diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 2b93e48ff..e72781ecc 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -164,6 +164,10 @@ resource "google_container_cluster" "primary" { kalm_config { enabled = var.kalm_config } + + config_connector_config { + enabled = var.config_connector + } {% endif %} } diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index b8e65c7f4..30dc00759 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -429,6 +429,12 @@ variable "kalm_config" { default = false } +variable "config_connector" { + type = bool + description = "(Beta) Whether ConfigConnector is enabled for this cluster." + default = false +} + variable "database_encryption" { description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key." type = list(object({ state = string, key_name = string })) diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index 17c94fb82..f506a4fe4 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -19,7 +19,7 @@ terraform { required_providers { {% if beta_cluster %} - google-beta = ">= 3.21.0, <4.0.0" + google-beta = ">= 3.23.0, <4.0.0" {% else %} google = ">= 3.16, <4.0.0" {% endif %} diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index b08ac2968..a44750b91 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.21.0" + version = "~> 3.23.0" region = var.region } diff --git a/examples/node_pool_update_variant_beta/main.tf b/examples/node_pool_update_variant_beta/main.tf index 903e1a544..cfa7957d3 100644 --- a/examples/node_pool_update_variant_beta/main.tf +++ b/examples/node_pool_update_variant_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.21.0" + version = "~> 3.23.0" credentials = file(var.credentials_path) region = var.region } diff --git a/examples/regional_private_node_pool_oauth_scopes/provider.tf b/examples/regional_private_node_pool_oauth_scopes/provider.tf index 76ebcc1a5..1d4769e24 100644 --- a/examples/regional_private_node_pool_oauth_scopes/provider.tf +++ b/examples/regional_private_node_pool_oauth_scopes/provider.tf @@ -19,5 +19,5 @@ provider "google" { } provider "google-beta" { - version = "3.16.0" + version = "3.23.0" } diff --git a/examples/safer_cluster/main.tf b/examples/safer_cluster/main.tf index 4b73a6e7b..6e4630a21 100644 --- a/examples/safer_cluster/main.tf +++ b/examples/safer_cluster/main.tf @@ -34,7 +34,7 @@ provider "google" { } provider "google-beta" { - version = "~> 3.21.0" + version = "~> 3.23.0" } module "gke" { diff --git a/examples/simple_regional_beta/main.tf b/examples/simple_regional_beta/main.tf index 9becfec11..5c913cce8 100644 --- a/examples/simple_regional_beta/main.tf +++ b/examples/simple_regional_beta/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.21.0" + version = "~> 3.23.0" region = var.region } diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf index 1676993f7..881746717 100644 --- a/examples/simple_regional_private_beta/main.tf +++ b/examples/simple_regional_private_beta/main.tf @@ -24,7 +24,7 @@ provider "google" { } provider "google-beta" { - version = "~> 3.21.0" + version = "~> 3.23.0" region = var.region } diff --git a/examples/workload_metadata_config/main.tf b/examples/workload_metadata_config/main.tf index 1d5346139..80198899f 100644 --- a/examples/workload_metadata_config/main.tf +++ b/examples/workload_metadata_config/main.tf @@ -19,7 +19,7 @@ locals { } provider "google-beta" { - version = "~> 3.21.0" + version = "~> 3.23.0" region = var.region } diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 5705cf364..9f889f323 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -164,6 +164,7 @@ Then perform the following commands on the root folder: | cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object | `` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | string | `"null"` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | map(string) | `` | no | +| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | bool | `"false"` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | string | `"false"` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | bool | `"true"` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key. | object | `` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 0fd74f586..c2d342d5d 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -149,6 +149,10 @@ resource "google_container_cluster" "primary" { kalm_config { enabled = var.kalm_config } + + config_connector_config { + enabled = var.config_connector + } } ip_allocation_policy { diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 0e42e1fac..a1c5d7478 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -422,6 +422,12 @@ variable "kalm_config" { default = false } +variable "config_connector" { + type = bool + description = "(Beta) Whether ConfigConnector is enabled for this cluster." + default = false +} + variable "database_encryption" { description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key." type = list(object({ state = string, key_name = string })) diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index ea62af891..f0900c1cb 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -18,6 +18,6 @@ terraform { required_version = "~> 0.12.6" required_providers { - google-beta = ">= 3.21.0, <4.0.0" + google-beta = ">= 3.23.0, <4.0.0" } } diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index acb579d64..ce8db43e8 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -142,6 +142,7 @@ Then perform the following commands on the root folder: | cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object | `` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | string | `"null"` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | map(string) | `` | no | +| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | bool | `"false"` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | string | `"false"` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | bool | `"true"` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key. | object | `` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 201be0743..da0c16be9 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -149,6 +149,10 @@ resource "google_container_cluster" "primary" { kalm_config { enabled = var.kalm_config } + + config_connector_config { + enabled = var.config_connector + } } ip_allocation_policy { diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 0e42e1fac..a1c5d7478 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -422,6 +422,12 @@ variable "kalm_config" { default = false } +variable "config_connector" { + type = bool + description = "(Beta) Whether ConfigConnector is enabled for this cluster." + default = false +} + variable "database_encryption" { description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key." type = list(object({ state = string, key_name = string })) diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index ea62af891..f0900c1cb 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -18,6 +18,6 @@ terraform { required_version = "~> 0.12.6" required_providers { - google-beta = ">= 3.21.0, <4.0.0" + google-beta = ">= 3.23.0, <4.0.0" } } diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 0e576bee2..bf41312a6 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -124,6 +124,7 @@ Then perform the following commands on the root folder: | cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object | `` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | string | `"null"` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | map(string) | `` | no | +| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | bool | `"false"` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | string | `"false"` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | bool | `"true"` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key. | object | `` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 3d09c835d..e68d35414 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -149,6 +149,10 @@ resource "google_container_cluster" "primary" { kalm_config { enabled = var.kalm_config } + + config_connector_config { + enabled = var.config_connector + } } ip_allocation_policy { diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 2389adc5d..459579248 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -398,6 +398,12 @@ variable "kalm_config" { default = false } +variable "config_connector" { + type = bool + description = "(Beta) Whether ConfigConnector is enabled for this cluster." + default = false +} + variable "database_encryption" { description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key." type = list(object({ state = string, key_name = string })) diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index ea62af891..f0900c1cb 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -18,6 +18,6 @@ terraform { required_version = "~> 0.12.6" required_providers { - google-beta = ">= 3.21.0, <4.0.0" + google-beta = ">= 3.23.0, <4.0.0" } } diff --git a/test/integration/beta_cluster/controls/gcloud.rb b/test/integration/beta_cluster/controls/gcloud.rb index 2d1aff5ce..fc053119f 100644 --- a/test/integration/beta_cluster/controls/gcloud.rb +++ b/test/integration/beta_cluster/controls/gcloud.rb @@ -56,6 +56,7 @@ "disabled" => true, }, "kalmConfig" => {}, + "configConnectorConfig" => {}, "networkPolicyConfig" => {}, "istioConfig" => {"auth"=>"AUTH_MUTUAL_TLS"}, "cloudRunConfig" => {},