diff --git a/README.md b/README.md index 3f941e3d2c..6c5ffa8fe3 100644 --- a/README.md +++ b/README.md @@ -144,6 +144,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | +| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 6af31b4760..f4b10125c2 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -541,6 +541,13 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } + dynamic "additional_pod_ranges_config" { + for_each = var.additional_pod_ranges_config + content { + subnetwork = var.additional_pod_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + } + } stack_type = var.stack_type } diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index f70041a524..8d8a5e1796 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -174,6 +174,12 @@ variable "additional_ip_range_pods" { default = [] } +variable "additional_pod_ranges_config" { + type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + description = "the configuration for individual additional subnetworks attached to the cluster" + default = [] +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/cluster.tf b/cluster.tf index 26b9581268..5be52ef883 100644 --- a/cluster.tf +++ b/cluster.tf @@ -411,6 +411,13 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } + dynamic "additional_pod_ranges_config" { + for_each = var.additional_pod_ranges_config + content { + subnetwork = var.additional_pod_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + } + } stack_type = var.stack_type } diff --git a/metadata.display.yaml b/metadata.display.yaml index 257dde893f..5c2f001d73 100644 --- a/metadata.display.yaml +++ b/metadata.display.yaml @@ -39,6 +39,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_pod_ranges_config: + name: additional_pod_ranges_config + title: Additional Pod Ranges Config additive_vpc_scope_dns_domain: name: additive_vpc_scope_dns_domain title: Additive Vpc Scope Dns Domain diff --git a/metadata.yaml b/metadata.yaml index 91fac188c5..a8b5b31f52 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -259,6 +259,10 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] + - name: additional_pod_ranges_config + description: the configuration for individual additional subnetworks attached to the cluster + varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + defaultValue: [] - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 4822535d54..59d1d8b49c 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -77,6 +77,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | +| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | allow\_net\_admin | (Optional) Enable NET\_ADMIN for the cluster. | `bool` | `null` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index ec766d077a..d1853672d5 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -312,6 +312,13 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } + dynamic "additional_pod_ranges_config" { + for_each = var.additional_pod_ranges_config + content { + subnetwork = var.additional_pod_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + } + } stack_type = var.stack_type } diff --git a/modules/beta-autopilot-private-cluster/metadata.display.yaml b/modules/beta-autopilot-private-cluster/metadata.display.yaml index cdcef34f4a..7e201962d1 100644 --- a/modules/beta-autopilot-private-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_pod_ranges_config: + name: additional_pod_ranges_config + title: Additional Pod Ranges Config allow_net_admin: name: allow_net_admin title: Allow Net Admin diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml index 478eae471b..aadadaa6ac 100644 --- a/modules/beta-autopilot-private-cluster/metadata.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.yaml @@ -218,6 +218,10 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] + - name: additional_pod_ranges_config + description: the configuration for individual additional subnetworks attached to the cluster + varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + defaultValue: [] - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 9e8c533633..479a7ef0ae 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -164,6 +164,12 @@ variable "additional_ip_range_pods" { default = [] } +variable "additional_pod_ranges_config" { + type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + description = "the configuration for individual additional subnetworks attached to the cluster" + default = [] +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index e3e5287c5f..52d2078adb 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -71,6 +71,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | +| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | allow\_net\_admin | (Optional) Enable NET\_ADMIN for the cluster. | `bool` | `null` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 56cc2299c8..05ff62a148 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -312,6 +312,13 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } + dynamic "additional_pod_ranges_config" { + for_each = var.additional_pod_ranges_config + content { + subnetwork = var.additional_pod_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + } + } stack_type = var.stack_type } diff --git a/modules/beta-autopilot-public-cluster/metadata.display.yaml b/modules/beta-autopilot-public-cluster/metadata.display.yaml index 8376674a12..17d5755933 100644 --- a/modules/beta-autopilot-public-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_pod_ranges_config: + name: additional_pod_ranges_config + title: Additional Pod Ranges Config allow_net_admin: name: allow_net_admin title: Allow Net Admin diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml index f69e5fea69..d38f2ba9ce 100644 --- a/modules/beta-autopilot-public-cluster/metadata.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.yaml @@ -218,6 +218,10 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] + - name: additional_pod_ranges_config + description: the configuration for individual additional subnetworks attached to the cluster + varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + defaultValue: [] - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index a9cdf3c50a..ef59e9744c 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -164,6 +164,12 @@ variable "additional_ip_range_pods" { default = [] } +variable "additional_pod_ranges_config" { + type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + description = "the configuration for individual additional subnetworks attached to the cluster" + default = [] +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 38c8717704..15d37b8885 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -175,6 +175,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | +| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index fa26e7531a..8e7790fb9d 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -448,6 +448,13 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } + dynamic "additional_pod_ranges_config" { + for_each = var.additional_pod_ranges_config + content { + subnetwork = var.additional_pod_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + } + } stack_type = var.stack_type } diff --git a/modules/beta-private-cluster-update-variant/metadata.display.yaml b/modules/beta-private-cluster-update-variant/metadata.display.yaml index 809533e104..290b061de6 100644 --- a/modules/beta-private-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_pod_ranges_config: + name: additional_pod_ranges_config + title: Additional Pod Ranges Config additive_vpc_scope_dns_domain: name: additive_vpc_scope_dns_domain title: Additive Vpc Scope Dns Domain diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index 0acbe1da9f..0d49c7d5ec 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -219,6 +219,10 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] + - name: additional_pod_ranges_config + description: the configuration for individual additional subnetworks attached to the cluster + varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + defaultValue: [] - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index e7dfcf3c36..d86c6035d6 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -155,6 +155,12 @@ variable "additional_ip_range_pods" { default = [] } +variable "additional_pod_ranges_config" { + type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + description = "the configuration for individual additional subnetworks attached to the cluster" + default = [] +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 4af2ff92f2..e7cb428627 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -153,6 +153,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | +| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index d24cdb61e3..ba74d25db4 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -448,6 +448,13 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } + dynamic "additional_pod_ranges_config" { + for_each = var.additional_pod_ranges_config + content { + subnetwork = var.additional_pod_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + } + } stack_type = var.stack_type } diff --git a/modules/beta-private-cluster/metadata.display.yaml b/modules/beta-private-cluster/metadata.display.yaml index a8e2e1c0e1..83defb6bb0 100644 --- a/modules/beta-private-cluster/metadata.display.yaml +++ b/modules/beta-private-cluster/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_pod_ranges_config: + name: additional_pod_ranges_config + title: Additional Pod Ranges Config additive_vpc_scope_dns_domain: name: additive_vpc_scope_dns_domain title: Additive Vpc Scope Dns Domain diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index b9814aa6fd..912398adce 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -219,6 +219,10 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] + - name: additional_pod_ranges_config + description: the configuration for individual additional subnetworks attached to the cluster + varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + defaultValue: [] - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index e7dfcf3c36..d86c6035d6 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -155,6 +155,12 @@ variable "additional_ip_range_pods" { default = [] } +variable "additional_pod_ranges_config" { + type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + description = "the configuration for individual additional subnetworks attached to the cluster" + default = [] +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index e9e9c3c64d..0c1e5e3cfc 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -169,6 +169,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | +| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index b968df0e74..2ed8e1104c 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -448,6 +448,13 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } + dynamic "additional_pod_ranges_config" { + for_each = var.additional_pod_ranges_config + content { + subnetwork = var.additional_pod_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + } + } stack_type = var.stack_type } diff --git a/modules/beta-public-cluster-update-variant/metadata.display.yaml b/modules/beta-public-cluster-update-variant/metadata.display.yaml index 727e08023c..628cd12485 100644 --- a/modules/beta-public-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_pod_ranges_config: + name: additional_pod_ranges_config + title: Additional Pod Ranges Config additive_vpc_scope_dns_domain: name: additive_vpc_scope_dns_domain title: Additive Vpc Scope Dns Domain diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index 1ce6112253..3b8ba3922e 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -219,6 +219,10 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] + - name: additional_pod_ranges_config + description: the configuration for individual additional subnetworks attached to the cluster + varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + defaultValue: [] - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index a3db7b3def..c496007585 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -155,6 +155,12 @@ variable "additional_ip_range_pods" { default = [] } +variable "additional_pod_ranges_config" { + type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + description = "the configuration for individual additional subnetworks attached to the cluster" + default = [] +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 397dfea394..8b28c7fc2d 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -147,6 +147,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | +| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 5669a60f6e..0a968942e4 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -448,6 +448,13 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } + dynamic "additional_pod_ranges_config" { + for_each = var.additional_pod_ranges_config + content { + subnetwork = var.additional_pod_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + } + } stack_type = var.stack_type } diff --git a/modules/beta-public-cluster/metadata.display.yaml b/modules/beta-public-cluster/metadata.display.yaml index 6c8998fb4d..73afdf0a79 100644 --- a/modules/beta-public-cluster/metadata.display.yaml +++ b/modules/beta-public-cluster/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_pod_ranges_config: + name: additional_pod_ranges_config + title: Additional Pod Ranges Config additive_vpc_scope_dns_domain: name: additive_vpc_scope_dns_domain title: Additive Vpc Scope Dns Domain diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index 4de97d01cc..de72180c85 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -219,6 +219,10 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] + - name: additional_pod_ranges_config + description: the configuration for individual additional subnetworks attached to the cluster + varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + defaultValue: [] - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index a3db7b3def..c496007585 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -155,6 +155,12 @@ variable "additional_ip_range_pods" { default = [] } +variable "additional_pod_ranges_config" { + type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + description = "the configuration for individual additional subnetworks attached to the cluster" + default = [] +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index ff84169cda..9bf7205d27 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -172,6 +172,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | +| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 753413e199..08d74d4498 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -411,6 +411,13 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } + dynamic "additional_pod_ranges_config" { + for_each = var.additional_pod_ranges_config + content { + subnetwork = var.additional_pod_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + } + } stack_type = var.stack_type } diff --git a/modules/private-cluster-update-variant/metadata.display.yaml b/modules/private-cluster-update-variant/metadata.display.yaml index 929f42a28e..6e4b037fb5 100644 --- a/modules/private-cluster-update-variant/metadata.display.yaml +++ b/modules/private-cluster-update-variant/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_pod_ranges_config: + name: additional_pod_ranges_config + title: Additional Pod Ranges Config additive_vpc_scope_dns_domain: name: additive_vpc_scope_dns_domain title: Additive Vpc Scope Dns Domain diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml index f0e5a594fd..d5f662359e 100644 --- a/modules/private-cluster-update-variant/metadata.yaml +++ b/modules/private-cluster-update-variant/metadata.yaml @@ -219,6 +219,10 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] + - name: additional_pod_ranges_config + description: the configuration for individual additional subnetworks attached to the cluster + varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + defaultValue: [] - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 39a5443e9e..f6fbd47741 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -155,6 +155,12 @@ variable "additional_ip_range_pods" { default = [] } +variable "additional_pod_ranges_config" { + type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + description = "the configuration for individual additional subnetworks attached to the cluster" + default = [] +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 0d35d0e58c..21e88dcc73 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -150,6 +150,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | +| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 10c84ef762..7be1a89347 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -411,6 +411,13 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } + dynamic "additional_pod_ranges_config" { + for_each = var.additional_pod_ranges_config + content { + subnetwork = var.additional_pod_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + } + } stack_type = var.stack_type } diff --git a/modules/private-cluster/metadata.display.yaml b/modules/private-cluster/metadata.display.yaml index 34b8c925ba..68bea01a11 100644 --- a/modules/private-cluster/metadata.display.yaml +++ b/modules/private-cluster/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_pod_ranges_config: + name: additional_pod_ranges_config + title: Additional Pod Ranges Config additive_vpc_scope_dns_domain: name: additive_vpc_scope_dns_domain title: Additive Vpc Scope Dns Domain diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml index cce751e9ec..cbc9d3a57a 100644 --- a/modules/private-cluster/metadata.yaml +++ b/modules/private-cluster/metadata.yaml @@ -219,6 +219,10 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] + - name: additional_pod_ranges_config + description: the configuration for individual additional subnetworks attached to the cluster + varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + defaultValue: [] - name: ip_range_services description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. varType: string diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 39a5443e9e..f6fbd47741 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -155,6 +155,12 @@ variable "additional_ip_range_pods" { default = [] } +variable "additional_pod_ranges_config" { + type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + description = "the configuration for individual additional subnetworks attached to the cluster" + default = [] +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used." diff --git a/variables.tf b/variables.tf index ac1afd2ec0..a3d5bc417a 100644 --- a/variables.tf +++ b/variables.tf @@ -155,6 +155,12 @@ variable "additional_ip_range_pods" { default = [] } +variable "additional_pod_ranges_config" { + type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) + description = "the configuration for individual additional subnetworks attached to the cluster" + default = [] +} + variable "ip_range_services" { type = string description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."