Skip to content

Commit

Permalink
feat: add support for additive_vpc_scope_dns_domain (#1998)
Browse files Browse the repository at this point in the history
Co-authored-by: Andrew Peabody <[email protected]>
  • Loading branch information
DrFaust92 and apeabody authored Jul 19, 2024
1 parent 6bd1bc1 commit b54b7ba
Show file tree
Hide file tree
Showing 14 changed files with 53 additions and 15 deletions.
9 changes: 6 additions & 3 deletions autogen/main/cluster.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -466,9 +466,12 @@ resource "google_container_cluster" "primary" {
dynamic "dns_config" {
for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : []
content {
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
{% if beta_cluster %}
additive_vpc_scope_dns_domain = var.additive_vpc_scope_dns_domain
{% endif %}
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
}
}

Expand Down
7 changes: 7 additions & 0 deletions autogen/main/variables.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -741,6 +741,13 @@ variable "cluster_dns_domain" {
default = ""
}

{% if beta_cluster %}
variable "additive_vpc_scope_dns_domain" {
type = string
description = "(Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = `CLOUD_DNS` and cluster_dns_scope = `CLUSTER_SCOPE` must both be set as well."
default = ""
}
{% endif %}
variable "gce_pd_csi_driver" {
type = bool
description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
Expand Down
1 change: 1 addition & 0 deletions modules/beta-private-cluster-update-variant/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,7 @@ Then perform the following commands on the root folder:
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additive\_vpc\_scope\_dns\_domain | (Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
Expand Down
7 changes: 4 additions & 3 deletions modules/beta-private-cluster-update-variant/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -395,9 +395,10 @@ resource "google_container_cluster" "primary" {
dynamic "dns_config" {
for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : []
content {
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
additive_vpc_scope_dns_domain = var.additive_vpc_scope_dns_domain
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
}
}

Expand Down
5 changes: 5 additions & 0 deletions modules/beta-private-cluster-update-variant/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -710,6 +710,11 @@ variable "cluster_dns_domain" {
default = ""
}

variable "additive_vpc_scope_dns_domain" {
type = string
description = "(Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = `CLOUD_DNS` and cluster_dns_scope = `CLUSTER_SCOPE` must both be set as well."
default = ""
}
variable "gce_pd_csi_driver" {
type = bool
description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
Expand Down
1 change: 1 addition & 0 deletions modules/beta-private-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,7 @@ Then perform the following commands on the root folder:
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additive\_vpc\_scope\_dns\_domain | (Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
Expand Down
7 changes: 4 additions & 3 deletions modules/beta-private-cluster/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -395,9 +395,10 @@ resource "google_container_cluster" "primary" {
dynamic "dns_config" {
for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : []
content {
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
additive_vpc_scope_dns_domain = var.additive_vpc_scope_dns_domain
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
}
}

Expand Down
5 changes: 5 additions & 0 deletions modules/beta-private-cluster/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -710,6 +710,11 @@ variable "cluster_dns_domain" {
default = ""
}

variable "additive_vpc_scope_dns_domain" {
type = string
description = "(Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = `CLOUD_DNS` and cluster_dns_scope = `CLUSTER_SCOPE` must both be set as well."
default = ""
}
variable "gce_pd_csi_driver" {
type = bool
description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
Expand Down
1 change: 1 addition & 0 deletions modules/beta-public-cluster-update-variant/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,7 @@ Then perform the following commands on the root folder:
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additive\_vpc\_scope\_dns\_domain | (Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
Expand Down
7 changes: 4 additions & 3 deletions modules/beta-public-cluster-update-variant/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -395,9 +395,10 @@ resource "google_container_cluster" "primary" {
dynamic "dns_config" {
for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : []
content {
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
additive_vpc_scope_dns_domain = var.additive_vpc_scope_dns_domain
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
}
}

Expand Down
5 changes: 5 additions & 0 deletions modules/beta-public-cluster-update-variant/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -680,6 +680,11 @@ variable "cluster_dns_domain" {
default = ""
}

variable "additive_vpc_scope_dns_domain" {
type = string
description = "(Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = `CLOUD_DNS` and cluster_dns_scope = `CLUSTER_SCOPE` must both be set as well."
default = ""
}
variable "gce_pd_csi_driver" {
type = bool
description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
Expand Down
1 change: 1 addition & 0 deletions modules/beta-public-cluster/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,7 @@ Then perform the following commands on the root folder:
| add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| additive\_vpc\_scope\_dns\_domain | (Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no |
| boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
Expand Down
7 changes: 4 additions & 3 deletions modules/beta-public-cluster/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -395,9 +395,10 @@ resource "google_container_cluster" "primary" {
dynamic "dns_config" {
for_each = var.cluster_dns_provider == "CLOUD_DNS" ? [1] : []
content {
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
additive_vpc_scope_dns_domain = var.additive_vpc_scope_dns_domain
cluster_dns = var.cluster_dns_provider
cluster_dns_scope = var.cluster_dns_scope
cluster_dns_domain = var.cluster_dns_domain
}
}

Expand Down
5 changes: 5 additions & 0 deletions modules/beta-public-cluster/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -680,6 +680,11 @@ variable "cluster_dns_domain" {
default = ""
}

variable "additive_vpc_scope_dns_domain" {
type = string
description = "(Beta) This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster_dns = `CLOUD_DNS` and cluster_dns_scope = `CLUSTER_SCOPE` must both be set as well."
default = ""
}
variable "gce_pd_csi_driver" {
type = bool
description = "Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver."
Expand Down

0 comments on commit b54b7ba

Please sign in to comment.