diff --git a/README.md b/README.md index 51503cab35..e3bf019f65 100644 --- a/README.md +++ b/README.md @@ -175,6 +175,7 @@ Then perform the following commands on the root folder: | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no | | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index eaf88cf84f..4b8dca8ea0 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -37,6 +37,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + {% if autopilot_cluster != true %} dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 4402e8b31e..d982af4a0d 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -399,6 +399,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + {% if autopilot_cluster != true %} variable "stub_domains" { type = map(list(string)) diff --git a/cluster.tf b/cluster.tf index 923c71c411..d5a4665129 100644 --- a/cluster.tf +++ b/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/examples/simple_regional_private/README.md b/examples/simple_regional_private/README.md index 8d0a6651c4..aff5898d61 100644 --- a/examples/simple_regional_private/README.md +++ b/examples/simple_regional_private/README.md @@ -9,6 +9,7 @@ This example illustrates how to create a simple private cluster. |------|-------------|------|---------|:--------:| | cluster\_name\_suffix | A suffix to append to the default cluster name | `string` | `""` | no | | compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | `any` | n/a | yes | +| enable\_k8s\_beta\_apis | K8S beta apis to enable within the cluster | `any` | n/a | yes | | ip\_range\_pods | The secondary ip range to use for pods | `any` | n/a | yes | | network | The VPC network to host the cluster in | `any` | n/a | yes | | project\_id | The project ID to host the cluster in | `any` | n/a | yes | diff --git a/examples/simple_regional_private/main.tf b/examples/simple_regional_private/main.tf index 93f648bc7f..5adf5980a1 100644 --- a/examples/simple_regional_private/main.tf +++ b/examples/simple_regional_private/main.tf @@ -51,6 +51,7 @@ module "gke" { default_max_pods_per_node = 20 remove_default_node_pool = true deletion_protection = false + enable_k8s_beta_apis = var.enable_k8s_beta_apis node_pools = [ { diff --git a/examples/simple_regional_private/variables.tf b/examples/simple_regional_private/variables.tf index d64fdd7d3d..4113046f8f 100644 --- a/examples/simple_regional_private/variables.tf +++ b/examples/simple_regional_private/variables.tf @@ -43,3 +43,6 @@ variable "compute_engine_service_account" { description = "Service account to associate to the nodes in the cluster" } +variable "enable_k8s_beta_apis" { + description = "K8S beta apis to enable within the cluster" +} diff --git a/metadata.display.yaml b/metadata.display.yaml index 69d4cc90a1..bc4f825f52 100644 --- a/metadata.display.yaml +++ b/metadata.display.yaml @@ -132,6 +132,9 @@ spec: enable_intranode_visibility: name: enable_intranode_visibility title: Enable Intranode Visibility + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_kubernetes_alpha: name: enable_kubernetes_alpha title: Enable Kubernetes Alpha diff --git a/metadata.yaml b/metadata.yaml index 99bc4ee95e..558456bc63 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -393,6 +393,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: stub_domains description: Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server varType: map(list(string)) diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 4ba9913f08..b14f5e36e7 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -96,6 +96,7 @@ Then perform the following commands on the root folder: | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_multi\_networking | Whether multi-networking is enabled for this cluster | `bool` | `null` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 1a9f498abe..c124a40e02 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "release_channel" { for_each = local.release_channel diff --git a/modules/beta-autopilot-private-cluster/metadata.display.yaml b/modules/beta-autopilot-private-cluster/metadata.display.yaml index 1f0378bafb..a0e8030e51 100644 --- a/modules/beta-autopilot-private-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.display.yaml @@ -100,6 +100,9 @@ spec: enable_fqdn_network_policy: name: enable_fqdn_network_policy title: Enable Fqdn Network Policy + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_l4_ilb_subsetting: name: enable_l4_ilb_subsetting title: Enable L4 Ilb Subsetting diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml index dc0b7334db..2922bc62ae 100644 --- a/modules/beta-autopilot-private-cluster/metadata.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.yaml @@ -241,6 +241,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: create_service_account description: Defines if service account specified to run nodes should be created. varType: bool diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 33636f5349..5793e0bfdc 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -208,6 +208,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "create_service_account" { diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 4747b44785..2ecae2c1e1 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -89,6 +89,7 @@ Then perform the following commands on the root folder: | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_multi\_networking | Whether multi-networking is enabled for this cluster | `bool` | `null` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 0c41f1a7bc..b7336ed2f5 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "release_channel" { for_each = local.release_channel diff --git a/modules/beta-autopilot-public-cluster/metadata.display.yaml b/modules/beta-autopilot-public-cluster/metadata.display.yaml index ee06f33a01..7074084b36 100644 --- a/modules/beta-autopilot-public-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.display.yaml @@ -97,6 +97,9 @@ spec: enable_fqdn_network_policy: name: enable_fqdn_network_policy title: Enable Fqdn Network Policy + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_l4_ilb_subsetting: name: enable_l4_ilb_subsetting title: Enable L4 Ilb Subsetting diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml index bb8bbf4d07..0290b0b5ef 100644 --- a/modules/beta-autopilot-public-cluster/metadata.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.yaml @@ -241,6 +241,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: create_service_account description: Defines if service account specified to run nodes should be created. varType: bool diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index db033ed587..b55c76164b 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -208,6 +208,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "create_service_account" { diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 3272e07e6e..147c87f888 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -210,6 +210,7 @@ Then perform the following commands on the root folder: | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no | | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index eaf9e90b6f..cc4ce3d63f 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/modules/beta-private-cluster-update-variant/metadata.display.yaml b/modules/beta-private-cluster-update-variant/metadata.display.yaml index 4f198937b0..e344f57c5f 100644 --- a/modules/beta-private-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.display.yaml @@ -145,6 +145,9 @@ spec: enable_intranode_visibility: name: enable_intranode_visibility title: Enable Intranode Visibility + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_kubernetes_alpha: name: enable_kubernetes_alpha title: Enable Kubernetes Alpha diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index 766a20342e..bc972fcfa2 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -359,6 +359,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: stub_domains description: Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server varType: map(list(string)) diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 013d93bedf..3d1b2f049a 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -376,6 +376,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "stub_domains" { type = map(list(string)) description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 5fa58ebc7d..05c1df3d7b 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -188,6 +188,7 @@ Then perform the following commands on the root folder: | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no | | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index c64f4f3856..6c2af017c3 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/modules/beta-private-cluster/metadata.display.yaml b/modules/beta-private-cluster/metadata.display.yaml index 3d435d2756..e3a7c2f302 100644 --- a/modules/beta-private-cluster/metadata.display.yaml +++ b/modules/beta-private-cluster/metadata.display.yaml @@ -145,6 +145,9 @@ spec: enable_intranode_visibility: name: enable_intranode_visibility title: Enable Intranode Visibility + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_kubernetes_alpha: name: enable_kubernetes_alpha title: Enable Kubernetes Alpha diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index 6b0a264993..19d1919f76 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -359,6 +359,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: stub_domains description: Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server varType: map(list(string)) diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 013d93bedf..3d1b2f049a 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -376,6 +376,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "stub_domains" { type = map(list(string)) description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index df0a6dcebd..22335d3046 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -203,6 +203,7 @@ Then perform the following commands on the root folder: | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no | | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 3fba3b693b..093e0e4295 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/modules/beta-public-cluster-update-variant/metadata.display.yaml b/modules/beta-public-cluster-update-variant/metadata.display.yaml index 55d3654fe1..cdb34e1180 100644 --- a/modules/beta-public-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.display.yaml @@ -142,6 +142,9 @@ spec: enable_intranode_visibility: name: enable_intranode_visibility title: Enable Intranode Visibility + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_kubernetes_alpha: name: enable_kubernetes_alpha title: Enable Kubernetes Alpha diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index 8f7a2e8a06..bfeb7ccafb 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -359,6 +359,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: stub_domains description: Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server varType: map(list(string)) diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 2d8ded982d..e29ce46780 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -376,6 +376,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "stub_domains" { type = map(list(string)) description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 0279d919ae..ac54061977 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -181,6 +181,7 @@ Then perform the following commands on the root folder: | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no | | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 322cf89374..0abeb46f11 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/modules/beta-public-cluster/metadata.display.yaml b/modules/beta-public-cluster/metadata.display.yaml index b9026e7f18..7f25a4f0ab 100644 --- a/modules/beta-public-cluster/metadata.display.yaml +++ b/modules/beta-public-cluster/metadata.display.yaml @@ -142,6 +142,9 @@ spec: enable_intranode_visibility: name: enable_intranode_visibility title: Enable Intranode Visibility + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_kubernetes_alpha: name: enable_kubernetes_alpha title: Enable Kubernetes Alpha diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index 787fecf8c4..a2f335e3b9 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -359,6 +359,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: stub_domains description: Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server varType: map(list(string)) diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 2d8ded982d..e29ce46780 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -376,6 +376,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "stub_domains" { type = map(list(string)) description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 96cb9fb369..1856695508 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -204,6 +204,7 @@ Then perform the following commands on the root folder: | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no | | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 003f4df53e..9c1073508a 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/modules/private-cluster-update-variant/metadata.display.yaml b/modules/private-cluster-update-variant/metadata.display.yaml index 2e16adf851..c402f1d3f7 100644 --- a/modules/private-cluster-update-variant/metadata.display.yaml +++ b/modules/private-cluster-update-variant/metadata.display.yaml @@ -136,6 +136,9 @@ spec: enable_intranode_visibility: name: enable_intranode_visibility title: Enable Intranode Visibility + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_kubernetes_alpha: name: enable_kubernetes_alpha title: Enable Kubernetes Alpha diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml index 27519c088d..84a11cf4aa 100644 --- a/modules/private-cluster-update-variant/metadata.yaml +++ b/modules/private-cluster-update-variant/metadata.yaml @@ -359,6 +359,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: stub_domains description: Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server varType: map(list(string)) diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index bcb541ab6d..a13defac71 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -376,6 +376,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "stub_domains" { type = map(list(string)) description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index a37139058d..621bcc1735 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -182,6 +182,7 @@ Then perform the following commands on the root folder: | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no | | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | +| enable\_k8s\_beta\_apis | (Optional) - List of Kubernetes Beta APIs to enable in cluster. | `list(string)` | `[]` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 1ba5da2c37..2689a28a85 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -33,6 +33,13 @@ resource "google_container_cluster" "primary" { network = "projects/${local.network_project_id}/global/networks/${var.network}" deletion_protection = var.deletion_protection + dynamic "enable_k8s_beta_apis" { + for_each = length(var.enable_k8s_beta_apis) > 0 ? [1] : [] + content { + enabled_apis = var.enable_k8s_beta_apis + } + } + dynamic "network_policy" { for_each = local.cluster_network_policy diff --git a/modules/private-cluster/metadata.display.yaml b/modules/private-cluster/metadata.display.yaml index 9de2e576d5..2acaf96118 100644 --- a/modules/private-cluster/metadata.display.yaml +++ b/modules/private-cluster/metadata.display.yaml @@ -136,6 +136,9 @@ spec: enable_intranode_visibility: name: enable_intranode_visibility title: Enable Intranode Visibility + enable_k8s_beta_apis: + name: enable_k8s_beta_apis + title: Enable K8s Beta Apis enable_kubernetes_alpha: name: enable_kubernetes_alpha title: Enable Kubernetes Alpha diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml index 4f92bd3b0a..0b13a8870f 100644 --- a/modules/private-cluster/metadata.yaml +++ b/modules/private-cluster/metadata.yaml @@ -359,6 +359,10 @@ spec: description: (Optional) - List of network tags applied to auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: enable_k8s_beta_apis + description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. + varType: list(string) + defaultValue: [] - name: stub_domains description: Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server varType: map(list(string)) diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index bcb541ab6d..a13defac71 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -376,6 +376,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "stub_domains" { type = map(list(string)) description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" diff --git a/test/fixtures/simple_regional_private/example.tf b/test/fixtures/simple_regional_private/example.tf index e684b3cc90..e248e8f60b 100644 --- a/test/fixtures/simple_regional_private/example.tf +++ b/test/fixtures/simple_regional_private/example.tf @@ -24,5 +24,6 @@ module "example" { subnetwork = google_compute_subnetwork.main.name ip_range_pods = google_compute_subnetwork.main.secondary_ip_range[0].range_name compute_engine_service_account = var.compute_engine_service_accounts[1] + enable_k8s_beta_apis = var.enable_k8s_beta_apis } diff --git a/test/fixtures/simple_regional_private/variables.tf b/test/fixtures/simple_regional_private/variables.tf index 8cf5823b20..d120dcba18 100644 --- a/test/fixtures/simple_regional_private/variables.tf +++ b/test/fixtures/simple_regional_private/variables.tf @@ -40,6 +40,12 @@ variable "registry_project_ids" { type = list(string) } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = ["networking.k8s.io/v1beta1/ipaddresses"] +} + variable "kubernetes_version" { type = string description = "The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region." diff --git a/variables.tf b/variables.tf index fd5e608a3f..95ec6cf9ff 100644 --- a/variables.tf +++ b/variables.tf @@ -376,6 +376,12 @@ variable "network_tags" { default = [] } +variable "enable_k8s_beta_apis" { + description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." + type = list(string) + default = [] +} + variable "stub_domains" { type = map(list(string)) description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"