional_private_with_beta_apis + location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api From 57649ff7301b85611bce9bdb6ac14617a588c90b Mon Sep 17 00:00:00 2001 From: Maikel Poot Date: Wed, 23 Jul 2025 09:59:02 +0200 Subject: [PATCH 3/4] chore(review): Delete extra example and merge with simple_regional_private --- examples/simple_regional_private/README.md | 1 + examples/simple_regional_private/main.tf | 1 + examples/simple_regional_private/variables.tf | 3 + .../README.md | 43 ---------- .../main.tf | 78 ------------------- .../outputs.tf | 35 --------- .../test_outputs.tf | 58 -------------- .../variables.tf | 48 ------------ .../versions.tf | 27 ------- metadata.yaml | 2 - modules/auth/metadata.yaml | 2 - .../metadata.yaml | 2 - .../metadata.yaml | 2 - .../metadata.yaml | 2 - modules/beta-private-cluster/metadata.yaml | 2 - .../metadata.yaml | 2 - modules/beta-public-cluster/metadata.yaml | 2 - modules/binary-authorization/metadata.yaml | 2 - .../metadata.yaml | 2 - modules/fleet-membership/metadata.yaml | 2 - modules/hub-legacy/metadata.yaml | 2 - .../metadata.yaml | 2 - modules/private-cluster/metadata.yaml | 2 - .../metadata.yaml | 2 - modules/safer-cluster/metadata.yaml | 2 - modules/workload-identity/metadata.yaml | 2 - 26 files changed, 5 insertions(+), 323 deletions(-) delete mode 100644 examples/simple_regional_private_with_beta_apis/README.md delete mode 100644 examples/simple_regional_private_with_beta_apis/main.tf delete mode 100644 examples/simple_regional_private_with_beta_apis/outputs.tf delete mode 100644 examples/simple_regional_private_with_beta_apis/test_outputs.tf delete mode 100644 examples/simple_regional_private_with_beta_apis/variables.tf delete mode 100644 examples/simple_regional_private_with_beta_apis/versions.tf diff --git a/examples/simple_regional_private/README.md b/examples/simple_regional_private/README.md index 8d0a6651c4..aff5898d61 100644 --- a/examples/simple_regional_private/README.md +++ b/examples/simple_regional_private/README.md @@ -9,6 +9,7 @@ This example illustrates how to create a simple private cluster. |------|-------------|------|---------|:--------:| | cluster\_name\_suffix | A suffix to append to the default cluster name | `string` | `""` | no | | compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | `any` | n/a | yes | +| enable\_k8s\_beta\_apis | K8S beta apis to enable within the cluster | `any` | n/a | yes | | ip\_range\_pods | The secondary ip range to use for pods | `any` | n/a | yes | | network | The VPC network to host the cluster in | `any` | n/a | yes | | project\_id | The project ID to host the cluster in | `any` | n/a | yes | diff --git a/examples/simple_regional_private/main.tf b/examples/simple_regional_private/main.tf index 93f648bc7f..5adf5980a1 100644 --- a/examples/simple_regional_private/main.tf +++ b/examples/simple_regional_private/main.tf @@ -51,6 +51,7 @@ module "gke" { default_max_pods_per_node = 20 remove_default_node_pool = true deletion_protection = false + enable_k8s_beta_apis = var.enable_k8s_beta_apis node_pools = [ { diff --git a/examples/simple_regional_private/variables.tf b/examples/simple_regional_private/variables.tf index d64fdd7d3d..4113046f8f 100644 --- a/examples/simple_regional_private/variables.tf +++ b/examples/simple_regional_private/variables.tf @@ -43,3 +43,6 @@ variable "compute_engine_service_account" { description = "Service account to associate to the nodes in the cluster" } +variable "enable_k8s_beta_apis" { + description = "K8S beta apis to enable within the cluster" +} diff --git a/examples/simple_regional_private_with_beta_apis/README.md b/examples/simple_regional_private_with_beta_apis/README.md deleted file mode 100644 index aff5898d61..0000000000 --- a/examples/simple_regional_private_with_beta_apis/README.md +++ /dev/null @@ -1,43 +0,0 @@ -# Simple Regional Cluster - -This example illustrates how to create a simple private cluster. - - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| cluster\_name\_suffix | A suffix to append to the default cluster name | `string` | `""` | no | -| compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | `any` | n/a | yes | -| enable\_k8s\_beta\_apis | K8S beta apis to enable within the cluster | `any` | n/a | yes | -| ip\_range\_pods | The secondary ip range to use for pods | `any` | n/a | yes | -| network | The VPC network to host the cluster in | `any` | n/a | yes | -| project\_id | The project ID to host the cluster in | `any` | n/a | yes | -| region | The region to host the cluster in | `any` | n/a | yes | -| subnetwork | The subnetwork to host the cluster in | `any` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| ca\_certificate | n/a | -| client\_token | n/a | -| cluster\_name | Cluster name | -| ip\_range\_pods | The secondary IP range used for pods | -| kubernetes\_endpoint | n/a | -| location | n/a | -| master\_kubernetes\_version | The master Kubernetes version | -| network | n/a | -| project\_id | n/a | -| region | n/a | -| service\_account | The default service account used for running nodes. | -| subnetwork | n/a | -| zones | List of zones in which the cluster resides | - - - -To provision this example, run the following from within this directory: -- `terraform init` to get the plugins -- `terraform plan` to see the infrastructure plan -- `terraform apply` to apply the infrastructure build -- `terraform destroy` to destroy the built infrastructure diff --git a/examples/simple_regional_private_with_beta_apis/main.tf b/examples/simple_regional_private_with_beta_apis/main.tf deleted file mode 100644 index 5adf5980a1..0000000000 --- a/examples/simple_regional_private_with_beta_apis/main.tf +++ /dev/null @@ -1,78 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -locals { - cluster_type = "simple-regional-private" -} - -data "google_client_config" "default" {} - -provider "kubernetes" { - host = "https://${module.gke.endpoint}" - token = data.google_client_config.default.access_token - cluster_ca_certificate = base64decode(module.gke.ca_certificate) -} - -data "google_compute_subnetwork" "subnetwork" { - name = var.subnetwork - project = var.project_id - region = var.region -} - -module "gke" { - source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" - version = "~> 37.0" - - project_id = var.project_id - name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" - regional = true - region = var.region - network = var.network - subnetwork = var.subnetwork - ip_range_pods = var.ip_range_pods - create_service_account = false - service_account = var.compute_engine_service_account - enable_private_endpoint = true - enable_private_nodes = true - enable_secret_manager_addon = true - default_max_pods_per_node = 20 - remove_default_node_pool = true - deletion_protection = false - enable_k8s_beta_apis = var.enable_k8s_beta_apis - - node_pools = [ - { - name = "pool-01" - min_count = 1 - max_count = 100 - local_ssd_count = 0 - disk_size_gb = 100 - disk_type = "pd-standard" - auto_repair = true - auto_upgrade = true - service_account = var.compute_engine_service_account - preemptible = false - max_pods_per_node = 12 - }, - ] - - master_authorized_networks = [ - { - cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range - display_name = "VPC" - }, - ] -} diff --git a/examples/simple_regional_private_with_beta_apis/outputs.tf b/examples/simple_regional_private_with_beta_apis/outputs.tf deleted file mode 100644 index 01a13147c2..0000000000 --- a/examples/simple_regional_private_with_beta_apis/outputs.tf +++ /dev/null @@ -1,35 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -output "kubernetes_endpoint" { - sensitive = true - value = module.gke.endpoint -} - -output "client_token" { - sensitive = true - value = base64encode(data.google_client_config.default.access_token) -} - -output "ca_certificate" { - value = module.gke.ca_certificate -} - -output "service_account" { - description = "The default service account used for running nodes." - value = module.gke.service_account -} - diff --git a/examples/simple_regional_private_with_beta_apis/test_outputs.tf b/examples/simple_regional_private_with_beta_apis/test_outputs.tf deleted file mode 100644 index 5cb60f7b95..0000000000 --- a/examples/simple_regional_private_with_beta_apis/test_outputs.tf +++ /dev/null @@ -1,58 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -// These outputs are used to test the module with kitchen-terraform -// They do not need to be included in real-world uses of this module - -output "project_id" { - value = var.project_id -} - -output "region" { - value = module.gke.region -} - -output "cluster_name" { - description = "Cluster name" - value = module.gke.name -} - -output "network" { - value = var.network -} - -output "subnetwork" { - value = var.subnetwork -} - -output "location" { - value = module.gke.location -} - -output "ip_range_pods" { - description = "The secondary IP range used for pods" - value = var.ip_range_pods -} - -output "zones" { - description = "List of zones in which the cluster resides" - value = module.gke.zones -} - -output "master_kubernetes_version" { - description = "The master Kubernetes version" - value = module.gke.master_version -} diff --git a/examples/simple_regional_private_with_beta_apis/variables.tf b/examples/simple_regional_private_with_beta_apis/variables.tf deleted file mode 100644 index 4113046f8f..0000000000 --- a/examples/simple_regional_private_with_beta_apis/variables.tf +++ /dev/null @@ -1,48 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -variable "project_id" { - description = "The project ID to host the cluster in" -} - -variable "cluster_name_suffix" { - description = "A suffix to append to the default cluster name" - default = "" -} - -variable "region" { - description = "The region to host the cluster in" -} - -variable "network" { - description = "The VPC network to host the cluster in" -} - -variable "subnetwork" { - description = "The subnetwork to host the cluster in" -} - -variable "ip_range_pods" { - description = "The secondary ip range to use for pods" -} - -variable "compute_engine_service_account" { - description = "Service account to associate to the nodes in the cluster" -} - -variable "enable_k8s_beta_apis" { - description = "K8S beta apis to enable within the cluster" -} diff --git a/examples/simple_regional_private_with_beta_apis/versions.tf b/examples/simple_regional_private_with_beta_apis/versions.tf deleted file mode 100644 index 61934a306b..0000000000 --- a/examples/simple_regional_private_with_beta_apis/versions.tf +++ /dev/null @@ -1,27 +0,0 @@ -/** - * Copyright 2021 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - required_providers { - google = { - source = "hashicorp/google" - } - kubernetes = { - source = "hashicorp/kubernetes" - } - } - required_version = ">= 0.13" -} diff --git a/metadata.yaml b/metadata.yaml index 67cf1c97a1..558456bc63 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -118,8 +118,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/auth/metadata.yaml b/modules/auth/metadata.yaml index a14f22253d..050e1cace0 100644 --- a/modules/auth/metadata.yaml +++ b/modules/auth/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml index bb323529d7..2922bc62ae 100644 --- a/modules/beta-autopilot-private-cluster/metadata.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml index 179d193c06..0290b0b5ef 100644 --- a/modules/beta-autopilot-public-cluster/metadata.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index 14702a7608..bc972fcfa2 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index 91162ab009..19d1919f76 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index 53fef6ef96..bfeb7ccafb 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index 0020088551..a2f335e3b9 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/binary-authorization/metadata.yaml b/modules/binary-authorization/metadata.yaml index 3b09393baa..a96d06d58e 100644 --- a/modules/binary-authorization/metadata.yaml +++ b/modules/binary-authorization/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/fleet-app-operator-permissions/metadata.yaml b/modules/fleet-app-operator-permissions/metadata.yaml index 05e1dbae77..c4547902d3 100644 --- a/modules/fleet-app-operator-permissions/metadata.yaml +++ b/modules/fleet-app-operator-permissions/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/fleet-membership/metadata.yaml b/modules/fleet-membership/metadata.yaml index 4c34cf1ead..7ac062561c 100644 --- a/modules/fleet-membership/metadata.yaml +++ b/modules/fleet-membership/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/hub-legacy/metadata.yaml b/modules/hub-legacy/metadata.yaml index b9b7f237f9..7497fe9c7c 100644 --- a/modules/hub-legacy/metadata.yaml +++ b/modules/hub-legacy/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml index dc2f59f900..84a11cf4aa 100644 --- a/modules/private-cluster-update-variant/metadata.yaml +++ b/modules/private-cluster-update-variant/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml index be4c099a34..0b13a8870f 100644 --- a/modules/private-cluster/metadata.yaml +++ b/modules/private-cluster/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/safer-cluster-update-variant/metadata.yaml b/modules/safer-cluster-update-variant/metadata.yaml index 6fde2f85c0..c812274db5 100644 --- a/modules/safer-cluster-update-variant/metadata.yaml +++ b/modules/safer-cluster-update-variant/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/safer-cluster/metadata.yaml b/modules/safer-cluster/metadata.yaml index 8a737977f0..b1571aa65c 100644 --- a/modules/safer-cluster/metadata.yaml +++ b/modules/safer-cluster/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api diff --git a/modules/workload-identity/metadata.yaml b/modules/workload-identity/metadata.yaml index 2820087a23..b33bd7c9d1 100644 --- a/modules/workload-identity/metadata.yaml +++ b/modules/workload-identity/metadata.yaml @@ -84,8 +84,6 @@ spec: location: examples/simple_regional_private - name: simple_regional_private_beta location: examples/simple_regional_private_beta - - name: simple_regional_private_with_beta_apis - location: examples/simple_regional_private_with_beta_apis - name: simple_regional_private_with_cluster_version location: examples/simple_regional_private_with_cluster_version - name: simple_regional_with_gateway_api From 4785bc78b4fc2e544a96e68d50b931653bb86aa9 Mon Sep 17 00:00:00 2001 From: Maikel Poot Date: Thu, 24 Jul 2025 09:00:55 +0200 Subject: [PATCH 4/4] chore(review): Add default value for enable_k8s_beta_apis to fixture for simple_regional_private --- test/fixtures/simple_regional_private/example.tf | 1 + test/fixtures/simple_regional_private/variables.tf | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/test/fixtures/simple_regional_private/example.tf b/test/fixtures/simple_regional_private/example.tf index e684b3cc90..e248e8f60b 100644 --- a/test/fixtures/simple_regional_private/example.tf +++ b/test/fixtures/simple_regional_private/example.tf @@ -24,5 +24,6 @@ module "example" { subnetwork = google_compute_subnetwork.main.name ip_range_pods = google_compute_subnetwork.main.secondary_ip_range[0].range_name compute_engine_service_account = var.compute_engine_service_accounts[1] + enable_k8s_beta_apis = var.enable_k8s_beta_apis } diff --git a/test/fixtures/simple_regional_private/variables.tf b/test/fixtures/simple_regional_private/variables.tf index 8cf5823b20..d120dcba18 100644 --- a/test/fixtures/simple_regional_private/variables.tf +++ b/test/fixtures/simple_regional_private/variables.tf @@ -40,6 +40,12 @@ variable "registry_project_ids" { type = list(string) } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = ["networking.k8s.io/v1beta1/ipaddresses"] +} + variable "kubernetes_version" { type = string description = "The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region."