diff --git a/README.md b/README.md index 4799223ed7..3c46bd87ba 100644 --- a/README.md +++ b/README.md @@ -194,6 +194,7 @@ Then perform the following commands on the root folder: | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | | gcp\_public\_cidrs\_access\_enabled | Allow access through Google Cloud public IP addresses | `bool` | `null` | no | | gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | +| gke\_auto\_upgrade\_config\_patch\_mode | The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel. | `string` | `null` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 08148fe431..a2319a358a 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -64,6 +64,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gke_auto_upgrade_config" { + for_each = var.gke_auto_upgrade_config_patch_mode != null ? [1] : [] + + content { + patch_mode = var.gke_auto_upgrade_config_patch_mode + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 4402e8b31e..a74d7cdaba 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -698,6 +698,12 @@ variable "enable_cilium_clusterwide_network_policy" { default = false } +variable "gke_auto_upgrade_config_patch_mode" { + type = string + description = "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + default = null +} + variable "in_transit_encryption_config" { type = string description = "Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`." diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index aa02c6e23d..8112dc71a6 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -24,33 +24,33 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } {% elif beta_cluster and autopilot_cluster %} required_providers { google = { source = "hashicorp/google" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } {% elif autopilot_cluster %} required_providers { google = { source = "hashicorp/google" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } {% else %} required_providers { google = { source = "hashicorp/google" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } {% endif %} kubernetes = { diff --git a/cluster.tf b/cluster.tf index 21a6be850a..d4f5387629 100644 --- a/cluster.tf +++ b/cluster.tf @@ -58,6 +58,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gke_auto_upgrade_config" { + for_each = var.gke_auto_upgrade_config_patch_mode != null ? [1] : [] + + content { + patch_mode = var.gke_auto_upgrade_config_patch_mode + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/metadata.display.yaml b/metadata.display.yaml index 69d4cc90a1..86cd7a969a 100644 --- a/metadata.display.yaml +++ b/metadata.display.yaml @@ -189,6 +189,9 @@ spec: gcs_fuse_csi_driver: name: gcs_fuse_csi_driver title: Gcs Fuse Csi Driver + gke_auto_upgrade_config_patch_mode: + name: gke_auto_upgrade_config_patch_mode + title: Gke Auto Upgrade Config Patch Mode gke_backup_agent_config: name: gke_backup_agent_config title: Gke Backup Agent Config diff --git a/metadata.yaml b/metadata.yaml index aacf25b7ca..fc100e99c7 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -552,6 +552,9 @@ spec: description: Enable Cilium Cluster Wide Network Policies on the cluster varType: bool defaultValue: false + - name: gke_auto_upgrade_config_patch_mode + description: "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + varType: string - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 4ba9913f08..9e0a5857d4 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -113,6 +113,7 @@ Then perform the following commands on the root folder: | fleet\_project\_grant\_service\_agent | (Optional) Grant the fleet project service identity the `roles/gkehub.serviceAgent` and `roles/gkehub.crossProjectServiceAgent` roles. | `bool` | `false` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gcp\_public\_cidrs\_access\_enabled | Allow access through Google Cloud public IP addresses | `bool` | `null` | no | +| gke\_auto\_upgrade\_config\_patch\_mode | The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel. | `string` | `null` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 1a9f498abe..4b4266f6d5 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -50,6 +50,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gke_auto_upgrade_config" { + for_each = var.gke_auto_upgrade_config_patch_mode != null ? [1] : [] + + content { + patch_mode = var.gke_auto_upgrade_config_patch_mode + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/beta-autopilot-private-cluster/metadata.display.yaml b/modules/beta-autopilot-private-cluster/metadata.display.yaml index 1f0378bafb..a1840fd44f 100644 --- a/modules/beta-autopilot-private-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.display.yaml @@ -151,6 +151,9 @@ spec: gcp_public_cidrs_access_enabled: name: gcp_public_cidrs_access_enabled title: Gcp Public Cidrs Access Enabled + gke_auto_upgrade_config_patch_mode: + name: gke_auto_upgrade_config_patch_mode + title: Gke Auto Upgrade Config Patch Mode gke_backup_agent_config: name: gke_backup_agent_config title: Gke Backup Agent Config diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml index dd1e61547f..029d05b9c0 100644 --- a/modules/beta-autopilot-private-cluster/metadata.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.yaml @@ -381,6 +381,9 @@ spec: description: Enable Cilium Cluster Wide Network Policies on the cluster varType: bool defaultValue: false + - name: gke_auto_upgrade_config_patch_mode + description: "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + varType: string - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 33636f5349..5902b8ede2 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -424,6 +424,12 @@ variable "enable_cilium_clusterwide_network_policy" { default = false } +variable "gke_auto_upgrade_config_patch_mode" { + type = string + description = "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + default = null +} + variable "in_transit_encryption_config" { type = string description = "Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`." diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index 3be787c309..44d1f77f83 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 4747b44785..dd5f4ca596 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -104,6 +104,7 @@ Then perform the following commands on the root folder: | fleet\_project\_grant\_service\_agent | (Optional) Grant the fleet project service identity the `roles/gkehub.serviceAgent` and `roles/gkehub.crossProjectServiceAgent` roles. | `bool` | `false` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gcp\_public\_cidrs\_access\_enabled | Allow access through Google Cloud public IP addresses | `bool` | `null` | no | +| gke\_auto\_upgrade\_config\_patch\_mode | The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel. | `string` | `null` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 0c41f1a7bc..82e73c5c6a 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -50,6 +50,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gke_auto_upgrade_config" { + for_each = var.gke_auto_upgrade_config_patch_mode != null ? [1] : [] + + content { + patch_mode = var.gke_auto_upgrade_config_patch_mode + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/beta-autopilot-public-cluster/metadata.display.yaml b/modules/beta-autopilot-public-cluster/metadata.display.yaml index ee06f33a01..ad434a0c68 100644 --- a/modules/beta-autopilot-public-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.display.yaml @@ -142,6 +142,9 @@ spec: gcp_public_cidrs_access_enabled: name: gcp_public_cidrs_access_enabled title: Gcp Public Cidrs Access Enabled + gke_auto_upgrade_config_patch_mode: + name: gke_auto_upgrade_config_patch_mode + title: Gke Auto Upgrade Config Patch Mode gke_backup_agent_config: name: gke_backup_agent_config title: Gke Backup Agent Config diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml index 5ea0b3bd9e..6b454a53ba 100644 --- a/modules/beta-autopilot-public-cluster/metadata.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.yaml @@ -359,6 +359,9 @@ spec: description: Enable Cilium Cluster Wide Network Policies on the cluster varType: bool defaultValue: false + - name: gke_auto_upgrade_config_patch_mode + description: "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + varType: string - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index db033ed587..1bb50892cf 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -388,6 +388,12 @@ variable "enable_cilium_clusterwide_network_policy" { default = false } +variable "gke_auto_upgrade_config_patch_mode" { + type = string + description = "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + default = null +} + variable "in_transit_encryption_config" { type = string description = "Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`." diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index 9d530f363c..937778f4f8 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index f5ca6c90a4..2e24e114a2 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -233,6 +233,7 @@ Then perform the following commands on the root folder: | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | | gcp\_public\_cidrs\_access\_enabled | Allow access through Google Cloud public IP addresses | `bool` | `null` | no | | gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | +| gke\_auto\_upgrade\_config\_patch\_mode | The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel. | `string` | `null` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 0a20f5a639..f1e2c38e6c 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -58,6 +58,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gke_auto_upgrade_config" { + for_each = var.gke_auto_upgrade_config_patch_mode != null ? [1] : [] + + content { + patch_mode = var.gke_auto_upgrade_config_patch_mode + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/beta-private-cluster-update-variant/metadata.display.yaml b/modules/beta-private-cluster-update-variant/metadata.display.yaml index 4f198937b0..45a6f4f15d 100644 --- a/modules/beta-private-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.display.yaml @@ -214,6 +214,9 @@ spec: gcs_fuse_csi_driver: name: gcs_fuse_csi_driver title: Gcs Fuse Csi Driver + gke_auto_upgrade_config_patch_mode: + name: gke_auto_upgrade_config_patch_mode + title: Gke Auto Upgrade Config Patch Mode gke_backup_agent_config: name: gke_backup_agent_config title: Gke Backup Agent Config diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index 03cfd944b6..f21921c358 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -545,6 +545,9 @@ spec: description: Enable Cilium Cluster Wide Network Policies on the cluster varType: bool defaultValue: false + - name: gke_auto_upgrade_config_patch_mode + description: "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + varType: string - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 013d93bedf..003072df81 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -655,6 +655,12 @@ variable "enable_cilium_clusterwide_network_policy" { default = false } +variable "gke_auto_upgrade_config_patch_mode" { + type = string + description = "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + default = null +} + variable "in_transit_encryption_config" { type = string description = "Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`." diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index 75dbf8bdd7..166c9be6ab 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index b555fd0073..cf7317c875 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -211,6 +211,7 @@ Then perform the following commands on the root folder: | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | | gcp\_public\_cidrs\_access\_enabled | Allow access through Google Cloud public IP addresses | `bool` | `null` | no | | gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | +| gke\_auto\_upgrade\_config\_patch\_mode | The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel. | `string` | `null` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 0ee19fe344..7db13baafc 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -58,6 +58,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gke_auto_upgrade_config" { + for_each = var.gke_auto_upgrade_config_patch_mode != null ? [1] : [] + + content { + patch_mode = var.gke_auto_upgrade_config_patch_mode + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/beta-private-cluster/metadata.display.yaml b/modules/beta-private-cluster/metadata.display.yaml index 3d435d2756..16bdcd0736 100644 --- a/modules/beta-private-cluster/metadata.display.yaml +++ b/modules/beta-private-cluster/metadata.display.yaml @@ -214,6 +214,9 @@ spec: gcs_fuse_csi_driver: name: gcs_fuse_csi_driver title: Gcs Fuse Csi Driver + gke_auto_upgrade_config_patch_mode: + name: gke_auto_upgrade_config_patch_mode + title: Gke Auto Upgrade Config Patch Mode gke_backup_agent_config: name: gke_backup_agent_config title: Gke Backup Agent Config diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index 597158119c..8100e11709 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -545,6 +545,9 @@ spec: description: Enable Cilium Cluster Wide Network Policies on the cluster varType: bool defaultValue: false + - name: gke_auto_upgrade_config_patch_mode + description: "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + varType: string - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 013d93bedf..003072df81 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -655,6 +655,12 @@ variable "enable_cilium_clusterwide_network_policy" { default = false } +variable "gke_auto_upgrade_config_patch_mode" { + type = string + description = "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + default = null +} + variable "in_transit_encryption_config" { type = string description = "Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`." diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 7077044269..bcf3dd08ac 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 3868f53971..6878c19350 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -224,6 +224,7 @@ Then perform the following commands on the root folder: | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | | gcp\_public\_cidrs\_access\_enabled | Allow access through Google Cloud public IP addresses | `bool` | `null` | no | | gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | +| gke\_auto\_upgrade\_config\_patch\_mode | The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel. | `string` | `null` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 2be5304f8a..5c791be57d 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -58,6 +58,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gke_auto_upgrade_config" { + for_each = var.gke_auto_upgrade_config_patch_mode != null ? [1] : [] + + content { + patch_mode = var.gke_auto_upgrade_config_patch_mode + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/beta-public-cluster-update-variant/metadata.display.yaml b/modules/beta-public-cluster-update-variant/metadata.display.yaml index 55d3654fe1..687b69b744 100644 --- a/modules/beta-public-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.display.yaml @@ -205,6 +205,9 @@ spec: gcs_fuse_csi_driver: name: gcs_fuse_csi_driver title: Gcs Fuse Csi Driver + gke_auto_upgrade_config_patch_mode: + name: gke_auto_upgrade_config_patch_mode + title: Gke Auto Upgrade Config Patch Mode gke_backup_agent_config: name: gke_backup_agent_config title: Gke Backup Agent Config diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index d2a3eb3d81..f60b36ab09 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -523,6 +523,9 @@ spec: description: Enable Cilium Cluster Wide Network Policies on the cluster varType: bool defaultValue: false + - name: gke_auto_upgrade_config_patch_mode + description: "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + varType: string - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 2d8ded982d..b5ffe1f7e2 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -619,6 +619,12 @@ variable "enable_cilium_clusterwide_network_policy" { default = false } +variable "gke_auto_upgrade_config_patch_mode" { + type = string + description = "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + default = null +} + variable "in_transit_encryption_config" { type = string description = "Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`." diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index 13344f218e..d0572ca75b 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index a93fdf84af..55aea94ed5 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -202,6 +202,7 @@ Then perform the following commands on the root folder: | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | | gcp\_public\_cidrs\_access\_enabled | Allow access through Google Cloud public IP addresses | `bool` | `null` | no | | gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | +| gke\_auto\_upgrade\_config\_patch\_mode | The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel. | `string` | `null` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index a179627054..ab3093409d 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -58,6 +58,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gke_auto_upgrade_config" { + for_each = var.gke_auto_upgrade_config_patch_mode != null ? [1] : [] + + content { + patch_mode = var.gke_auto_upgrade_config_patch_mode + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/beta-public-cluster/metadata.display.yaml b/modules/beta-public-cluster/metadata.display.yaml index b9026e7f18..daf4ae99e5 100644 --- a/modules/beta-public-cluster/metadata.display.yaml +++ b/modules/beta-public-cluster/metadata.display.yaml @@ -205,6 +205,9 @@ spec: gcs_fuse_csi_driver: name: gcs_fuse_csi_driver title: Gcs Fuse Csi Driver + gke_auto_upgrade_config_patch_mode: + name: gke_auto_upgrade_config_patch_mode + title: Gke Auto Upgrade Config Patch Mode gke_backup_agent_config: name: gke_backup_agent_config title: Gke Backup Agent Config diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index 0de0aea933..d6f028667f 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -523,6 +523,9 @@ spec: description: Enable Cilium Cluster Wide Network Policies on the cluster varType: bool defaultValue: false + - name: gke_auto_upgrade_config_patch_mode + description: "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + varType: string - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 2d8ded982d..b5ffe1f7e2 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -619,6 +619,12 @@ variable "enable_cilium_clusterwide_network_policy" { default = false } +variable "gke_auto_upgrade_config_patch_mode" { + type = string + description = "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + default = null +} + variable "in_transit_encryption_config" { type = string description = "Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`." diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index f2f2b02e9a..703d349158 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 6bf8729151..45d2255567 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -225,6 +225,7 @@ Then perform the following commands on the root folder: | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | | gcp\_public\_cidrs\_access\_enabled | Allow access through Google Cloud public IP addresses | `bool` | `null` | no | | gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | +| gke\_auto\_upgrade\_config\_patch\_mode | The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel. | `string` | `null` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index a7c18fac82..e5340fc1d7 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -58,6 +58,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gke_auto_upgrade_config" { + for_each = var.gke_auto_upgrade_config_patch_mode != null ? [1] : [] + + content { + patch_mode = var.gke_auto_upgrade_config_patch_mode + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/private-cluster-update-variant/metadata.display.yaml b/modules/private-cluster-update-variant/metadata.display.yaml index 2e16adf851..ce1b515be7 100644 --- a/modules/private-cluster-update-variant/metadata.display.yaml +++ b/modules/private-cluster-update-variant/metadata.display.yaml @@ -199,6 +199,9 @@ spec: gcs_fuse_csi_driver: name: gcs_fuse_csi_driver title: Gcs Fuse Csi Driver + gke_auto_upgrade_config_patch_mode: + name: gke_auto_upgrade_config_patch_mode + title: Gke Auto Upgrade Config Patch Mode gke_backup_agent_config: name: gke_backup_agent_config title: Gke Backup Agent Config diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml index 8d80c0ed38..0c7fbb99c3 100644 --- a/modules/private-cluster-update-variant/metadata.yaml +++ b/modules/private-cluster-update-variant/metadata.yaml @@ -534,6 +534,9 @@ spec: description: Enable Cilium Cluster Wide Network Policies on the cluster varType: bool defaultValue: false + - name: gke_auto_upgrade_config_patch_mode + description: "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + varType: string - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index bcb541ab6d..e0cd988a9b 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -637,6 +637,12 @@ variable "enable_cilium_clusterwide_network_policy" { default = false } +variable "gke_auto_upgrade_config_patch_mode" { + type = string + description = "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + default = null +} + variable "in_transit_encryption_config" { type = string description = "Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`." diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index 06d4eb7081..32449b3905 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index ab29e57aba..5b6ce0c6dd 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -203,6 +203,7 @@ Then perform the following commands on the root folder: | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | | gcp\_public\_cidrs\_access\_enabled | Allow access through Google Cloud public IP addresses | `bool` | `null` | no | | gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | +| gke\_auto\_upgrade\_config\_patch\_mode | The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel. | `string` | `null` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index f5060964d1..8bb3ee7f04 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -58,6 +58,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gke_auto_upgrade_config" { + for_each = var.gke_auto_upgrade_config_patch_mode != null ? [1] : [] + + content { + patch_mode = var.gke_auto_upgrade_config_patch_mode + } + } + dynamic "cost_management_config" { for_each = var.enable_cost_allocation ? [1] : [] content { diff --git a/modules/private-cluster/metadata.display.yaml b/modules/private-cluster/metadata.display.yaml index 9de2e576d5..17c5f9bf8e 100644 --- a/modules/private-cluster/metadata.display.yaml +++ b/modules/private-cluster/metadata.display.yaml @@ -199,6 +199,9 @@ spec: gcs_fuse_csi_driver: name: gcs_fuse_csi_driver title: Gcs Fuse Csi Driver + gke_auto_upgrade_config_patch_mode: + name: gke_auto_upgrade_config_patch_mode + title: Gke Auto Upgrade Config Patch Mode gke_backup_agent_config: name: gke_backup_agent_config title: Gke Backup Agent Config diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml index e6d6e88799..ff338588a9 100644 --- a/modules/private-cluster/metadata.yaml +++ b/modules/private-cluster/metadata.yaml @@ -534,6 +534,9 @@ spec: description: Enable Cilium Cluster Wide Network Policies on the cluster varType: bool defaultValue: false + - name: gke_auto_upgrade_config_patch_mode + description: "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + varType: string - name: in_transit_encryption_config description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`. varType: string diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index bcb541ab6d..e0cd988a9b 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -637,6 +637,12 @@ variable "enable_cilium_clusterwide_network_policy" { default = false } +variable "gke_auto_upgrade_config_patch_mode" { + type = string + description = "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + default = null +} + variable "in_transit_encryption_config" { type = string description = "Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`." diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index bd43c45c55..c1724185fb 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/variables.tf b/variables.tf index fd5e608a3f..fcff03a818 100644 --- a/variables.tf +++ b/variables.tf @@ -601,6 +601,12 @@ variable "enable_cilium_clusterwide_network_policy" { default = false } +variable "gke_auto_upgrade_config_patch_mode" { + type = string + description = "The selected auto-upgrade patch type. Accepted values are: `ACCELERATED`: Upgrades to the latest available patch version in a given minor and release channel." + default = null +} + variable "in_transit_encryption_config" { type = string description = "Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`." diff --git a/versions.tf b/versions.tf index 5f0726794b..54c6af0c0a 100644 --- a/versions.tf +++ b/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.41.0, < 7" + version = ">= 6.42.0, < 7" } kubernetes = { source = "hashicorp/kubernetes"