diff --git a/README.md b/README.md index 6c5ffa8fe3..af8984491a 100644 --- a/README.md +++ b/README.md @@ -144,7 +144,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | -| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | +| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index f4b10125c2..bf1a122b7f 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -541,11 +541,11 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } - dynamic "additional_pod_ranges_config" { - for_each = var.additional_pod_ranges_config + dynamic "additional_ip_ranges_config" { + for_each = var.additional_ip_ranges_config content { - subnetwork = var.additional_pod_ranges_config.subnetwork - pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + subnetwork = var.additional_ip_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_ip_ranges_config.pod_ipv4_range_names } } stack_type = var.stack_type diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 8d8a5e1796..fc3d46872d 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -174,7 +174,7 @@ variable "additional_ip_range_pods" { default = [] } -variable "additional_pod_ranges_config" { +variable "additional_ip_ranges_config" { type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) description = "the configuration for individual additional subnetworks attached to the cluster" default = [] diff --git a/cluster.tf b/cluster.tf index 5be52ef883..5b50c931b2 100644 --- a/cluster.tf +++ b/cluster.tf @@ -411,11 +411,11 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } - dynamic "additional_pod_ranges_config" { - for_each = var.additional_pod_ranges_config + dynamic "additional_ip_ranges_config" { + for_each = var.additional_ip_ranges_config content { - subnetwork = var.additional_pod_ranges_config.subnetwork - pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + subnetwork = var.additional_ip_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_ip_ranges_config.pod_ipv4_range_names } } stack_type = var.stack_type diff --git a/examples/disable_client_cert/core b/examples/disable_client_cert/core new file mode 100644 index 0000000000..e69de29bb2 diff --git a/examples/gke_autopilot_cluster/main.tf b/examples/gke_autopilot_cluster/main.tf index 61f32bc8fa..ce0119025e 100644 --- a/examples/gke_autopilot_cluster/main.tf +++ b/examples/gke_autopilot_cluster/main.tf @@ -36,7 +36,7 @@ module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/gke-autopilot-cluster" version = "~> 38.0" - project_id = var.project_id + project_id = var.project_id name = "${local.cluster_type}-cluster" location = var.region network = module.gcp-network.network_self_link diff --git a/examples/gke_standard_cluster/main.tf b/examples/gke_standard_cluster/main.tf index d3927472e6..9ef7407a0e 100644 --- a/examples/gke_standard_cluster/main.tf +++ b/examples/gke_standard_cluster/main.tf @@ -37,7 +37,7 @@ module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/gke-standard-cluster" version = "~> 38.0" - project_id = var.project_id + project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" location = var.region network = var.network @@ -87,9 +87,9 @@ module "node_pool" { source = "terraform-google-modules/kubernetes-engine/google//modules/gke-node-pool" version = "~> 38.0" - project_id = var.project_id - location = var.region - cluster = module.gke.cluster_name + project_id = var.project_id + location = var.region + cluster = module.gke.cluster_name node_config = { disk_size_gb = 100 disk_type = "pd-standard" diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index 8b66d525b2..0c9dbde134 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -163,7 +163,7 @@ module "gke" { } node_pools_cgroup_mode = { - all = "CGROUP_MODE_V2" + all = "CGROUP_MODE_V2" pool-01 = "CGROUP_MODE_V1" } diff --git a/metadata.display.yaml b/metadata.display.yaml index 5c2f001d73..6e159409da 100644 --- a/metadata.display.yaml +++ b/metadata.display.yaml @@ -39,6 +39,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_ip_ranges_config: + name: additional_ip_ranges_config + title: Additional Ip Ranges Config additional_pod_ranges_config: name: additional_pod_ranges_config title: Additional Pod Ranges Config diff --git a/metadata.yaml b/metadata.yaml index f7a315b496..cc5ca06a40 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -259,7 +259,7 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] - - name: additional_pod_ranges_config + - name: additional_ip_ranges_config description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 59d1d8b49c..0fa8c4fb21 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -77,7 +77,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | -| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | +| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | allow\_net\_admin | (Optional) Enable NET\_ADMIN for the cluster. | `bool` | `null` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index d1853672d5..ff02ec4a63 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -312,11 +312,11 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } - dynamic "additional_pod_ranges_config" { - for_each = var.additional_pod_ranges_config + dynamic "additional_ip_ranges_config" { + for_each = var.additional_ip_ranges_config content { - subnetwork = var.additional_pod_ranges_config.subnetwork - pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + subnetwork = var.additional_ip_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_ip_ranges_config.pod_ipv4_range_names } } stack_type = var.stack_type diff --git a/modules/beta-autopilot-private-cluster/metadata.display.yaml b/modules/beta-autopilot-private-cluster/metadata.display.yaml index 7e201962d1..887c30302d 100644 --- a/modules/beta-autopilot-private-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_ip_ranges_config: + name: additional_ip_ranges_config + title: Additional Ip Ranges Config additional_pod_ranges_config: name: additional_pod_ranges_config title: Additional Pod Ranges Config diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml index 0f58298499..e8834a36cf 100644 --- a/modules/beta-autopilot-private-cluster/metadata.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.yaml @@ -218,7 +218,7 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] - - name: additional_pod_ranges_config + - name: additional_ip_ranges_config description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 479a7ef0ae..56bcaecc59 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -164,7 +164,7 @@ variable "additional_ip_range_pods" { default = [] } -variable "additional_pod_ranges_config" { +variable "additional_ip_ranges_config" { type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) description = "the configuration for individual additional subnetworks attached to the cluster" default = [] diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 52d2078adb..61fb872e75 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -71,7 +71,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | -| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | +| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | allow\_net\_admin | (Optional) Enable NET\_ADMIN for the cluster. | `bool` | `null` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 05ff62a148..4c91fc3f9a 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -312,11 +312,11 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } - dynamic "additional_pod_ranges_config" { - for_each = var.additional_pod_ranges_config + dynamic "additional_ip_ranges_config" { + for_each = var.additional_ip_ranges_config content { - subnetwork = var.additional_pod_ranges_config.subnetwork - pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + subnetwork = var.additional_ip_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_ip_ranges_config.pod_ipv4_range_names } } stack_type = var.stack_type diff --git a/modules/beta-autopilot-public-cluster/metadata.display.yaml b/modules/beta-autopilot-public-cluster/metadata.display.yaml index 17d5755933..35d5407df4 100644 --- a/modules/beta-autopilot-public-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_ip_ranges_config: + name: additional_ip_ranges_config + title: Additional Ip Ranges Config additional_pod_ranges_config: name: additional_pod_ranges_config title: Additional Pod Ranges Config diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml index 63de149d6e..842ad78e95 100644 --- a/modules/beta-autopilot-public-cluster/metadata.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.yaml @@ -218,7 +218,7 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] - - name: additional_pod_ranges_config + - name: additional_ip_ranges_config description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index ef59e9744c..23e533842b 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -164,7 +164,7 @@ variable "additional_ip_range_pods" { default = [] } -variable "additional_pod_ranges_config" { +variable "additional_ip_ranges_config" { type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) description = "the configuration for individual additional subnetworks attached to the cluster" default = [] diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 15d37b8885..fa63f65477 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -175,7 +175,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | -| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | +| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 8e7790fb9d..d53fd4ea09 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -448,11 +448,11 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } - dynamic "additional_pod_ranges_config" { - for_each = var.additional_pod_ranges_config + dynamic "additional_ip_ranges_config" { + for_each = var.additional_ip_ranges_config content { - subnetwork = var.additional_pod_ranges_config.subnetwork - pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + subnetwork = var.additional_ip_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_ip_ranges_config.pod_ipv4_range_names } } stack_type = var.stack_type diff --git a/modules/beta-private-cluster-update-variant/metadata.display.yaml b/modules/beta-private-cluster-update-variant/metadata.display.yaml index 290b061de6..d9bf9511f1 100644 --- a/modules/beta-private-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_ip_ranges_config: + name: additional_ip_ranges_config + title: Additional Ip Ranges Config additional_pod_ranges_config: name: additional_pod_ranges_config title: Additional Pod Ranges Config diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index 93d63bb35f..57d4944751 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -219,7 +219,7 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] - - name: additional_pod_ranges_config + - name: additional_ip_ranges_config description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index d86c6035d6..d169e9e221 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -155,7 +155,7 @@ variable "additional_ip_range_pods" { default = [] } -variable "additional_pod_ranges_config" { +variable "additional_ip_ranges_config" { type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) description = "the configuration for individual additional subnetworks attached to the cluster" default = [] diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index e7cb428627..f280d6f57b 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -153,7 +153,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | -| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | +| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index ba74d25db4..16f8a58693 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -448,11 +448,11 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } - dynamic "additional_pod_ranges_config" { - for_each = var.additional_pod_ranges_config + dynamic "additional_ip_ranges_config" { + for_each = var.additional_ip_ranges_config content { - subnetwork = var.additional_pod_ranges_config.subnetwork - pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + subnetwork = var.additional_ip_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_ip_ranges_config.pod_ipv4_range_names } } stack_type = var.stack_type diff --git a/modules/beta-private-cluster/metadata.display.yaml b/modules/beta-private-cluster/metadata.display.yaml index 83defb6bb0..0ba1ed91ac 100644 --- a/modules/beta-private-cluster/metadata.display.yaml +++ b/modules/beta-private-cluster/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_ip_ranges_config: + name: additional_ip_ranges_config + title: Additional Ip Ranges Config additional_pod_ranges_config: name: additional_pod_ranges_config title: Additional Pod Ranges Config diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index 6db6bf9a9d..c5ae8ec7cc 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -219,7 +219,7 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] - - name: additional_pod_ranges_config + - name: additional_ip_ranges_config description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index d86c6035d6..d169e9e221 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -155,7 +155,7 @@ variable "additional_ip_range_pods" { default = [] } -variable "additional_pod_ranges_config" { +variable "additional_ip_ranges_config" { type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) description = "the configuration for individual additional subnetworks attached to the cluster" default = [] diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 0c1e5e3cfc..285b2bdc7d 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -169,7 +169,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | -| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | +| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 2ed8e1104c..03c4953cc1 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -448,11 +448,11 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } - dynamic "additional_pod_ranges_config" { - for_each = var.additional_pod_ranges_config + dynamic "additional_ip_ranges_config" { + for_each = var.additional_ip_ranges_config content { - subnetwork = var.additional_pod_ranges_config.subnetwork - pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + subnetwork = var.additional_ip_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_ip_ranges_config.pod_ipv4_range_names } } stack_type = var.stack_type diff --git a/modules/beta-public-cluster-update-variant/metadata.display.yaml b/modules/beta-public-cluster-update-variant/metadata.display.yaml index 628cd12485..ee5f7c2d18 100644 --- a/modules/beta-public-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_ip_ranges_config: + name: additional_ip_ranges_config + title: Additional Ip Ranges Config additional_pod_ranges_config: name: additional_pod_ranges_config title: Additional Pod Ranges Config diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index 77a6c232e2..e7fb8fc523 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -219,7 +219,7 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] - - name: additional_pod_ranges_config + - name: additional_ip_ranges_config description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index c496007585..640205ec71 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -155,7 +155,7 @@ variable "additional_ip_range_pods" { default = [] } -variable "additional_pod_ranges_config" { +variable "additional_ip_ranges_config" { type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) description = "the configuration for individual additional subnetworks attached to the cluster" default = [] diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 8b28c7fc2d..d7231e89b6 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -147,7 +147,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | -| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | +| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 0a968942e4..962ac3857d 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -448,11 +448,11 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } - dynamic "additional_pod_ranges_config" { - for_each = var.additional_pod_ranges_config + dynamic "additional_ip_ranges_config" { + for_each = var.additional_ip_ranges_config content { - subnetwork = var.additional_pod_ranges_config.subnetwork - pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + subnetwork = var.additional_ip_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_ip_ranges_config.pod_ipv4_range_names } } stack_type = var.stack_type diff --git a/modules/beta-public-cluster/metadata.display.yaml b/modules/beta-public-cluster/metadata.display.yaml index 73afdf0a79..a587dc300b 100644 --- a/modules/beta-public-cluster/metadata.display.yaml +++ b/modules/beta-public-cluster/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_ip_ranges_config: + name: additional_ip_ranges_config + title: Additional Ip Ranges Config additional_pod_ranges_config: name: additional_pod_ranges_config title: Additional Pod Ranges Config diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index 578ad281fa..d3f706ed95 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -219,7 +219,7 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] - - name: additional_pod_ranges_config + - name: additional_ip_ranges_config description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index c496007585..640205ec71 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -155,7 +155,7 @@ variable "additional_ip_range_pods" { default = [] } -variable "additional_pod_ranges_config" { +variable "additional_ip_ranges_config" { type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) description = "the configuration for individual additional subnetworks attached to the cluster" default = [] diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 9bf7205d27..17b47cd78c 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -172,7 +172,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | -| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | +| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 08d74d4498..a3a6c90036 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -411,11 +411,11 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } - dynamic "additional_pod_ranges_config" { - for_each = var.additional_pod_ranges_config + dynamic "additional_ip_ranges_config" { + for_each = var.additional_ip_ranges_config content { - subnetwork = var.additional_pod_ranges_config.subnetwork - pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + subnetwork = var.additional_ip_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_ip_ranges_config.pod_ipv4_range_names } } stack_type = var.stack_type diff --git a/modules/private-cluster-update-variant/metadata.display.yaml b/modules/private-cluster-update-variant/metadata.display.yaml index 6e4b037fb5..0e162614f4 100644 --- a/modules/private-cluster-update-variant/metadata.display.yaml +++ b/modules/private-cluster-update-variant/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_ip_ranges_config: + name: additional_ip_ranges_config + title: Additional Ip Ranges Config additional_pod_ranges_config: name: additional_pod_ranges_config title: Additional Pod Ranges Config diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml index 3e62e97931..20baf891d2 100644 --- a/modules/private-cluster-update-variant/metadata.yaml +++ b/modules/private-cluster-update-variant/metadata.yaml @@ -219,7 +219,7 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] - - name: additional_pod_ranges_config + - name: additional_ip_ranges_config description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index f6fbd47741..151ac9e6ee 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -155,7 +155,7 @@ variable "additional_ip_range_pods" { default = [] } -variable "additional_pod_ranges_config" { +variable "additional_ip_ranges_config" { type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) description = "the configuration for individual additional subnetworks attached to the cluster" default = [] diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 21e88dcc73..4ed430268a 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -150,7 +150,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no | -| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | +| additional\_ip\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no | | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 7be1a89347..04e3a72000 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -411,11 +411,11 @@ resource "google_container_cluster" "primary" { pod_range_names = var.additional_ip_range_pods } } - dynamic "additional_pod_ranges_config" { - for_each = var.additional_pod_ranges_config + dynamic "additional_ip_ranges_config" { + for_each = var.additional_ip_ranges_config content { - subnetwork = var.additional_pod_ranges_config.subnetwork - pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names + subnetwork = var.additional_ip_ranges_config.subnetwork + pod_ipv4_range_names = var.additional_ip_ranges_config.pod_ipv4_range_names } } stack_type = var.stack_type diff --git a/modules/private-cluster/metadata.display.yaml b/modules/private-cluster/metadata.display.yaml index 68bea01a11..aa4afe00be 100644 --- a/modules/private-cluster/metadata.display.yaml +++ b/modules/private-cluster/metadata.display.yaml @@ -40,6 +40,9 @@ spec: additional_ip_range_pods: name: additional_ip_range_pods title: Additional Ip Range Pods + additional_ip_ranges_config: + name: additional_ip_ranges_config + title: Additional Ip Ranges Config additional_pod_ranges_config: name: additional_pod_ranges_config title: Additional Pod Ranges Config diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml index c1cfade008..f2956b7e92 100644 --- a/modules/private-cluster/metadata.yaml +++ b/modules/private-cluster/metadata.yaml @@ -219,7 +219,7 @@ spec: description: List of _names_ of the additional secondary subnet ip ranges to use for pods varType: list(string) defaultValue: [] - - name: additional_pod_ranges_config + - name: additional_ip_ranges_config description: the configuration for individual additional subnetworks attached to the cluster varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) defaultValue: [] diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index f6fbd47741..151ac9e6ee 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -155,7 +155,7 @@ variable "additional_ip_range_pods" { default = [] } -variable "additional_pod_ranges_config" { +variable "additional_ip_ranges_config" { type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) description = "the configuration for individual additional subnetworks attached to the cluster" default = [] diff --git a/variables.tf b/variables.tf index a3d5bc417a..3a4aec4576 100644 --- a/variables.tf +++ b/variables.tf @@ -155,7 +155,7 @@ variable "additional_ip_range_pods" { default = [] } -variable "additional_pod_ranges_config" { +variable "additional_ip_ranges_config" { type = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) })) description = "the configuration for individual additional subnetworks attached to the cluster" default = []