terraform-google-modules · matthisholleville · Jun 10, 2024 · Jun 10, 2024 · Jun 10, 2024 · Jun 10, 2024
diff --git a/cluster.tf b/cluster.tf
@@ -171,6 +171,8 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  enable_cilium_clusterwide_network_policy = var.enable_cilium_clusterwide_network_policy
+
   enable_kubernetes_alpha = var.enable_kubernetes_alpha
   enable_tpu              = var.enable_tpu
 

diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -308,7 +308,8 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  datapath_provider = var.datapath_provider
+  datapath_provider                        = var.datapath_provider
+  enable_cilium_clusterwide_network_policy = var.enable_cilium_clusterwide_network_policy
 
   networking_mode = "VPC_NATIVE"
 

diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
@@ -848,3 +848,9 @@ variable "fleet_project_grant_service_agent" {
   type        = bool
   default     = false
 }
+
+variable "enable_cilium_clusterwide_network_policy" {
+  description = "(Optional) Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false."
+  type        = bool
+  default     = false
+}
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
@@ -308,7 +308,9 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  datapath_provider = var.datapath_provider
+  datapath_provider                        = var.datapath_provider
+  enable_cilium_clusterwide_network_policy = var.enable_cilium_clusterwide_network_policy
+
 
   networking_mode = "VPC_NATIVE"
 

diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
@@ -848,3 +848,9 @@ variable "fleet_project_grant_service_agent" {
   type        = bool
   default     = false
 }
+
+variable "enable_cilium_clusterwide_network_policy" {
+  description = "(Optional) Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false."
+  type        = bool
+  default     = false
+}
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
@@ -268,7 +268,8 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  datapath_provider = var.datapath_provider
+  datapath_provider                        = var.datapath_provider
+  enable_cilium_clusterwide_network_policy = var.enable_cilium_clusterwide_network_policy
 
 
   security_posture_config {

diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
@@ -758,3 +758,9 @@ variable "fleet_project" {
   type        = string
   default     = null
 }
+
+variable "enable_cilium_clusterwide_network_policy" {
+  description = "(Optional) Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false."
+  type        = bool
+  default     = false
+}
diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf
@@ -68,7 +68,8 @@ module "gke" {
   // NOTE: Dataplane-V2 conflicts with the Calico network policy add-on because
   // it provides redundant NetworkPolicy capabilities. If V2 is enabled, the
   // Calico add-on should be disabled.
-  network_policy = var.datapath_provider == "ADVANCED_DATAPATH" ? false : true
+  network_policy                           = var.datapath_provider == "ADVANCED_DATAPATH" ? false : true
+  enable_cilium_clusterwide_network_policy = var.enable_cilium_clusterwide_network_policy
 
   // Default to the recommended Dataplane V2 which enables NetworkPolicies and
   // allows for network policy logging of allowed and denied requests to Pods.

diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf
@@ -532,3 +532,9 @@ variable "deletion_protection" {
   description = "Whether or not to allow Terraform to destroy the cluster."
   default     = true
 }
+
+variable "enable_cilium_clusterwide_network_policy" {
+  description = "(Optional) Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false."
+  type        = bool
+  default     = false
+}
diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf
@@ -72,7 +72,8 @@ module "gke" {
 
   // Default to the recommended Dataplane V2 which enables NetworkPolicies and
   // allows for network policy logging of allowed and denied requests to Pods.
-  datapath_provider = var.datapath_provider
+  datapath_provider                        = var.datapath_provider
+  enable_cilium_clusterwide_network_policy = var.enable_cilium_clusterwide_network_policy
 
   maintenance_start_time = var.maintenance_start_time
   maintenance_end_time   = var.maintenance_end_time

diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf
@@ -532,3 +532,9 @@ variable "deletion_protection" {
   description = "Whether or not to allow Terraform to destroy the cluster."
   default     = true
 }
+
+variable "enable_cilium_clusterwide_network_policy" {
+  description = "(Optional) Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false."
+  type        = bool
+  default     = false
+}
diff --git a/variables.tf b/variables.tf
@@ -728,3 +728,9 @@ variable "fleet_project" {
   type        = string
   default     = null
 }
+
+variable "enable_cilium_clusterwide_network_policy" {
+  description = "(Optional) Whether CiliumClusterWideNetworkPolicy is enabled on this cluster. Defaults to false."
+  type        = bool
+  default     = false
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -171,6 +171,8 @@ resource "google_container_cluster" "primary" { @@
         }
       }
+      enable_cilium_clusterwide_network_policy = var.enable_cilium_clusterwide_network_policy
       enable_kubernetes_alpha = var.enable_kubernetes_alpha
       enable_tpu              = var.enable_tpu
@@ Expand Down @@