diff --git a/README.md b/README.md
index 6b38bfbd11..7fc4457bed 100644
--- a/README.md
+++ b/README.md
@@ -146,6 +146,7 @@ Then perform the following commands on the root folder:
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no |
| additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
+| anonymous\_authentication\_config\_mode | Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`. | `string` | `null` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = optional(number)
max_cpu_cores = optional(number)
min_memory_gb = optional(number)
max_memory_gb = optional(number)
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
image_type = optional(string)
strategy = optional(string)
max_surge = optional(number)
max_unavailable = optional(number)
node_pool_soak_duration = optional(string)
batch_soak_duration = optional(string)
batch_percentage = optional(number)
batch_node_count = optional(number)
enable_secure_boot = optional(bool, false)
enable_integrity_monitoring = optional(bool, true)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"image_type": "COS_CONTAINERD",
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
index 833585a64d..0dd5a4aec2 100644
--- a/autogen/main/cluster.tf.tmpl
+++ b/autogen/main/cluster.tf.tmpl
@@ -276,6 +276,13 @@ resource "google_container_cluster" "primary" {
in_transit_encryption_config = var.in_transit_encryption_config
+ dynamic "anonymous_authentication_config" {
+ for_each = var.anonymous_authentication_config_mode != null ? [1] : []
+ content {
+ mode = var.anonymous_authentication_config_mode
+ }
+ }
+
dynamic "network_performance_config" {
for_each = var.total_egress_bandwidth_tier != null ? [1] : []
content {
diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
index e64dd0c484..e0bb56bd16 100644
--- a/autogen/main/variables.tf.tmpl
+++ b/autogen/main/variables.tf.tmpl
@@ -728,6 +728,12 @@ variable "in_transit_encryption_config" {
default = null
}
+variable "anonymous_authentication_config_mode" {
+ description = "Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`."
+ type = string
+ default = null
+}
+
variable "total_egress_bandwidth_tier" {
type = string
description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`."
diff --git a/cluster.tf b/cluster.tf
index 0752da5270..e9f0765be3 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -214,6 +214,13 @@ resource "google_container_cluster" "primary" {
in_transit_encryption_config = var.in_transit_encryption_config
+ dynamic "anonymous_authentication_config" {
+ for_each = var.anonymous_authentication_config_mode != null ? [1] : []
+ content {
+ mode = var.anonymous_authentication_config_mode
+ }
+ }
+
dynamic "network_performance_config" {
for_each = var.total_egress_bandwidth_tier != null ? [1] : []
content {
diff --git a/metadata.display.yaml b/metadata.display.yaml
index d80464bcc2..52c2d68f03 100644
--- a/metadata.display.yaml
+++ b/metadata.display.yaml
@@ -48,6 +48,9 @@ spec:
additive_vpc_scope_dns_domain:
name: additive_vpc_scope_dns_domain
title: Additive Vpc Scope Dns Domain
+ anonymous_authentication_config_mode:
+ name: anonymous_authentication_config_mode
+ title: Anonymous Authentication Config Mode
authenticator_security_group:
name: authenticator_security_group
title: Authenticator Security Group
diff --git a/metadata.yaml b/metadata.yaml
index af3b745650..a31fae14e0 100644
--- a/metadata.yaml
+++ b/metadata.yaml
@@ -570,6 +570,9 @@ spec:
- name: in_transit_encryption_config
description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`.
varType: string
+ - name: anonymous_authentication_config_mode
+ description: Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`.
+ varType: string
- name: total_egress_bandwidth_tier
description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`.
varType: string
diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md
index 5d6adeb0e1..59250e83a2 100644
--- a/modules/beta-autopilot-private-cluster/README.md
+++ b/modules/beta-autopilot-private-cluster/README.md
@@ -79,6 +79,7 @@ Then perform the following commands on the root folder:
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no |
| allow\_net\_admin | (Optional) Enable NET\_ADMIN for the cluster. | `bool` | `null` | no |
+| anonymous\_authentication\_config\_mode | Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`. | `string` | `null` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no |
diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf
index d6dc8e5f82..582d0c42d8 100644
--- a/modules/beta-autopilot-private-cluster/cluster.tf
+++ b/modules/beta-autopilot-private-cluster/cluster.tf
@@ -134,6 +134,13 @@ resource "google_container_cluster" "primary" {
in_transit_encryption_config = var.in_transit_encryption_config
+ dynamic "anonymous_authentication_config" {
+ for_each = var.anonymous_authentication_config_mode != null ? [1] : []
+ content {
+ mode = var.anonymous_authentication_config_mode
+ }
+ }
+
dynamic "network_performance_config" {
for_each = var.total_egress_bandwidth_tier != null ? [1] : []
content {
diff --git a/modules/beta-autopilot-private-cluster/metadata.display.yaml b/modules/beta-autopilot-private-cluster/metadata.display.yaml
index afd22357d6..bc6aa6d0f3 100644
--- a/modules/beta-autopilot-private-cluster/metadata.display.yaml
+++ b/modules/beta-autopilot-private-cluster/metadata.display.yaml
@@ -49,6 +49,9 @@ spec:
allow_net_admin:
name: allow_net_admin
title: Allow Net Admin
+ anonymous_authentication_config_mode:
+ name: anonymous_authentication_config_mode
+ title: Anonymous Authentication Config Mode
authenticator_security_group:
name: authenticator_security_group
title: Authenticator Security Group
diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml
index 78f3f626eb..45f8cb2bd1 100644
--- a/modules/beta-autopilot-private-cluster/metadata.yaml
+++ b/modules/beta-autopilot-private-cluster/metadata.yaml
@@ -399,6 +399,9 @@ spec:
- name: in_transit_encryption_config
description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`.
varType: string
+ - name: anonymous_authentication_config_mode
+ description: Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`.
+ varType: string
- name: total_egress_bandwidth_tier
description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`.
varType: string
diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf
index 016053e8b8..8ce8cd68d4 100644
--- a/modules/beta-autopilot-private-cluster/variables.tf
+++ b/modules/beta-autopilot-private-cluster/variables.tf
@@ -454,6 +454,12 @@ variable "in_transit_encryption_config" {
default = null
}
+variable "anonymous_authentication_config_mode" {
+ description = "Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`."
+ type = string
+ default = null
+}
+
variable "total_egress_bandwidth_tier" {
type = string
description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`."
diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md
index 162c2b151c..b14e095451 100644
--- a/modules/beta-autopilot-public-cluster/README.md
+++ b/modules/beta-autopilot-public-cluster/README.md
@@ -73,6 +73,7 @@ Then perform the following commands on the root folder:
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no |
| allow\_net\_admin | (Optional) Enable NET\_ADMIN for the cluster. | `bool` | `null` | no |
+| anonymous\_authentication\_config\_mode | Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`. | `string` | `null` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no |
diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf
index b59b1ece89..4b58fa1122 100644
--- a/modules/beta-autopilot-public-cluster/cluster.tf
+++ b/modules/beta-autopilot-public-cluster/cluster.tf
@@ -134,6 +134,13 @@ resource "google_container_cluster" "primary" {
in_transit_encryption_config = var.in_transit_encryption_config
+ dynamic "anonymous_authentication_config" {
+ for_each = var.anonymous_authentication_config_mode != null ? [1] : []
+ content {
+ mode = var.anonymous_authentication_config_mode
+ }
+ }
+
dynamic "network_performance_config" {
for_each = var.total_egress_bandwidth_tier != null ? [1] : []
content {
diff --git a/modules/beta-autopilot-public-cluster/metadata.display.yaml b/modules/beta-autopilot-public-cluster/metadata.display.yaml
index 6ab10b94d9..ceb6f39fc4 100644
--- a/modules/beta-autopilot-public-cluster/metadata.display.yaml
+++ b/modules/beta-autopilot-public-cluster/metadata.display.yaml
@@ -49,6 +49,9 @@ spec:
allow_net_admin:
name: allow_net_admin
title: Allow Net Admin
+ anonymous_authentication_config_mode:
+ name: anonymous_authentication_config_mode
+ title: Anonymous Authentication Config Mode
authenticator_security_group:
name: authenticator_security_group
title: Authenticator Security Group
diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml
index d02b1dcf48..f0285b3eeb 100644
--- a/modules/beta-autopilot-public-cluster/metadata.yaml
+++ b/modules/beta-autopilot-public-cluster/metadata.yaml
@@ -377,6 +377,9 @@ spec:
- name: in_transit_encryption_config
description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`.
varType: string
+ - name: anonymous_authentication_config_mode
+ description: Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`.
+ varType: string
- name: total_egress_bandwidth_tier
description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`.
varType: string
diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf
index d7ed477139..40f230127b 100644
--- a/modules/beta-autopilot-public-cluster/variables.tf
+++ b/modules/beta-autopilot-public-cluster/variables.tf
@@ -418,6 +418,12 @@ variable "in_transit_encryption_config" {
default = null
}
+variable "anonymous_authentication_config_mode" {
+ description = "Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`."
+ type = string
+ default = null
+}
+
variable "total_egress_bandwidth_tier" {
type = string
description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`."
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
index 8be1d606f2..353a3cd865 100644
--- a/modules/beta-private-cluster-update-variant/README.md
+++ b/modules/beta-private-cluster-update-variant/README.md
@@ -177,6 +177,7 @@ Then perform the following commands on the root folder:
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no |
| additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
+| anonymous\_authentication\_config\_mode | Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`. | `string` | `null` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
index 4dce0246d1..010851c0cc 100644
--- a/modules/beta-private-cluster-update-variant/cluster.tf
+++ b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -227,6 +227,13 @@ resource "google_container_cluster" "primary" {
in_transit_encryption_config = var.in_transit_encryption_config
+ dynamic "anonymous_authentication_config" {
+ for_each = var.anonymous_authentication_config_mode != null ? [1] : []
+ content {
+ mode = var.anonymous_authentication_config_mode
+ }
+ }
+
dynamic "network_performance_config" {
for_each = var.total_egress_bandwidth_tier != null ? [1] : []
content {
diff --git a/modules/beta-private-cluster-update-variant/metadata.display.yaml b/modules/beta-private-cluster-update-variant/metadata.display.yaml
index b19440496a..cc12f38bae 100644
--- a/modules/beta-private-cluster-update-variant/metadata.display.yaml
+++ b/modules/beta-private-cluster-update-variant/metadata.display.yaml
@@ -49,6 +49,9 @@ spec:
additive_vpc_scope_dns_domain:
name: additive_vpc_scope_dns_domain
title: Additive Vpc Scope Dns Domain
+ anonymous_authentication_config_mode:
+ name: anonymous_authentication_config_mode
+ title: Anonymous Authentication Config Mode
authenticator_security_group:
name: authenticator_security_group
title: Authenticator Security Group
diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml
index f1e830f3b1..38c3c83664 100644
--- a/modules/beta-private-cluster-update-variant/metadata.yaml
+++ b/modules/beta-private-cluster-update-variant/metadata.yaml
@@ -563,6 +563,9 @@ spec:
- name: in_transit_encryption_config
description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`.
varType: string
+ - name: anonymous_authentication_config_mode
+ description: Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`.
+ varType: string
- name: total_egress_bandwidth_tier
description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`.
varType: string
diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
index 2dbe524c30..2e1bc5b5ac 100644
--- a/modules/beta-private-cluster-update-variant/variables.tf
+++ b/modules/beta-private-cluster-update-variant/variables.tf
@@ -685,6 +685,12 @@ variable "in_transit_encryption_config" {
default = null
}
+variable "anonymous_authentication_config_mode" {
+ description = "Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`."
+ type = string
+ default = null
+}
+
variable "total_egress_bandwidth_tier" {
type = string
description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`."
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
index 5d6c602a3a..f305f18ec8 100644
--- a/modules/beta-private-cluster/README.md
+++ b/modules/beta-private-cluster/README.md
@@ -155,6 +155,7 @@ Then perform the following commands on the root folder:
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no |
| additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
+| anonymous\_authentication\_config\_mode | Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`. | `string` | `null` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
index d7f801be03..4a7c30bbbf 100644
--- a/modules/beta-private-cluster/cluster.tf
+++ b/modules/beta-private-cluster/cluster.tf
@@ -227,6 +227,13 @@ resource "google_container_cluster" "primary" {
in_transit_encryption_config = var.in_transit_encryption_config
+ dynamic "anonymous_authentication_config" {
+ for_each = var.anonymous_authentication_config_mode != null ? [1] : []
+ content {
+ mode = var.anonymous_authentication_config_mode
+ }
+ }
+
dynamic "network_performance_config" {
for_each = var.total_egress_bandwidth_tier != null ? [1] : []
content {
diff --git a/modules/beta-private-cluster/metadata.display.yaml b/modules/beta-private-cluster/metadata.display.yaml
index 8c94dd8ab7..da59c10609 100644
--- a/modules/beta-private-cluster/metadata.display.yaml
+++ b/modules/beta-private-cluster/metadata.display.yaml
@@ -49,6 +49,9 @@ spec:
additive_vpc_scope_dns_domain:
name: additive_vpc_scope_dns_domain
title: Additive Vpc Scope Dns Domain
+ anonymous_authentication_config_mode:
+ name: anonymous_authentication_config_mode
+ title: Anonymous Authentication Config Mode
authenticator_security_group:
name: authenticator_security_group
title: Authenticator Security Group
diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml
index 3908410083..a0e87a1fbc 100644
--- a/modules/beta-private-cluster/metadata.yaml
+++ b/modules/beta-private-cluster/metadata.yaml
@@ -563,6 +563,9 @@ spec:
- name: in_transit_encryption_config
description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`.
varType: string
+ - name: anonymous_authentication_config_mode
+ description: Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`.
+ varType: string
- name: total_egress_bandwidth_tier
description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`.
varType: string
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
index 2dbe524c30..2e1bc5b5ac 100644
--- a/modules/beta-private-cluster/variables.tf
+++ b/modules/beta-private-cluster/variables.tf
@@ -685,6 +685,12 @@ variable "in_transit_encryption_config" {
default = null
}
+variable "anonymous_authentication_config_mode" {
+ description = "Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`."
+ type = string
+ default = null
+}
+
variable "total_egress_bandwidth_tier" {
type = string
description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`."
diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
index bb163eeab6..e671233cd7 100644
--- a/modules/beta-public-cluster-update-variant/README.md
+++ b/modules/beta-public-cluster-update-variant/README.md
@@ -171,6 +171,7 @@ Then perform the following commands on the root folder:
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no |
| additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
+| anonymous\_authentication\_config\_mode | Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`. | `string` | `null` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
index 8b876bfa5b..1a8912df2d 100644
--- a/modules/beta-public-cluster-update-variant/cluster.tf
+++ b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -227,6 +227,13 @@ resource "google_container_cluster" "primary" {
in_transit_encryption_config = var.in_transit_encryption_config
+ dynamic "anonymous_authentication_config" {
+ for_each = var.anonymous_authentication_config_mode != null ? [1] : []
+ content {
+ mode = var.anonymous_authentication_config_mode
+ }
+ }
+
dynamic "network_performance_config" {
for_each = var.total_egress_bandwidth_tier != null ? [1] : []
content {
diff --git a/modules/beta-public-cluster-update-variant/metadata.display.yaml b/modules/beta-public-cluster-update-variant/metadata.display.yaml
index c354835668..695bdcaec1 100644
--- a/modules/beta-public-cluster-update-variant/metadata.display.yaml
+++ b/modules/beta-public-cluster-update-variant/metadata.display.yaml
@@ -49,6 +49,9 @@ spec:
additive_vpc_scope_dns_domain:
name: additive_vpc_scope_dns_domain
title: Additive Vpc Scope Dns Domain
+ anonymous_authentication_config_mode:
+ name: anonymous_authentication_config_mode
+ title: Anonymous Authentication Config Mode
authenticator_security_group:
name: authenticator_security_group
title: Authenticator Security Group
diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml
index ea286fd0b8..1dd3d16e06 100644
--- a/modules/beta-public-cluster-update-variant/metadata.yaml
+++ b/modules/beta-public-cluster-update-variant/metadata.yaml
@@ -541,6 +541,9 @@ spec:
- name: in_transit_encryption_config
description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`.
varType: string
+ - name: anonymous_authentication_config_mode
+ description: Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`.
+ varType: string
- name: total_egress_bandwidth_tier
description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`.
varType: string
diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf
index a8a9c2de27..690529e16e 100644
--- a/modules/beta-public-cluster-update-variant/variables.tf
+++ b/modules/beta-public-cluster-update-variant/variables.tf
@@ -649,6 +649,12 @@ variable "in_transit_encryption_config" {
default = null
}
+variable "anonymous_authentication_config_mode" {
+ description = "Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`."
+ type = string
+ default = null
+}
+
variable "total_egress_bandwidth_tier" {
type = string
description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`."
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
index a7c402db15..45d5fddb63 100644
--- a/modules/beta-public-cluster/README.md
+++ b/modules/beta-public-cluster/README.md
@@ -149,6 +149,7 @@ Then perform the following commands on the root folder:
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no |
| additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
+| anonymous\_authentication\_config\_mode | Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`. | `string` | `null` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
index 53328965c1..b95f83f356 100644
--- a/modules/beta-public-cluster/cluster.tf
+++ b/modules/beta-public-cluster/cluster.tf
@@ -227,6 +227,13 @@ resource "google_container_cluster" "primary" {
in_transit_encryption_config = var.in_transit_encryption_config
+ dynamic "anonymous_authentication_config" {
+ for_each = var.anonymous_authentication_config_mode != null ? [1] : []
+ content {
+ mode = var.anonymous_authentication_config_mode
+ }
+ }
+
dynamic "network_performance_config" {
for_each = var.total_egress_bandwidth_tier != null ? [1] : []
content {
diff --git a/modules/beta-public-cluster/metadata.display.yaml b/modules/beta-public-cluster/metadata.display.yaml
index b4a6d8a832..c195e7b846 100644
--- a/modules/beta-public-cluster/metadata.display.yaml
+++ b/modules/beta-public-cluster/metadata.display.yaml
@@ -49,6 +49,9 @@ spec:
additive_vpc_scope_dns_domain:
name: additive_vpc_scope_dns_domain
title: Additive Vpc Scope Dns Domain
+ anonymous_authentication_config_mode:
+ name: anonymous_authentication_config_mode
+ title: Anonymous Authentication Config Mode
authenticator_security_group:
name: authenticator_security_group
title: Authenticator Security Group
diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml
index 44af81b1ba..a5a812470d 100644
--- a/modules/beta-public-cluster/metadata.yaml
+++ b/modules/beta-public-cluster/metadata.yaml
@@ -541,6 +541,9 @@ spec:
- name: in_transit_encryption_config
description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`.
varType: string
+ - name: anonymous_authentication_config_mode
+ description: Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`.
+ varType: string
- name: total_egress_bandwidth_tier
description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`.
varType: string
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
index a8a9c2de27..690529e16e 100644
--- a/modules/beta-public-cluster/variables.tf
+++ b/modules/beta-public-cluster/variables.tf
@@ -649,6 +649,12 @@ variable "in_transit_encryption_config" {
default = null
}
+variable "anonymous_authentication_config_mode" {
+ description = "Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`."
+ type = string
+ default = null
+}
+
variable "total_egress_bandwidth_tier" {
type = string
description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`."
diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md
index 0d54ac3f00..2e164137d2 100644
--- a/modules/private-cluster-update-variant/README.md
+++ b/modules/private-cluster-update-variant/README.md
@@ -174,6 +174,7 @@ Then perform the following commands on the root folder:
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no |
| additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
+| anonymous\_authentication\_config\_mode | Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`. | `string` | `null` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = optional(number)
max_cpu_cores = optional(number)
min_memory_gb = optional(number)
max_memory_gb = optional(number)
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
image_type = optional(string)
strategy = optional(string)
max_surge = optional(number)
max_unavailable = optional(number)
node_pool_soak_duration = optional(string)
batch_soak_duration = optional(string)
batch_percentage = optional(number)
batch_node_count = optional(number)
enable_secure_boot = optional(bool, false)
enable_integrity_monitoring = optional(bool, true)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"image_type": "COS_CONTAINERD",
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
index 76e962289a..8700f849e0 100644
--- a/modules/private-cluster-update-variant/cluster.tf
+++ b/modules/private-cluster-update-variant/cluster.tf
@@ -214,6 +214,13 @@ resource "google_container_cluster" "primary" {
in_transit_encryption_config = var.in_transit_encryption_config
+ dynamic "anonymous_authentication_config" {
+ for_each = var.anonymous_authentication_config_mode != null ? [1] : []
+ content {
+ mode = var.anonymous_authentication_config_mode
+ }
+ }
+
dynamic "network_performance_config" {
for_each = var.total_egress_bandwidth_tier != null ? [1] : []
content {
diff --git a/modules/private-cluster-update-variant/metadata.display.yaml b/modules/private-cluster-update-variant/metadata.display.yaml
index d1ae59b6e0..aed100d6e0 100644
--- a/modules/private-cluster-update-variant/metadata.display.yaml
+++ b/modules/private-cluster-update-variant/metadata.display.yaml
@@ -49,6 +49,9 @@ spec:
additive_vpc_scope_dns_domain:
name: additive_vpc_scope_dns_domain
title: Additive Vpc Scope Dns Domain
+ anonymous_authentication_config_mode:
+ name: anonymous_authentication_config_mode
+ title: Anonymous Authentication Config Mode
authenticator_security_group:
name: authenticator_security_group
title: Authenticator Security Group
diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml
index fa1cb32233..4e8239108f 100644
--- a/modules/private-cluster-update-variant/metadata.yaml
+++ b/modules/private-cluster-update-variant/metadata.yaml
@@ -552,6 +552,9 @@ spec:
- name: in_transit_encryption_config
description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`.
varType: string
+ - name: anonymous_authentication_config_mode
+ description: Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`.
+ varType: string
- name: total_egress_bandwidth_tier
description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`.
varType: string
diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf
index 64c98704da..3497aed147 100644
--- a/modules/private-cluster-update-variant/variables.tf
+++ b/modules/private-cluster-update-variant/variables.tf
@@ -667,6 +667,12 @@ variable "in_transit_encryption_config" {
default = null
}
+variable "anonymous_authentication_config_mode" {
+ description = "Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`."
+ type = string
+ default = null
+}
+
variable "total_egress_bandwidth_tier" {
type = string
description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`."
diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md
index d8a9987524..c23ea693e5 100644
--- a/modules/private-cluster/README.md
+++ b/modules/private-cluster/README.md
@@ -152,6 +152,7 @@ Then perform the following commands on the root folder:
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no |
| additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
+| anonymous\_authentication\_config\_mode | Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`. | `string` | `null` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = optional(number)
max_cpu_cores = optional(number)
min_memory_gb = optional(number)
max_memory_gb = optional(number)
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
image_type = optional(string)
strategy = optional(string)
max_surge = optional(number)
max_unavailable = optional(number)
node_pool_soak_duration = optional(string)
batch_soak_duration = optional(string)
batch_percentage = optional(number)
batch_node_count = optional(number)
enable_secure_boot = optional(bool, false)
enable_integrity_monitoring = optional(bool, true)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"image_type": "COS_CONTAINERD",
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
index c100011a2b..d48a2f9836 100644
--- a/modules/private-cluster/cluster.tf
+++ b/modules/private-cluster/cluster.tf
@@ -214,6 +214,13 @@ resource "google_container_cluster" "primary" {
in_transit_encryption_config = var.in_transit_encryption_config
+ dynamic "anonymous_authentication_config" {
+ for_each = var.anonymous_authentication_config_mode != null ? [1] : []
+ content {
+ mode = var.anonymous_authentication_config_mode
+ }
+ }
+
dynamic "network_performance_config" {
for_each = var.total_egress_bandwidth_tier != null ? [1] : []
content {
diff --git a/modules/private-cluster/metadata.display.yaml b/modules/private-cluster/metadata.display.yaml
index 303db5396e..cb477ee70a 100644
--- a/modules/private-cluster/metadata.display.yaml
+++ b/modules/private-cluster/metadata.display.yaml
@@ -49,6 +49,9 @@ spec:
additive_vpc_scope_dns_domain:
name: additive_vpc_scope_dns_domain
title: Additive Vpc Scope Dns Domain
+ anonymous_authentication_config_mode:
+ name: anonymous_authentication_config_mode
+ title: Anonymous Authentication Config Mode
authenticator_security_group:
name: authenticator_security_group
title: Authenticator Security Group
diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml
index 3b95c77359..1a620c3beb 100644
--- a/modules/private-cluster/metadata.yaml
+++ b/modules/private-cluster/metadata.yaml
@@ -552,6 +552,9 @@ spec:
- name: in_transit_encryption_config
description: Defines the config of in-transit encryption. Valid values are `IN_TRANSIT_ENCRYPTION_DISABLED` and `IN_TRANSIT_ENCRYPTION_INTER_NODE_TRANSPARENT`.
varType: string
+ - name: anonymous_authentication_config_mode
+ description: Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`.
+ varType: string
- name: total_egress_bandwidth_tier
description: Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`.
varType: string
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
index 64c98704da..3497aed147 100644
--- a/modules/private-cluster/variables.tf
+++ b/modules/private-cluster/variables.tf
@@ -667,6 +667,12 @@ variable "in_transit_encryption_config" {
default = null
}
+variable "anonymous_authentication_config_mode" {
+ description = "Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`."
+ type = string
+ default = null
+}
+
variable "total_egress_bandwidth_tier" {
type = string
description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`."
diff --git a/variables.tf b/variables.tf
index 7e15d4afd5..101ad7ee59 100644
--- a/variables.tf
+++ b/variables.tf
@@ -631,6 +631,12 @@ variable "in_transit_encryption_config" {
default = null
}
+variable "anonymous_authentication_config_mode" {
+ description = "Allows users to restrict or enable anonymous access to the cluster. Valid values are `ENABLED` and `LIMITED`."
+ type = string
+ default = null
+}
+
variable "total_egress_bandwidth_tier" {
type = string
description = "Specifies the total network bandwidth tier for NodePools in the cluster. Valid values are `TIER_UNSPECIFIED` and `TIER_1`. Defaults to `TIER_UNSPECIFIED`."