diff --git a/README.md b/README.md index 3c46bd87ba..29af1b5dba 100644 --- a/README.md +++ b/README.md @@ -268,6 +268,7 @@ Then perform the following commands on the root folder: | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | +| total\_egress\_bandwidth\_tier | Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. | `string` | `null` | no | | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | | windows\_node\_pools | List of maps containing Windows node pools | `list(map(string))` | `[]` | no | | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index a2319a358a..93689f2403 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -237,7 +237,7 @@ resource "google_container_cluster" "primary" { {% if autopilot_cluster != true %} dynamic "identity_service_config" { - for_each = var.enable_identity_service !=null ? [var.enable_identity_service] : [] + for_each = var.enable_identity_service != null ? [var.enable_identity_service] : [] content { enabled = identity_service_config.value } @@ -267,6 +267,13 @@ resource "google_container_cluster" "primary" { in_transit_encryption_config = var.in_transit_encryption_config + dynamic "network_performance_config" { + for_each = var.total_egress_bandwidth_tier != null ? [1] : [] + content { + total_egress_bandwidth_tier = var.total_egress_bandwidth_tier + } + } + dynamic "secret_manager_config" { for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] content { diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index a74d7cdaba..a9e0f84162 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -710,6 +710,12 @@ variable "in_transit_encryption_config" { default = null } +variable "total_egress_bandwidth_tier" { + type = string + description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`." + default = null +} + variable "security_posture_mode" { description = "Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`." type = string diff --git a/cluster.tf b/cluster.tf index d4f5387629..73d4de51ff 100644 --- a/cluster.tf +++ b/cluster.tf @@ -206,6 +206,13 @@ resource "google_container_cluster" "primary" { in_transit_encryption_config = var.in_transit_encryption_config + dynamic "network_performance_config" { + for_each = var.total_egress_bandwidth_tier != null ? [1] : [] + content { + total_egress_bandwidth_tier = var.total_egress_bandwidth_tier + } + } + dynamic "secret_manager_config" { for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] content { diff --git a/metadata.display.yaml b/metadata.display.yaml index 86cd7a969a..20130caa5c 100644 --- a/metadata.display.yaml +++ b/metadata.display.yaml @@ -411,6 +411,9 @@ spec: timeouts: name: timeouts title: Timeouts + total_egress_bandwidth_tier: + name: total_egress_bandwidth_tier + title: Total Egress Bandwidth Tier upstream_nameservers: name: upstream_nameservers title: Upstream Nameservers diff --git a/metadata.yaml b/metadata.yaml index fc100e99c7..619f80b6de 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -558,6 +558,9 @@ spec: - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string + - name: total_egress_bandwidth_tier + description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. + varType: string - name: security_posture_mode description: Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. varType: string diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 9e0a5857d4..4653799d0f 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -163,6 +163,7 @@ Then perform the following commands on the root folder: | stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | +| total\_egress\_bandwidth\_tier | Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. | `string` | `null` | no | | workload\_config\_audit\_mode | (beta) Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC. | `string` | `"DISABLED"` | no | | workload\_vulnerability\_mode | (beta) Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC. | `string` | `""` | no | | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 4b4266f6d5..2c41d52604 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -126,6 +126,13 @@ resource "google_container_cluster" "primary" { in_transit_encryption_config = var.in_transit_encryption_config + dynamic "network_performance_config" { + for_each = var.total_egress_bandwidth_tier != null ? [1] : [] + content { + total_egress_bandwidth_tier = var.total_egress_bandwidth_tier + } + } + dynamic "secret_manager_config" { for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] content { diff --git a/modules/beta-autopilot-private-cluster/metadata.display.yaml b/modules/beta-autopilot-private-cluster/metadata.display.yaml index a1840fd44f..4c27521a94 100644 --- a/modules/beta-autopilot-private-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.display.yaml @@ -310,6 +310,9 @@ spec: timeouts: name: timeouts title: Timeouts + total_egress_bandwidth_tier: + name: total_egress_bandwidth_tier + title: Total Egress Bandwidth Tier workload_config_audit_mode: name: workload_config_audit_mode title: Workload Config Audit Mode diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml index 029d05b9c0..f20123fca4 100644 --- a/modules/beta-autopilot-private-cluster/metadata.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.yaml @@ -387,6 +387,9 @@ spec: - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string + - name: total_egress_bandwidth_tier + description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. + varType: string - name: security_posture_mode description: Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. varType: string diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 5902b8ede2..209c17513b 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -436,6 +436,12 @@ variable "in_transit_encryption_config" { default = null } +variable "total_egress_bandwidth_tier" { + type = string + description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`." + default = null +} + variable "security_posture_mode" { description = "Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`." type = string diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index dd5f4ca596..c0a7da461b 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -151,6 +151,7 @@ Then perform the following commands on the root folder: | stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | +| total\_egress\_bandwidth\_tier | Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. | `string` | `null` | no | | workload\_config\_audit\_mode | (beta) Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC. | `string` | `"DISABLED"` | no | | workload\_vulnerability\_mode | (beta) Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC. | `string` | `""` | no | | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 82e73c5c6a..13bb1a7665 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -126,6 +126,13 @@ resource "google_container_cluster" "primary" { in_transit_encryption_config = var.in_transit_encryption_config + dynamic "network_performance_config" { + for_each = var.total_egress_bandwidth_tier != null ? [1] : [] + content { + total_egress_bandwidth_tier = var.total_egress_bandwidth_tier + } + } + dynamic "secret_manager_config" { for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] content { diff --git a/modules/beta-autopilot-public-cluster/metadata.display.yaml b/modules/beta-autopilot-public-cluster/metadata.display.yaml index ad434a0c68..668f78e8b5 100644 --- a/modules/beta-autopilot-public-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.display.yaml @@ -292,6 +292,9 @@ spec: timeouts: name: timeouts title: Timeouts + total_egress_bandwidth_tier: + name: total_egress_bandwidth_tier + title: Total Egress Bandwidth Tier workload_config_audit_mode: name: workload_config_audit_mode title: Workload Config Audit Mode diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml index 6b454a53ba..ae68cc551b 100644 --- a/modules/beta-autopilot-public-cluster/metadata.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.yaml @@ -365,6 +365,9 @@ spec: - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string + - name: total_egress_bandwidth_tier + description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. + varType: string - name: security_posture_mode description: Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. varType: string diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index 1bb50892cf..ab4ea6737a 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -400,6 +400,12 @@ variable "in_transit_encryption_config" { default = null } +variable "total_egress_bandwidth_tier" { + type = string + description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`." + default = null +} + variable "security_posture_mode" { description = "Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`." type = string diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 2e24e114a2..cb3d64bc95 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -314,6 +314,7 @@ Then perform the following commands on the root folder: | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | +| total\_egress\_bandwidth\_tier | Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. | `string` | `null` | no | | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | | windows\_node\_pools | List of maps containing Windows node pools | `list(map(string))` | `[]` | no | | workload\_config\_audit\_mode | (beta) Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC. | `string` | `"DISABLED"` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index f1e2c38e6c..6edda6bb67 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -219,6 +219,13 @@ resource "google_container_cluster" "primary" { in_transit_encryption_config = var.in_transit_encryption_config + dynamic "network_performance_config" { + for_each = var.total_egress_bandwidth_tier != null ? [1] : [] + content { + total_egress_bandwidth_tier = var.total_egress_bandwidth_tier + } + } + dynamic "secret_manager_config" { for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] content { diff --git a/modules/beta-private-cluster-update-variant/metadata.display.yaml b/modules/beta-private-cluster-update-variant/metadata.display.yaml index 45a6f4f15d..85fc641407 100644 --- a/modules/beta-private-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.display.yaml @@ -457,6 +457,9 @@ spec: timeouts: name: timeouts title: Timeouts + total_egress_bandwidth_tier: + name: total_egress_bandwidth_tier + title: Total Egress Bandwidth Tier upstream_nameservers: name: upstream_nameservers title: Upstream Nameservers diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index f21921c358..bc4890e868 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -551,6 +551,9 @@ spec: - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string + - name: total_egress_bandwidth_tier + description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. + varType: string - name: security_posture_mode description: Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. varType: string diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 003072df81..08a084d61b 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -667,6 +667,12 @@ variable "in_transit_encryption_config" { default = null } +variable "total_egress_bandwidth_tier" { + type = string + description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`." + default = null +} + variable "security_posture_mode" { description = "Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`." type = string diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index cf7317c875..7f273f6b78 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -292,6 +292,7 @@ Then perform the following commands on the root folder: | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | +| total\_egress\_bandwidth\_tier | Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. | `string` | `null` | no | | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | | windows\_node\_pools | List of maps containing Windows node pools | `list(map(string))` | `[]` | no | | workload\_config\_audit\_mode | (beta) Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC. | `string` | `"DISABLED"` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 7db13baafc..fba8aee7c2 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -219,6 +219,13 @@ resource "google_container_cluster" "primary" { in_transit_encryption_config = var.in_transit_encryption_config + dynamic "network_performance_config" { + for_each = var.total_egress_bandwidth_tier != null ? [1] : [] + content { + total_egress_bandwidth_tier = var.total_egress_bandwidth_tier + } + } + dynamic "secret_manager_config" { for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] content { diff --git a/modules/beta-private-cluster/metadata.display.yaml b/modules/beta-private-cluster/metadata.display.yaml index 16bdcd0736..747ac7f7d0 100644 --- a/modules/beta-private-cluster/metadata.display.yaml +++ b/modules/beta-private-cluster/metadata.display.yaml @@ -457,6 +457,9 @@ spec: timeouts: name: timeouts title: Timeouts + total_egress_bandwidth_tier: + name: total_egress_bandwidth_tier + title: Total Egress Bandwidth Tier upstream_nameservers: name: upstream_nameservers title: Upstream Nameservers diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index 8100e11709..15e9b4a0e5 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -551,6 +551,9 @@ spec: - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string + - name: total_egress_bandwidth_tier + description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. + varType: string - name: security_posture_mode description: Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. varType: string diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 003072df81..08a084d61b 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -667,6 +667,12 @@ variable "in_transit_encryption_config" { default = null } +variable "total_egress_bandwidth_tier" { + type = string + description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`." + default = null +} + variable "security_posture_mode" { description = "Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`." type = string diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 6878c19350..0533b1fbc3 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -302,6 +302,7 @@ Then perform the following commands on the root folder: | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | +| total\_egress\_bandwidth\_tier | Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. | `string` | `null` | no | | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | | windows\_node\_pools | List of maps containing Windows node pools | `list(map(string))` | `[]` | no | | workload\_config\_audit\_mode | (beta) Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC. | `string` | `"DISABLED"` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 5c791be57d..c4cc286ac4 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -219,6 +219,13 @@ resource "google_container_cluster" "primary" { in_transit_encryption_config = var.in_transit_encryption_config + dynamic "network_performance_config" { + for_each = var.total_egress_bandwidth_tier != null ? [1] : [] + content { + total_egress_bandwidth_tier = var.total_egress_bandwidth_tier + } + } + dynamic "secret_manager_config" { for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] content { diff --git a/modules/beta-public-cluster-update-variant/metadata.display.yaml b/modules/beta-public-cluster-update-variant/metadata.display.yaml index 687b69b744..7aaca97523 100644 --- a/modules/beta-public-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.display.yaml @@ -439,6 +439,9 @@ spec: timeouts: name: timeouts title: Timeouts + total_egress_bandwidth_tier: + name: total_egress_bandwidth_tier + title: Total Egress Bandwidth Tier upstream_nameservers: name: upstream_nameservers title: Upstream Nameservers diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index f60b36ab09..0fd586c4f9 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -529,6 +529,9 @@ spec: - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string + - name: total_egress_bandwidth_tier + description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. + varType: string - name: security_posture_mode description: Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. varType: string diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index b5ffe1f7e2..2534714c8a 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -631,6 +631,12 @@ variable "in_transit_encryption_config" { default = null } +variable "total_egress_bandwidth_tier" { + type = string + description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`." + default = null +} + variable "security_posture_mode" { description = "Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`." type = string diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 55aea94ed5..13039f636d 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -280,6 +280,7 @@ Then perform the following commands on the root folder: | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | +| total\_egress\_bandwidth\_tier | Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. | `string` | `null` | no | | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | | windows\_node\_pools | List of maps containing Windows node pools | `list(map(string))` | `[]` | no | | workload\_config\_audit\_mode | (beta) Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC. | `string` | `"DISABLED"` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index ab3093409d..a15e83bb1a 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -219,6 +219,13 @@ resource "google_container_cluster" "primary" { in_transit_encryption_config = var.in_transit_encryption_config + dynamic "network_performance_config" { + for_each = var.total_egress_bandwidth_tier != null ? [1] : [] + content { + total_egress_bandwidth_tier = var.total_egress_bandwidth_tier + } + } + dynamic "secret_manager_config" { for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] content { diff --git a/modules/beta-public-cluster/metadata.display.yaml b/modules/beta-public-cluster/metadata.display.yaml index daf4ae99e5..16424f1f95 100644 --- a/modules/beta-public-cluster/metadata.display.yaml +++ b/modules/beta-public-cluster/metadata.display.yaml @@ -439,6 +439,9 @@ spec: timeouts: name: timeouts title: Timeouts + total_egress_bandwidth_tier: + name: total_egress_bandwidth_tier + title: Total Egress Bandwidth Tier upstream_nameservers: name: upstream_nameservers title: Upstream Nameservers diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index d6f028667f..73726a9738 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -529,6 +529,9 @@ spec: - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string + - name: total_egress_bandwidth_tier + description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. + varType: string - name: security_posture_mode description: Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. varType: string diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index b5ffe1f7e2..2534714c8a 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -631,6 +631,12 @@ variable "in_transit_encryption_config" { default = null } +variable "total_egress_bandwidth_tier" { + type = string + description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`." + default = null +} + variable "security_posture_mode" { description = "Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`." type = string diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 45d2255567..6b264294a7 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -302,6 +302,7 @@ Then perform the following commands on the root folder: | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | +| total\_egress\_bandwidth\_tier | Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. | `string` | `null` | no | | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | | windows\_node\_pools | List of maps containing Windows node pools | `list(map(string))` | `[]` | no | | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index e5340fc1d7..ddff47ffed 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -206,6 +206,13 @@ resource "google_container_cluster" "primary" { in_transit_encryption_config = var.in_transit_encryption_config + dynamic "network_performance_config" { + for_each = var.total_egress_bandwidth_tier != null ? [1] : [] + content { + total_egress_bandwidth_tier = var.total_egress_bandwidth_tier + } + } + dynamic "secret_manager_config" { for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] content { diff --git a/modules/private-cluster-update-variant/metadata.display.yaml b/modules/private-cluster-update-variant/metadata.display.yaml index ce1b515be7..f9f9526958 100644 --- a/modules/private-cluster-update-variant/metadata.display.yaml +++ b/modules/private-cluster-update-variant/metadata.display.yaml @@ -430,6 +430,9 @@ spec: timeouts: name: timeouts title: Timeouts + total_egress_bandwidth_tier: + name: total_egress_bandwidth_tier + title: Total Egress Bandwidth Tier upstream_nameservers: name: upstream_nameservers title: Upstream Nameservers diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml index 0c7fbb99c3..4d33be167c 100644 --- a/modules/private-cluster-update-variant/metadata.yaml +++ b/modules/private-cluster-update-variant/metadata.yaml @@ -540,6 +540,9 @@ spec: - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string + - name: total_egress_bandwidth_tier + description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. + varType: string - name: security_posture_mode description: Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. varType: string diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index e0cd988a9b..a340f25200 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -649,6 +649,12 @@ variable "in_transit_encryption_config" { default = null } +variable "total_egress_bandwidth_tier" { + type = string + description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`." + default = null +} + variable "security_posture_mode" { description = "Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`." type = string diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 5b6ce0c6dd..478956109a 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -280,6 +280,7 @@ Then perform the following commands on the root folder: | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | +| total\_egress\_bandwidth\_tier | Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. | `string` | `null` | no | | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | | windows\_node\_pools | List of maps containing Windows node pools | `list(map(string))` | `[]` | no | | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 8bb3ee7f04..719ad31332 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -206,6 +206,13 @@ resource "google_container_cluster" "primary" { in_transit_encryption_config = var.in_transit_encryption_config + dynamic "network_performance_config" { + for_each = var.total_egress_bandwidth_tier != null ? [1] : [] + content { + total_egress_bandwidth_tier = var.total_egress_bandwidth_tier + } + } + dynamic "secret_manager_config" { for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] content { diff --git a/modules/private-cluster/metadata.display.yaml b/modules/private-cluster/metadata.display.yaml index 17c5f9bf8e..0993346a8a 100644 --- a/modules/private-cluster/metadata.display.yaml +++ b/modules/private-cluster/metadata.display.yaml @@ -430,6 +430,9 @@ spec: timeouts: name: timeouts title: Timeouts + total_egress_bandwidth_tier: + name: total_egress_bandwidth_tier + title: Total Egress Bandwidth Tier upstream_nameservers: name: upstream_nameservers title: Upstream Nameservers diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml index ff338588a9..bc28e5a90c 100644 --- a/modules/private-cluster/metadata.yaml +++ b/modules/private-cluster/metadata.yaml @@ -540,6 +540,9 @@ spec: - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string + - name: total_egress_bandwidth_tier + description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`. + varType: string - name: security_posture_mode description: Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. varType: string diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index e0cd988a9b..a340f25200 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -649,6 +649,12 @@ variable "in_transit_encryption_config" { default = null } +variable "total_egress_bandwidth_tier" { + type = string + description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`." + default = null +} + variable "security_posture_mode" { description = "Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`." type = string diff --git a/variables.tf b/variables.tf index fcff03a818..52f97c0146 100644 --- a/variables.tf +++ b/variables.tf @@ -613,6 +613,12 @@ variable "in_transit_encryption_config" { default = null } +variable "total_egress_bandwidth_tier" { + type = string + description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`." + default = null +} + variable "security_posture_mode" { description = "Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`." type = string