terraform-google-kubernetes-engine v12.0.0

⚠ BREAKING CHANGES

• GKE Hub functionality has been removed from ASM module(#665). Users can leverage Hub module for this functionality.

Features

• ACM - Wait for gatekeeper & Hub: expose module_depends_on (#689) (26ea28d)
• add node_pool_taints to all the modules (#705) (68e8eec)
• allow passing roles to created Workload Identity service account (#708) (e761dce)
• Expose service account variable on ASM submodule (#658) (182dded)
• hub make decode work with -d or --decode (#671) (0b5bd3d)
• Hub submodule - add option to use existing service account to register clusters. (#678) (9f84cec)
• Promote previously beta features to GA modules (#709) (2cb4fae), closes #708
• ACM: fix bug when not using ssh secret type for ACM submodule (#679) (716867c)
• make wait-for-cluster more robust (#676) (dffb047)

Bug Fixes

• Correct WI module source in docs (#701) (f31b1f4)
• Enable auto-upgrade in beta clusters with a release channel (#682) (21f95db)
• Fix broken link in README.md (#691) (6f0e749)
• Fix skip_provisioners enabled flag for wait_for_cluster (#669) (e293a43)
• remove hub from asm module (#670) (6f419c3)
• removing gcloud_skip_download variable (#712) (f84e838)
• set project number for ASM install (#692) (c5d1e4d)
• Shorten GSA account_id if necessary (#666) (0225458)

terraform-google-kubernetes-engine v11.1.0

Features

• Add variable disable_default_snat (#625) (19a9e9c)
• Update fields for ACM and Config Sync to bring them to feature parity (#635) (7fc3b48)

terraform-google-kubernetes-engine v11.0.0

⚠ BREAKING CHANGES

• In-cluster resources have been updated to use the kubectl wrapper module. See the upgrade guide for details.

Features

• Add support for enabling master_global_access, which is turned on by default. (#601) (8a9f904)
• Allow user to customize ASM install with different directories and versions (#620) (d542c5c)
• Update modules to use new kubectl module (#602) (794da61)

Bug Fixes

• Bumped gcloud module to 1.3.0 (#612) (4d33759)
• relax version to allow 0.13 (#621) (dd96aa5)

terraform-google-kubernetes-engine v10.0.0

⚠ BREAKING CHANGES

See the upgrade guide for details.

• The default machine type has been changed to e2-medium. If you want the old default, you should specify it explicitly: machine_type = "n1-standard-2".
• Pod security policy enablement has been changed to use a simple boolean flag (var. enable_pod_security_policy)

Features

• add configconnector to safer variant (#581) (4b3f609)
• Added variable for service dependency in binary_authorization sub module (#584) (e3e5458)
• Changed default node pool machine type to e2-medium (#597) (1de41ef)

Bug Fixes

• Compatibility for new asm release with 299.0.0 (#589) (a5213c4)
• Explicitly specify VPC-native clusters for beta modules. (#598) (d9f7782)
• Simplified pod security policy interface. (6069ece)
• Typo in autogen/safer-cluster/README.md (#596) (ebdf57d)

terraform-google-kubernetes-engine v9.4.0

Features

• Add ASM install submodule (#538) (6ff27f9)
• Add bool option for automount_service_account_token (#571) (002cfb1)
• Add firewall support safer-cluster modules (#570) (7ce3c49)

Bug Fixes

• Enhance WI module usability with existing KSA (#557) (cf3273d)
• Restore gcloud wait_for_cluster (#568) (0bcf3ca)
• Use gcloud module for scripts, closes #401 (#404) (65172de)

terraform-google-kubernetes-engine v9.3.0

Features

• Add Beta Public Module Update Variant (#546) (d9f1ea8)
• Add ConfigConnector configuration option (beta) (#547) (672adf9)

Bug Fixes

• Correct ACM param defaults (#536) (0b92d27)

terraform-google-kubernetes-engine v9.2.0

Features

• Add submodule for creating a binary authentication attestor (#530) (cc30fbb)
• Add support for KALM config (#528) (6bf1178)

Bug Fixes

• Add additional guardrails for disabled workload identity. (#542) (43c4349)

terraform-google-kubernetes-engine v9.1.0

Features

• Add boot disk kms key variable (#516) (9195f0f)
• Expose gce_pd_csi_driver for Safer Cluster modules #503 (#514) (d4e7dc6)

Bug Fixes

• Update auth module to handle empty clusters (#521) (dd2afca)

terraform-google-kubernetes-engine v9.0.0

⚠ BREAKING CHANGES

• Beta clusters have changed the default to use the GKE_METADATA_SERVER, to use the old option set node_metadata = "SECURE".
• Minimum provider change increased to 3.19.
• The ACM module has been refactored and resources will be recreated. This will show up in Terraform plans but is a safe no-op for Kubernetes.
• Minimum Google provider version increased to 3.16.
• For the safer cluster module, you must now specify release_channel instead of kubernetes_version.

Features

• [safer-cluster] Replace "kubernetes_version" with "release_channel" (#487) (5791ac1)
• Add an auth submodule outputting a kubeconfig (#469) (a5ace36)
• Add config sync module (#493) (c090d5b)
• Add fully configurable resource usage export block in GA and upgrade GCP provider (#491) (54eca6b)
• Add GCE PD CSI Driver beta support (#497) (d96afa7)
• Add support for setting firewall rules (#470) (16bdd6e)
• Enable GKE_METADATA_SERVER as default node_metadata for beta-clusters (#490) (#512) (8e14762)
• Expose the grant_registry_access variable in safer-cluster (#509) (0961613)

Bug Fixes

• Correct identity namespace output for beta clusters (#500) (c783659), closes #489

terraform-google-kubernetes-engine v8.1.0

Features

• Add peering_name output for private clusters and increase minimum provider version to 3.14 (#484) (ff6b5cc)
• Add support for enabling Nodelocal dns cache (var.dns_cache) (#477) (de8e1d5)

Bug Fixes

• Add stackdriver.resourceMetadata.writer role for SA to prevent monitoring errors (#485) (07de70b)