From cd5bd147f99ef6fba1c1bb6b6c376482a1792ac9 Mon Sep 17 00:00:00 2001 From: rs1986x Date: Thu, 4 Sep 2025 21:29:16 +0200 Subject: [PATCH] feat: adding default_compute_class_enabled --- README.md | 1 + autogen/main/cluster.tf.tmpl | 2 ++ autogen/main/variables.tf.tmpl | 7 +++++++ autogen/main/versions.tf.tmpl | 12 ++++++------ cluster.tf | 3 ++- .../versions.tf | 4 ++-- metadata.display.yaml | 6 ++++++ metadata.yaml | 5 ++++- modules/beta-autopilot-private-cluster/README.md | 1 + modules/beta-autopilot-private-cluster/cluster.tf | 1 + .../metadata.display.yaml | 6 ++++++ modules/beta-autopilot-private-cluster/metadata.yaml | 7 +++++-- modules/beta-autopilot-private-cluster/variables.tf | 7 +++++++ modules/beta-autopilot-private-cluster/versions.tf | 4 ++-- modules/beta-autopilot-public-cluster/README.md | 1 + modules/beta-autopilot-public-cluster/cluster.tf | 1 + .../metadata.display.yaml | 6 ++++++ modules/beta-autopilot-public-cluster/metadata.yaml | 7 +++++-- modules/beta-autopilot-public-cluster/variables.tf | 7 +++++++ modules/beta-autopilot-public-cluster/versions.tf | 4 ++-- .../beta-private-cluster-update-variant/README.md | 1 + .../beta-private-cluster-update-variant/cluster.tf | 3 ++- .../metadata.display.yaml | 6 ++++++ .../metadata.yaml | 7 +++++-- .../beta-private-cluster-update-variant/variables.tf | 7 +++++++ .../beta-private-cluster-update-variant/versions.tf | 4 ++-- modules/beta-private-cluster/README.md | 1 + modules/beta-private-cluster/cluster.tf | 3 ++- modules/beta-private-cluster/metadata.display.yaml | 6 ++++++ modules/beta-private-cluster/metadata.yaml | 7 +++++-- modules/beta-private-cluster/variables.tf | 7 +++++++ modules/beta-private-cluster/versions.tf | 4 ++-- modules/beta-public-cluster-update-variant/README.md | 1 + .../beta-public-cluster-update-variant/cluster.tf | 3 ++- .../metadata.display.yaml | 6 ++++++ .../beta-public-cluster-update-variant/metadata.yaml | 7 +++++-- .../beta-public-cluster-update-variant/variables.tf | 7 +++++++ .../beta-public-cluster-update-variant/versions.tf | 4 ++-- modules/beta-public-cluster/README.md | 1 + modules/beta-public-cluster/cluster.tf | 3 ++- modules/beta-public-cluster/metadata.display.yaml | 6 ++++++ modules/beta-public-cluster/metadata.yaml | 7 +++++-- modules/beta-public-cluster/variables.tf | 7 +++++++ modules/beta-public-cluster/versions.tf | 4 ++-- modules/fleet-app-operator-permissions/metadata.yaml | 4 ++-- modules/fleet-app-operator-permissions/versions.tf | 4 ++-- modules/gke-standard-cluster/metadata.yaml | 2 +- modules/private-cluster-update-variant/README.md | 1 + modules/private-cluster-update-variant/cluster.tf | 3 ++- .../metadata.display.yaml | 6 ++++++ modules/private-cluster-update-variant/metadata.yaml | 5 ++++- modules/private-cluster-update-variant/variables.tf | 7 +++++++ modules/private-cluster-update-variant/versions.tf | 2 +- modules/private-cluster/README.md | 1 + modules/private-cluster/cluster.tf | 3 ++- modules/private-cluster/metadata.display.yaml | 6 ++++++ modules/private-cluster/metadata.yaml | 5 ++++- modules/private-cluster/variables.tf | 7 +++++++ modules/private-cluster/versions.tf | 2 +- variables.tf | 7 +++++++ versions.tf | 2 +- 61 files changed, 221 insertions(+), 50 deletions(-) diff --git a/README.md b/README.md index 3d8e091035..8678da4d20 100644 --- a/README.md +++ b/README.md @@ -158,6 +158,7 @@ Then perform the following commands on the root folder: | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | | datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no | +| default\_compute\_class\_enabled | Enable Spot VMs as the default compute class for Node Auto-Provisioning | `bool` | `null` | no | | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no | | deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no | | description | The description of the cluster | `string` | `""` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index ef9e3282ed..9881f4cfe7 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -156,6 +156,7 @@ resource "google_container_cluster" "primary" { cluster_autoscaling { enabled = var.cluster_autoscaling.enabled + default_compute_class_enabled = var.default_compute_class_enabled dynamic "auto_provisioning_defaults" { for_each = var.cluster_autoscaling.enabled ? [1] : [] @@ -217,6 +218,7 @@ resource "google_container_cluster" "primary" { {% endif %} {% if autopilot_cluster == true %} cluster_autoscaling { + default_compute_class_enabled = var.default_compute_class_enabled dynamic "auto_provisioning_defaults" { for_each = (var.create_service_account || var.service_account != "" || var.boot_disk_kms_key != null) ? [1] : [] diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 87a6e2024b..7a499df5f1 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -834,6 +834,13 @@ variable "enable_shielded_nodes" { } {% endif %} + +variable "default_compute_class_enabled" { + type = bool + description = "Enable Spot VMs as the default compute class for Node Auto-Provisioning" + default = null +} + variable "enable_binary_authorization" { type = bool description = "Enable BinAuthZ Admission controller" diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index d348f4dca0..82384c0a81 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -24,33 +24,33 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } {% elif beta_cluster and autopilot_cluster %} required_providers { google = { source = "hashicorp/google" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } {% elif autopilot_cluster %} required_providers { google = { source = "hashicorp/google" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } {% else %} required_providers { google = { source = "hashicorp/google" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } {% endif %} kubernetes = { diff --git a/cluster.tf b/cluster.tf index 5c8dad2e96..66bfd71a89 100644 --- a/cluster.tf +++ b/cluster.tf @@ -122,7 +122,8 @@ resource "google_container_cluster" "primary" { monitoring_service = local.logmon_config_is_set ? null : var.monitoring_service cluster_autoscaling { - enabled = var.cluster_autoscaling.enabled + enabled = var.cluster_autoscaling.enabled + default_compute_class_enabled = var.default_compute_class_enabled dynamic "auto_provisioning_defaults" { for_each = var.cluster_autoscaling.enabled ? [1] : [] diff --git a/examples/simple_fleet_app_operator_permissions/versions.tf b/examples/simple_fleet_app_operator_permissions/versions.tf index 3d80f15374..5db43f369e 100644 --- a/examples/simple_fleet_app_operator_permissions/versions.tf +++ b/examples/simple_fleet_app_operator_permissions/versions.tf @@ -20,11 +20,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.39.0" + version = ">= 7.0.0" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.39.0" + version = ">= 7.0.0" } } } diff --git a/metadata.display.yaml b/metadata.display.yaml index 7a8f2526d0..18a4b513b4 100644 --- a/metadata.display.yaml +++ b/metadata.display.yaml @@ -81,6 +81,9 @@ spec: datapath_provider: name: datapath_provider title: Datapath Provider + default_compute_class_enabled: + name: default_compute_class_enabled + title: Default Compute Class Enabled default_max_pods_per_node: name: default_max_pods_per_node title: Default Max Pods Per Node @@ -360,6 +363,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/metadata.yaml b/metadata.yaml index c09de2c34a..b41e8a7982 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -635,6 +635,9 @@ spec: description: Enable Shielded Nodes features on all nodes in this cluster varType: bool defaultValue: true + - name: default_compute_class_enabled + description: Enable Spot VMs as the default compute class for Node Auto-Provisioning + varType: bool - name: enable_binary_authorization description: Enable BinAuthZ Admission controller varType: bool @@ -840,7 +843,7 @@ spec: - roles/editor providerVersions: - source: hashicorp/google - version: ">= 6.47.0, < 8" + version: ">= 7.0.0, < 8" - source: hashicorp/kubernetes version: ~> 2.10 - source: hashicorp/random diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 3715dd1af0..7b1b24327d 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -84,6 +84,7 @@ Then perform the following commands on the root folder: | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | +| default\_compute\_class\_enabled | Enable Spot VMs as the default compute class for Node Auto-Provisioning | `bool` | `null` | no | | deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no | | deploy\_using\_private\_endpoint | A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | `bool` | `false` | no | | description | The description of the cluster | `string` | `""` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 2a7c1bd25b..1c23265133 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -103,6 +103,7 @@ resource "google_container_cluster" "primary" { } cluster_autoscaling { + default_compute_class_enabled = var.default_compute_class_enabled dynamic "auto_provisioning_defaults" { for_each = (var.create_service_account || var.service_account != "" || var.boot_disk_kms_key != null) ? [1] : [] diff --git a/modules/beta-autopilot-private-cluster/metadata.display.yaml b/modules/beta-autopilot-private-cluster/metadata.display.yaml index d8ed142100..8062d6f2a7 100644 --- a/modules/beta-autopilot-private-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.display.yaml @@ -64,6 +64,9 @@ spec: database_encryption: name: database_encryption title: Database Encryption + default_compute_class_enabled: + name: default_compute_class_enabled + title: Default Compute Class Enabled deletion_protection: name: deletion_protection title: Deletion Protection @@ -265,6 +268,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml index cf46d32831..0177720ea3 100644 --- a/modules/beta-autopilot-private-cluster/metadata.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.yaml @@ -432,6 +432,9 @@ spec: defaultValue: - key_name: "" state: DECRYPTED + - name: default_compute_class_enabled + description: Enable Spot VMs as the default compute class for Node Auto-Provisioning + varType: bool - name: enable_binary_authorization description: Enable BinAuthZ Admission controller varType: bool @@ -583,9 +586,9 @@ spec: - roles/editor providerVersions: - source: hashicorp/google - version: ">= 6.47.0, < 8" + version: ">= 7.0.0, < 8" - source: hashicorp/google-beta - version: ">= 6.47.0, < 8" + version: ">= 7.0.0, < 8" - source: hashicorp/kubernetes version: ~> 2.10 - source: hashicorp/random diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 397a1a6985..89e034f01c 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -506,6 +506,13 @@ variable "database_encryption" { }] } + +variable "default_compute_class_enabled" { + type = bool + description = "Enable Spot VMs as the default compute class for Node Auto-Provisioning" + default = null +} + variable "enable_binary_authorization" { type = bool description = "Enable BinAuthZ Admission controller" diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index 1e951dcdcf..5751e98505 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index e924a7832e..d282417ae5 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -78,6 +78,7 @@ Then perform the following commands on the root folder: | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | +| default\_compute\_class\_enabled | Enable Spot VMs as the default compute class for Node Auto-Provisioning | `bool` | `null` | no | | deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no | | description | The description of the cluster | `string` | `""` | no | | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index bb3943d06f..ce6d0ad51e 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -103,6 +103,7 @@ resource "google_container_cluster" "primary" { } cluster_autoscaling { + default_compute_class_enabled = var.default_compute_class_enabled dynamic "auto_provisioning_defaults" { for_each = (var.create_service_account || var.service_account != "" || var.boot_disk_kms_key != null) ? [1] : [] diff --git a/modules/beta-autopilot-public-cluster/metadata.display.yaml b/modules/beta-autopilot-public-cluster/metadata.display.yaml index 589335cf21..8476e816ce 100644 --- a/modules/beta-autopilot-public-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.display.yaml @@ -64,6 +64,9 @@ spec: database_encryption: name: database_encryption title: Database Encryption + default_compute_class_enabled: + name: default_compute_class_enabled + title: Default Compute Class Enabled deletion_protection: name: deletion_protection title: Deletion Protection @@ -247,6 +250,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml index a58d16ef8f..d9bb616c5b 100644 --- a/modules/beta-autopilot-public-cluster/metadata.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.yaml @@ -410,6 +410,9 @@ spec: defaultValue: - key_name: "" state: DECRYPTED + - name: default_compute_class_enabled + description: Enable Spot VMs as the default compute class for Node Auto-Provisioning + varType: bool - name: enable_binary_authorization description: Enable BinAuthZ Admission controller varType: bool @@ -557,9 +560,9 @@ spec: - roles/editor providerVersions: - source: hashicorp/google - version: ">= 6.47.0, < 8" + version: ">= 7.0.0, < 8" - source: hashicorp/google-beta - version: ">= 6.47.0, < 8" + version: ">= 7.0.0, < 8" - source: hashicorp/kubernetes version: ~> 2.10 - source: hashicorp/random diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index 6d1a732c0d..831c0797e6 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -470,6 +470,13 @@ variable "database_encryption" { }] } + +variable "default_compute_class_enabled" { + type = bool + description = "Enable Spot VMs as the default compute class for Node Auto-Provisioning" + default = null +} + variable "enable_binary_authorization" { type = bool description = "Enable BinAuthZ Admission controller" diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index 69c1a1bd58..898743b0e2 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 3695af1b74..0b65b51892 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -192,6 +192,7 @@ Then perform the following commands on the root folder: | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | | datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no | +| default\_compute\_class\_enabled | Enable Spot VMs as the default compute class for Node Auto-Provisioning | `bool` | `null` | no | | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no | | deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no | | deploy\_using\_private\_endpoint | A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 9ad2f76600..c3f4b6a4ee 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -128,7 +128,8 @@ resource "google_container_cluster" "primary" { monitoring_service = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? null : var.monitoring_service cluster_autoscaling { - enabled = var.cluster_autoscaling.enabled + enabled = var.cluster_autoscaling.enabled + default_compute_class_enabled = var.default_compute_class_enabled dynamic "auto_provisioning_defaults" { for_each = var.cluster_autoscaling.enabled ? [1] : [] diff --git a/modules/beta-private-cluster-update-variant/metadata.display.yaml b/modules/beta-private-cluster-update-variant/metadata.display.yaml index 09b0d202bf..bc9b1e658d 100644 --- a/modules/beta-private-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.display.yaml @@ -91,6 +91,9 @@ spec: datapath_provider: name: datapath_provider title: Datapath Provider + default_compute_class_enabled: + name: default_compute_class_enabled + title: Default Compute Class Enabled default_max_pods_per_node: name: default_max_pods_per_node title: Default Max Pods Per Node @@ -403,6 +406,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index 03eb313c5c..175cb07e1e 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -628,6 +628,9 @@ spec: description: Enable Shielded Nodes features on all nodes in this cluster varType: bool defaultValue: true + - name: default_compute_class_enabled + description: Enable Spot VMs as the default compute class for Node Auto-Provisioning + varType: bool - name: enable_binary_authorization description: Enable BinAuthZ Admission controller varType: bool @@ -875,9 +878,9 @@ spec: - roles/editor providerVersions: - source: hashicorp/google - version: ">= 6.47.0, < 8" + version: ">= 7.0.0, < 8" - source: hashicorp/google-beta - version: ">= 6.47.0, < 8" + version: ">= 7.0.0, < 8" - source: hashicorp/kubernetes version: ~> 2.10 - source: hashicorp/random diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 903e838710..c2e28f7d52 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -785,6 +785,13 @@ variable "enable_shielded_nodes" { default = true } + +variable "default_compute_class_enabled" { + type = bool + description = "Enable Spot VMs as the default compute class for Node Auto-Provisioning" + default = null +} + variable "enable_binary_authorization" { type = bool description = "Enable BinAuthZ Admission controller" diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index c1a8d164db..16498a432d 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 5a2f984cc4..26f6e7ec9e 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -170,6 +170,7 @@ Then perform the following commands on the root folder: | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | | datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no | +| default\_compute\_class\_enabled | Enable Spot VMs as the default compute class for Node Auto-Provisioning | `bool` | `null` | no | | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no | | deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no | | deploy\_using\_private\_endpoint | A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 85902c01ff..57fefa7080 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -128,7 +128,8 @@ resource "google_container_cluster" "primary" { monitoring_service = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? null : var.monitoring_service cluster_autoscaling { - enabled = var.cluster_autoscaling.enabled + enabled = var.cluster_autoscaling.enabled + default_compute_class_enabled = var.default_compute_class_enabled dynamic "auto_provisioning_defaults" { for_each = var.cluster_autoscaling.enabled ? [1] : [] diff --git a/modules/beta-private-cluster/metadata.display.yaml b/modules/beta-private-cluster/metadata.display.yaml index f5dc6b1146..40ca17eb3e 100644 --- a/modules/beta-private-cluster/metadata.display.yaml +++ b/modules/beta-private-cluster/metadata.display.yaml @@ -91,6 +91,9 @@ spec: datapath_provider: name: datapath_provider title: Datapath Provider + default_compute_class_enabled: + name: default_compute_class_enabled + title: Default Compute Class Enabled default_max_pods_per_node: name: default_max_pods_per_node title: Default Max Pods Per Node @@ -403,6 +406,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index f0791d9fed..c74b43b574 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -628,6 +628,9 @@ spec: description: Enable Shielded Nodes features on all nodes in this cluster varType: bool defaultValue: true + - name: default_compute_class_enabled + description: Enable Spot VMs as the default compute class for Node Auto-Provisioning + varType: bool - name: enable_binary_authorization description: Enable BinAuthZ Admission controller varType: bool @@ -875,9 +878,9 @@ spec: - roles/editor providerVersions: - source: hashicorp/google - version: ">= 6.47.0, < 8" + version: ">= 7.0.0, < 8" - source: hashicorp/google-beta - version: ">= 6.47.0, < 8" + version: ">= 7.0.0, < 8" - source: hashicorp/kubernetes version: ~> 2.10 - source: hashicorp/random diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 903e838710..c2e28f7d52 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -785,6 +785,13 @@ variable "enable_shielded_nodes" { default = true } + +variable "default_compute_class_enabled" { + type = bool + description = "Enable Spot VMs as the default compute class for Node Auto-Provisioning" + default = null +} + variable "enable_binary_authorization" { type = bool description = "Enable BinAuthZ Admission controller" diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 0734eb5ea8..c849cbdf34 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index e1b89ce585..048e7aa445 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -186,6 +186,7 @@ Then perform the following commands on the root folder: | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | | datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no | +| default\_compute\_class\_enabled | Enable Spot VMs as the default compute class for Node Auto-Provisioning | `bool` | `null` | no | | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no | | deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no | | description | The description of the cluster | `string` | `""` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 19abc02a5c..6e10257a69 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -128,7 +128,8 @@ resource "google_container_cluster" "primary" { monitoring_service = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? null : var.monitoring_service cluster_autoscaling { - enabled = var.cluster_autoscaling.enabled + enabled = var.cluster_autoscaling.enabled + default_compute_class_enabled = var.default_compute_class_enabled dynamic "auto_provisioning_defaults" { for_each = var.cluster_autoscaling.enabled ? [1] : [] diff --git a/modules/beta-public-cluster-update-variant/metadata.display.yaml b/modules/beta-public-cluster-update-variant/metadata.display.yaml index 7d39ce2fc5..26044ca965 100644 --- a/modules/beta-public-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.display.yaml @@ -91,6 +91,9 @@ spec: datapath_provider: name: datapath_provider title: Datapath Provider + default_compute_class_enabled: + name: default_compute_class_enabled + title: Default Compute Class Enabled default_max_pods_per_node: name: default_max_pods_per_node title: Default Max Pods Per Node @@ -385,6 +388,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index eca7455215..0a63c71337 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -606,6 +606,9 @@ spec: description: Enable Shielded Nodes features on all nodes in this cluster varType: bool defaultValue: true + - name: default_compute_class_enabled + description: Enable Spot VMs as the default compute class for Node Auto-Provisioning + varType: bool - name: enable_binary_authorization description: Enable BinAuthZ Admission controller varType: bool @@ -849,9 +852,9 @@ spec: - roles/editor providerVersions: - source: hashicorp/google - version: ">= 6.47.0, < 8" + version: ">= 7.0.0, < 8" - source: hashicorp/google-beta - version: ">= 6.47.0, < 8" + version: ">= 7.0.0, < 8" - source: hashicorp/kubernetes version: ~> 2.10 - source: hashicorp/random diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 139653566d..e959989c23 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -749,6 +749,13 @@ variable "enable_shielded_nodes" { default = true } + +variable "default_compute_class_enabled" { + type = bool + description = "Enable Spot VMs as the default compute class for Node Auto-Provisioning" + default = null +} + variable "enable_binary_authorization" { type = bool description = "Enable BinAuthZ Admission controller" diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index 0d77eb8c71..592e4f63af 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 304d4424ea..007a1e9bd4 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -164,6 +164,7 @@ Then perform the following commands on the root folder: | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | | datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no | +| default\_compute\_class\_enabled | Enable Spot VMs as the default compute class for Node Auto-Provisioning | `bool` | `null` | no | | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no | | deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no | | description | The description of the cluster | `string` | `""` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 3892ed0ba0..3822daed01 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -128,7 +128,8 @@ resource "google_container_cluster" "primary" { monitoring_service = local.cluster_telemetry_type_is_set || local.logmon_config_is_set ? null : var.monitoring_service cluster_autoscaling { - enabled = var.cluster_autoscaling.enabled + enabled = var.cluster_autoscaling.enabled + default_compute_class_enabled = var.default_compute_class_enabled dynamic "auto_provisioning_defaults" { for_each = var.cluster_autoscaling.enabled ? [1] : [] diff --git a/modules/beta-public-cluster/metadata.display.yaml b/modules/beta-public-cluster/metadata.display.yaml index bcec9910d7..1e2c5968a5 100644 --- a/modules/beta-public-cluster/metadata.display.yaml +++ b/modules/beta-public-cluster/metadata.display.yaml @@ -91,6 +91,9 @@ spec: datapath_provider: name: datapath_provider title: Datapath Provider + default_compute_class_enabled: + name: default_compute_class_enabled + title: Default Compute Class Enabled default_max_pods_per_node: name: default_max_pods_per_node title: Default Max Pods Per Node @@ -385,6 +388,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index ab13d22f63..4561bd5877 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -606,6 +606,9 @@ spec: description: Enable Shielded Nodes features on all nodes in this cluster varType: bool defaultValue: true + - name: default_compute_class_enabled + description: Enable Spot VMs as the default compute class for Node Auto-Provisioning + varType: bool - name: enable_binary_authorization description: Enable BinAuthZ Admission controller varType: bool @@ -849,9 +852,9 @@ spec: - roles/editor providerVersions: - source: hashicorp/google - version: ">= 6.47.0, < 8" + version: ">= 7.0.0, < 8" - source: hashicorp/google-beta - version: ">= 6.47.0, < 8" + version: ">= 7.0.0, < 8" - source: hashicorp/kubernetes version: ~> 2.10 - source: hashicorp/random diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 139653566d..e959989c23 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -749,6 +749,13 @@ variable "enable_shielded_nodes" { default = true } + +variable "default_compute_class_enabled" { + type = bool + description = "Enable Spot VMs as the default compute class for Node Auto-Provisioning" + default = null +} + variable "enable_binary_authorization" { type = bool description = "Enable BinAuthZ Admission controller" diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index 625bae3bae..08f6c4554e 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/fleet-app-operator-permissions/metadata.yaml b/modules/fleet-app-operator-permissions/metadata.yaml index a67662e67d..338d2b11ca 100644 --- a/modules/fleet-app-operator-permissions/metadata.yaml +++ b/modules/fleet-app-operator-permissions/metadata.yaml @@ -160,8 +160,8 @@ spec: - roles/editor providerVersions: - source: hashicorp/google - version: ">= 6.39.0" + version: ">= 7.0.0" - source: hashicorp/google-beta - version: ">= 6.39.0" + version: ">= 7.0.0" - source: hashicorp/random version: ">= 2.0.0" diff --git a/modules/fleet-app-operator-permissions/versions.tf b/modules/fleet-app-operator-permissions/versions.tf index c644ea0677..5cdc9eacbe 100644 --- a/modules/fleet-app-operator-permissions/versions.tf +++ b/modules/fleet-app-operator-permissions/versions.tf @@ -20,11 +20,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.39.0" + version = ">= 7.0.0" } google-beta = { source = "hashicorp/google-beta" - version = ">= 6.39.0" + version = ">= 7.0.0" } random = { source = "hashicorp/random" diff --git a/modules/gke-standard-cluster/metadata.yaml b/modules/gke-standard-cluster/metadata.yaml index 13ce551921..941ccb716d 100644 --- a/modules/gke-standard-cluster/metadata.yaml +++ b/modules/gke-standard-cluster/metadata.yaml @@ -1008,9 +1008,9 @@ spec: roles: - level: Project roles: + - roles/container.admin - roles/iam.serviceAccountUser - roles/compute.admin - - roles/container.admin services: - compute.googleapis.com - container.googleapis.com diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 129b8ba126..99a3f93db2 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -186,6 +186,7 @@ Then perform the following commands on the root folder: | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | | datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no | +| default\_compute\_class\_enabled | Enable Spot VMs as the default compute class for Node Auto-Provisioning | `bool` | `null` | no | | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no | | deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no | | deploy\_using\_private\_endpoint | A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | `bool` | `false` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 7bf2019348..e125b6dadd 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -122,7 +122,8 @@ resource "google_container_cluster" "primary" { monitoring_service = local.logmon_config_is_set ? null : var.monitoring_service cluster_autoscaling { - enabled = var.cluster_autoscaling.enabled + enabled = var.cluster_autoscaling.enabled + default_compute_class_enabled = var.default_compute_class_enabled dynamic "auto_provisioning_defaults" { for_each = var.cluster_autoscaling.enabled ? [1] : [] diff --git a/modules/private-cluster-update-variant/metadata.display.yaml b/modules/private-cluster-update-variant/metadata.display.yaml index 81d8812d39..c7ea2281c1 100644 --- a/modules/private-cluster-update-variant/metadata.display.yaml +++ b/modules/private-cluster-update-variant/metadata.display.yaml @@ -82,6 +82,9 @@ spec: datapath_provider: name: datapath_provider title: Datapath Provider + default_compute_class_enabled: + name: default_compute_class_enabled + title: Default Compute Class Enabled default_max_pods_per_node: name: default_max_pods_per_node title: Default Max Pods Per Node @@ -379,6 +382,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml index 60b5509af9..3e319cb1b1 100644 --- a/modules/private-cluster-update-variant/metadata.yaml +++ b/modules/private-cluster-update-variant/metadata.yaml @@ -617,6 +617,9 @@ spec: description: Enable Shielded Nodes features on all nodes in this cluster varType: bool defaultValue: true + - name: default_compute_class_enabled + description: Enable Spot VMs as the default compute class for Node Auto-Provisioning + varType: bool - name: enable_binary_authorization description: Enable BinAuthZ Admission controller varType: bool @@ -826,7 +829,7 @@ spec: - roles/editor providerVersions: - source: hashicorp/google - version: ">= 6.47.0, < 8" + version: ">= 7.0.0, < 8" - source: hashicorp/kubernetes version: ~> 2.10 - source: hashicorp/random diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 4291a5d143..373bdc4375 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -767,6 +767,13 @@ variable "enable_shielded_nodes" { default = true } + +variable "default_compute_class_enabled" { + type = bool + description = "Enable Spot VMs as the default compute class for Node Auto-Provisioning" + default = null +} + variable "enable_binary_authorization" { type = bool description = "Enable BinAuthZ Admission controller" diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index 5cd52333dc..4f66e7e838 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 0fe983b8f7..c6b49b5987 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -164,6 +164,7 @@ Then perform the following commands on the root folder: | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | | datapath\_provider | The desired datapath provider for this cluster. By default, `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation. `ADVANCED_DATAPATH` enables Dataplane-V2 feature. | `string` | `"DATAPATH_PROVIDER_UNSPECIFIED"` | no | +| default\_compute\_class\_enabled | Enable Spot VMs as the default compute class for Node Auto-Provisioning | `bool` | `null` | no | | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no | | deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no | | deploy\_using\_private\_endpoint | A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | `bool` | `false` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 957c87b591..50f40604b7 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -122,7 +122,8 @@ resource "google_container_cluster" "primary" { monitoring_service = local.logmon_config_is_set ? null : var.monitoring_service cluster_autoscaling { - enabled = var.cluster_autoscaling.enabled + enabled = var.cluster_autoscaling.enabled + default_compute_class_enabled = var.default_compute_class_enabled dynamic "auto_provisioning_defaults" { for_each = var.cluster_autoscaling.enabled ? [1] : [] diff --git a/modules/private-cluster/metadata.display.yaml b/modules/private-cluster/metadata.display.yaml index f2057b92c4..66b2ec8fca 100644 --- a/modules/private-cluster/metadata.display.yaml +++ b/modules/private-cluster/metadata.display.yaml @@ -82,6 +82,9 @@ spec: datapath_provider: name: datapath_provider title: Datapath Provider + default_compute_class_enabled: + name: default_compute_class_enabled + title: Default Compute Class Enabled default_max_pods_per_node: name: default_max_pods_per_node title: Default Max Pods Per Node @@ -379,6 +382,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml index 32dd01b9d8..ec69198d1d 100644 --- a/modules/private-cluster/metadata.yaml +++ b/modules/private-cluster/metadata.yaml @@ -617,6 +617,9 @@ spec: description: Enable Shielded Nodes features on all nodes in this cluster varType: bool defaultValue: true + - name: default_compute_class_enabled + description: Enable Spot VMs as the default compute class for Node Auto-Provisioning + varType: bool - name: enable_binary_authorization description: Enable BinAuthZ Admission controller varType: bool @@ -826,7 +829,7 @@ spec: - roles/editor providerVersions: - source: hashicorp/google - version: ">= 6.47.0, < 8" + version: ">= 7.0.0, < 8" - source: hashicorp/kubernetes version: ~> 2.10 - source: hashicorp/random diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 4291a5d143..373bdc4375 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -767,6 +767,13 @@ variable "enable_shielded_nodes" { default = true } + +variable "default_compute_class_enabled" { + type = bool + description = "Enable Spot VMs as the default compute class for Node Auto-Provisioning" + default = null +} + variable "enable_binary_authorization" { type = bool description = "Enable BinAuthZ Admission controller" diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index 188e75a570..45f456c2e9 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/variables.tf b/variables.tf index 1fc8cff53c..292e89bb47 100644 --- a/variables.tf +++ b/variables.tf @@ -731,6 +731,13 @@ variable "enable_shielded_nodes" { default = true } + +variable "default_compute_class_enabled" { + type = bool + description = "Enable Spot VMs as the default compute class for Node Auto-Provisioning" + default = null +} + variable "enable_binary_authorization" { type = bool description = "Enable BinAuthZ Admission controller" diff --git a/versions.tf b/versions.tf index 52cf9c4dc1..6f5366ad60 100644 --- a/versions.tf +++ b/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 6.47.0, < 8" + version = ">= 7.0.0, < 8" } kubernetes = { source = "hashicorp/kubernetes"