diff --git a/README.md b/README.md
index 8668b49981..a623cca4df 100644
--- a/README.md
+++ b/README.md
@@ -137,7 +137,7 @@ Then perform the following commands on the root folder:
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
-| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
+| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
max_cpu_cores = number
min_memory_gb = number
min_cpu_cores = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
enable_secure_boot = optional(bool)
enable_integrity_monitoring = optional(bool)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no |
| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no |
diff --git a/cluster.tf b/cluster.tf
index 3f8c070a61..930b9a7776 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -113,6 +113,11 @@ resource "google_container_cluster" "primary" {
disk_size = lookup(var.cluster_autoscaling, "disk_size", 100)
disk_type = lookup(var.cluster_autoscaling, "disk_type", "pd-standard")
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.cluster_autoscaling, "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.cluster_autoscaling, "enable_integrity_monitoring", true)
+ }
+
}
}
dynamic "resource_limits" {
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
index ce955dc88a..20ecf4094d 100644
--- a/modules/beta-private-cluster-update-variant/README.md
+++ b/modules/beta-private-cluster-update-variant/README.md
@@ -171,7 +171,7 @@ Then perform the following commands on the root folder:
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
| cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no |
-| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
+| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
max_cpu_cores = number
min_memory_gb = number
min_cpu_cores = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
enable_secure_boot = optional(bool)
enable_integrity_monitoring = optional(bool)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no |
| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no |
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
index c07a41aa1c..5336a5c3c3 100644
--- a/modules/beta-private-cluster-update-variant/cluster.tf
+++ b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -125,6 +125,11 @@ resource "google_container_cluster" "primary" {
disk_size = lookup(var.cluster_autoscaling, "disk_size", 100)
disk_type = lookup(var.cluster_autoscaling, "disk_type", "pd-standard")
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.cluster_autoscaling, "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.cluster_autoscaling, "enable_integrity_monitoring", true)
+ }
+
min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "")
}
}
diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
index b4e79f3c33..33416e5046 100644
--- a/modules/beta-private-cluster-update-variant/variables.tf
+++ b/modules/beta-private-cluster-update-variant/variables.tf
@@ -233,30 +233,34 @@ variable "enable_resource_consumption_export" {
variable "cluster_autoscaling" {
type = object({
- enabled = bool
- autoscaling_profile = string
- min_cpu_cores = number
- max_cpu_cores = number
- min_memory_gb = number
- max_memory_gb = number
- gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
- auto_repair = bool
- auto_upgrade = bool
- disk_size = optional(number)
- disk_type = optional(string)
+ enabled = bool
+ autoscaling_profile = string
+ max_cpu_cores = number
+ min_memory_gb = number
+ min_cpu_cores = number
+ max_memory_gb = number
+ gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
+ auto_repair = bool
+ auto_upgrade = bool
+ disk_size = optional(number)
+ disk_type = optional(string)
+ enable_secure_boot = optional(bool)
+ enable_integrity_monitoring = optional(bool)
})
default = {
- enabled = false
- autoscaling_profile = "BALANCED"
- max_cpu_cores = 0
- min_cpu_cores = 0
- max_memory_gb = 0
- min_memory_gb = 0
- gpu_resources = []
- auto_repair = true
- auto_upgrade = true
- disk_size = 100
- disk_type = "pd-standard"
+ enabled = false
+ autoscaling_profile = "BALANCED"
+ max_cpu_cores = 0
+ min_cpu_cores = 0
+ max_memory_gb = 0
+ min_memory_gb = 0
+ gpu_resources = []
+ auto_repair = true
+ auto_upgrade = true
+ disk_size = 100
+ disk_type = "pd-standard"
+ enable_secure_boot = false
+ enable_integrity_monitoring = true
}
description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
}
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
index 5e6b8f4d70..fb1307c789 100644
--- a/modules/beta-private-cluster/README.md
+++ b/modules/beta-private-cluster/README.md
@@ -149,7 +149,7 @@ Then perform the following commands on the root folder:
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
| cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no |
-| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
+| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
max_cpu_cores = number
min_memory_gb = number
min_cpu_cores = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
enable_secure_boot = optional(bool)
enable_integrity_monitoring = optional(bool)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no |
| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no |
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
index 830e70a93e..4d37c9f7f0 100644
--- a/modules/beta-private-cluster/cluster.tf
+++ b/modules/beta-private-cluster/cluster.tf
@@ -125,6 +125,11 @@ resource "google_container_cluster" "primary" {
disk_size = lookup(var.cluster_autoscaling, "disk_size", 100)
disk_type = lookup(var.cluster_autoscaling, "disk_type", "pd-standard")
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.cluster_autoscaling, "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.cluster_autoscaling, "enable_integrity_monitoring", true)
+ }
+
min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "")
}
}
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
index b4e79f3c33..33416e5046 100644
--- a/modules/beta-private-cluster/variables.tf
+++ b/modules/beta-private-cluster/variables.tf
@@ -233,30 +233,34 @@ variable "enable_resource_consumption_export" {
variable "cluster_autoscaling" {
type = object({
- enabled = bool
- autoscaling_profile = string
- min_cpu_cores = number
- max_cpu_cores = number
- min_memory_gb = number
- max_memory_gb = number
- gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
- auto_repair = bool
- auto_upgrade = bool
- disk_size = optional(number)
- disk_type = optional(string)
+ enabled = bool
+ autoscaling_profile = string
+ max_cpu_cores = number
+ min_memory_gb = number
+ min_cpu_cores = number
+ max_memory_gb = number
+ gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
+ auto_repair = bool
+ auto_upgrade = bool
+ disk_size = optional(number)
+ disk_type = optional(string)
+ enable_secure_boot = optional(bool)
+ enable_integrity_monitoring = optional(bool)
})
default = {
- enabled = false
- autoscaling_profile = "BALANCED"
- max_cpu_cores = 0
- min_cpu_cores = 0
- max_memory_gb = 0
- min_memory_gb = 0
- gpu_resources = []
- auto_repair = true
- auto_upgrade = true
- disk_size = 100
- disk_type = "pd-standard"
+ enabled = false
+ autoscaling_profile = "BALANCED"
+ max_cpu_cores = 0
+ min_cpu_cores = 0
+ max_memory_gb = 0
+ min_memory_gb = 0
+ gpu_resources = []
+ auto_repair = true
+ auto_upgrade = true
+ disk_size = 100
+ disk_type = "pd-standard"
+ enable_secure_boot = false
+ enable_integrity_monitoring = true
}
description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
}
diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
index 1596ee9f62..df3f189010 100644
--- a/modules/beta-public-cluster-update-variant/README.md
+++ b/modules/beta-public-cluster-update-variant/README.md
@@ -165,7 +165,7 @@ Then perform the following commands on the root folder:
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
| cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no |
-| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
+| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
max_cpu_cores = number
min_memory_gb = number
min_cpu_cores = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
enable_secure_boot = optional(bool)
enable_integrity_monitoring = optional(bool)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no |
| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no |
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
index d0671e557f..a36c2007a7 100644
--- a/modules/beta-public-cluster-update-variant/cluster.tf
+++ b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -125,6 +125,11 @@ resource "google_container_cluster" "primary" {
disk_size = lookup(var.cluster_autoscaling, "disk_size", 100)
disk_type = lookup(var.cluster_autoscaling, "disk_type", "pd-standard")
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.cluster_autoscaling, "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.cluster_autoscaling, "enable_integrity_monitoring", true)
+ }
+
min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "")
}
}
diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf
index 653adb3516..27352e7df4 100644
--- a/modules/beta-public-cluster-update-variant/variables.tf
+++ b/modules/beta-public-cluster-update-variant/variables.tf
@@ -233,30 +233,34 @@ variable "enable_resource_consumption_export" {
variable "cluster_autoscaling" {
type = object({
- enabled = bool
- autoscaling_profile = string
- min_cpu_cores = number
- max_cpu_cores = number
- min_memory_gb = number
- max_memory_gb = number
- gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
- auto_repair = bool
- auto_upgrade = bool
- disk_size = optional(number)
- disk_type = optional(string)
+ enabled = bool
+ autoscaling_profile = string
+ max_cpu_cores = number
+ min_memory_gb = number
+ min_cpu_cores = number
+ max_memory_gb = number
+ gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
+ auto_repair = bool
+ auto_upgrade = bool
+ disk_size = optional(number)
+ disk_type = optional(string)
+ enable_secure_boot = optional(bool)
+ enable_integrity_monitoring = optional(bool)
})
default = {
- enabled = false
- autoscaling_profile = "BALANCED"
- max_cpu_cores = 0
- min_cpu_cores = 0
- max_memory_gb = 0
- min_memory_gb = 0
- gpu_resources = []
- auto_repair = true
- auto_upgrade = true
- disk_size = 100
- disk_type = "pd-standard"
+ enabled = false
+ autoscaling_profile = "BALANCED"
+ max_cpu_cores = 0
+ min_cpu_cores = 0
+ max_memory_gb = 0
+ min_memory_gb = 0
+ gpu_resources = []
+ auto_repair = true
+ auto_upgrade = true
+ disk_size = 100
+ disk_type = "pd-standard"
+ enable_secure_boot = false
+ enable_integrity_monitoring = true
}
description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
}
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
index ddd7dd4c76..25ec989814 100644
--- a/modules/beta-public-cluster/README.md
+++ b/modules/beta-public-cluster/README.md
@@ -143,7 +143,7 @@ Then perform the following commands on the root folder:
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
| cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no |
| cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no |
-| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
+| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
autoscaling_profile = string
max_cpu_cores = number
min_memory_gb = number
min_cpu_cores = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
enable_secure_boot = optional(bool)
enable_integrity_monitoring = optional(bool)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"autoscaling_profile": "BALANCED",
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no |
| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no |
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
index f757f769df..ec8bf644a5 100644
--- a/modules/beta-public-cluster/cluster.tf
+++ b/modules/beta-public-cluster/cluster.tf
@@ -125,6 +125,11 @@ resource "google_container_cluster" "primary" {
disk_size = lookup(var.cluster_autoscaling, "disk_size", 100)
disk_type = lookup(var.cluster_autoscaling, "disk_type", "pd-standard")
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.cluster_autoscaling, "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.cluster_autoscaling, "enable_integrity_monitoring", true)
+ }
+
min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "")
}
}
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
index 653adb3516..27352e7df4 100644
--- a/modules/beta-public-cluster/variables.tf
+++ b/modules/beta-public-cluster/variables.tf
@@ -233,30 +233,34 @@ variable "enable_resource_consumption_export" {
variable "cluster_autoscaling" {
type = object({
- enabled = bool
- autoscaling_profile = string
- min_cpu_cores = number
- max_cpu_cores = number
- min_memory_gb = number
- max_memory_gb = number
- gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
- auto_repair = bool
- auto_upgrade = bool
- disk_size = optional(number)
- disk_type = optional(string)
+ enabled = bool
+ autoscaling_profile = string
+ max_cpu_cores = number
+ min_memory_gb = number
+ min_cpu_cores = number
+ max_memory_gb = number
+ gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
+ auto_repair = bool
+ auto_upgrade = bool
+ disk_size = optional(number)
+ disk_type = optional(string)
+ enable_secure_boot = optional(bool)
+ enable_integrity_monitoring = optional(bool)
})
default = {
- enabled = false
- autoscaling_profile = "BALANCED"
- max_cpu_cores = 0
- min_cpu_cores = 0
- max_memory_gb = 0
- min_memory_gb = 0
- gpu_resources = []
- auto_repair = true
- auto_upgrade = true
- disk_size = 100
- disk_type = "pd-standard"
+ enabled = false
+ autoscaling_profile = "BALANCED"
+ max_cpu_cores = 0
+ min_cpu_cores = 0
+ max_memory_gb = 0
+ min_memory_gb = 0
+ gpu_resources = []
+ auto_repair = true
+ auto_upgrade = true
+ disk_size = 100
+ disk_type = "pd-standard"
+ enable_secure_boot = false
+ enable_integrity_monitoring = true
}
description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
}
diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md
index 608f8a120d..3e97abc388 100644
--- a/modules/private-cluster-update-variant/README.md
+++ b/modules/private-cluster-update-variant/README.md
@@ -165,7 +165,7 @@ Then perform the following commands on the root folder:
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
-| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
+| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
max_cpu_cores = number
min_memory_gb = number
min_cpu_cores = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
enable_secure_boot = optional(bool)
enable_integrity_monitoring = optional(bool)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no |
| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no |
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
index a6bbfa9b59..c0468ef816 100644
--- a/modules/private-cluster-update-variant/cluster.tf
+++ b/modules/private-cluster-update-variant/cluster.tf
@@ -113,6 +113,11 @@ resource "google_container_cluster" "primary" {
disk_size = lookup(var.cluster_autoscaling, "disk_size", 100)
disk_type = lookup(var.cluster_autoscaling, "disk_type", "pd-standard")
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.cluster_autoscaling, "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.cluster_autoscaling, "enable_integrity_monitoring", true)
+ }
+
}
}
dynamic "resource_limits" {
diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf
index c593f7b3ed..bd7c98458f 100644
--- a/modules/private-cluster-update-variant/variables.tf
+++ b/modules/private-cluster-update-variant/variables.tf
@@ -233,28 +233,32 @@ variable "enable_resource_consumption_export" {
variable "cluster_autoscaling" {
type = object({
- enabled = bool
- min_cpu_cores = number
- max_cpu_cores = number
- min_memory_gb = number
- max_memory_gb = number
- gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
- auto_repair = bool
- auto_upgrade = bool
- disk_size = optional(number)
- disk_type = optional(string)
+ enabled = bool
+ max_cpu_cores = number
+ min_memory_gb = number
+ min_cpu_cores = number
+ max_memory_gb = number
+ gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
+ auto_repair = bool
+ auto_upgrade = bool
+ disk_size = optional(number)
+ disk_type = optional(string)
+ enable_secure_boot = optional(bool)
+ enable_integrity_monitoring = optional(bool)
})
default = {
- enabled = false
- max_cpu_cores = 0
- min_cpu_cores = 0
- max_memory_gb = 0
- min_memory_gb = 0
- gpu_resources = []
- auto_repair = true
- auto_upgrade = true
- disk_size = 100
- disk_type = "pd-standard"
+ enabled = false
+ max_cpu_cores = 0
+ min_cpu_cores = 0
+ max_memory_gb = 0
+ min_memory_gb = 0
+ gpu_resources = []
+ auto_repair = true
+ auto_upgrade = true
+ disk_size = 100
+ disk_type = "pd-standard"
+ enable_secure_boot = false
+ enable_integrity_monitoring = true
}
description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
}
diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md
index cbc62c36dc..63c38fa81c 100644
--- a/modules/private-cluster/README.md
+++ b/modules/private-cluster/README.md
@@ -143,7 +143,7 @@ Then perform the following commands on the root folder:
| add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
| additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no |
-| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
min_cpu_cores = number
max_cpu_cores = number
min_memory_gb = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"disk_size": 100,
"disk_type": "pd-standard",
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
+| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | object({
enabled = bool
max_cpu_cores = number
min_memory_gb = number
min_cpu_cores = number
max_memory_gb = number
gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
auto_repair = bool
auto_upgrade = bool
disk_size = optional(number)
disk_type = optional(string)
enable_secure_boot = optional(bool)
enable_integrity_monitoring = optional(bool)
}) | {
"auto_repair": true,
"auto_upgrade": true,
"disk_size": 100,
"disk_type": "pd-standard",
"enable_integrity_monitoring": true,
"enable_secure_boot": false,
"enabled": false,
"gpu_resources": [],
"max_cpu_cores": 0,
"max_memory_gb": 0,
"min_cpu_cores": 0,
"min_memory_gb": 0
} | no |
| cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no |
| cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no |
| cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no |
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
index e8eefa20df..c325f1204a 100644
--- a/modules/private-cluster/cluster.tf
+++ b/modules/private-cluster/cluster.tf
@@ -113,6 +113,11 @@ resource "google_container_cluster" "primary" {
disk_size = lookup(var.cluster_autoscaling, "disk_size", 100)
disk_type = lookup(var.cluster_autoscaling, "disk_type", "pd-standard")
+ shielded_instance_config {
+ enable_secure_boot = lookup(var.cluster_autoscaling, "enable_secure_boot", false)
+ enable_integrity_monitoring = lookup(var.cluster_autoscaling, "enable_integrity_monitoring", true)
+ }
+
}
}
dynamic "resource_limits" {
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
index c593f7b3ed..bd7c98458f 100644
--- a/modules/private-cluster/variables.tf
+++ b/modules/private-cluster/variables.tf
@@ -233,28 +233,32 @@ variable "enable_resource_consumption_export" {
variable "cluster_autoscaling" {
type = object({
- enabled = bool
- min_cpu_cores = number
- max_cpu_cores = number
- min_memory_gb = number
- max_memory_gb = number
- gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
- auto_repair = bool
- auto_upgrade = bool
- disk_size = optional(number)
- disk_type = optional(string)
+ enabled = bool
+ max_cpu_cores = number
+ min_memory_gb = number
+ min_cpu_cores = number
+ max_memory_gb = number
+ gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
+ auto_repair = bool
+ auto_upgrade = bool
+ disk_size = optional(number)
+ disk_type = optional(string)
+ enable_secure_boot = optional(bool)
+ enable_integrity_monitoring = optional(bool)
})
default = {
- enabled = false
- max_cpu_cores = 0
- min_cpu_cores = 0
- max_memory_gb = 0
- min_memory_gb = 0
- gpu_resources = []
- auto_repair = true
- auto_upgrade = true
- disk_size = 100
- disk_type = "pd-standard"
+ enabled = false
+ max_cpu_cores = 0
+ min_cpu_cores = 0
+ max_memory_gb = 0
+ min_memory_gb = 0
+ gpu_resources = []
+ auto_repair = true
+ auto_upgrade = true
+ disk_size = 100
+ disk_type = "pd-standard"
+ enable_secure_boot = false
+ enable_integrity_monitoring = true
}
description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
}
diff --git a/variables.tf b/variables.tf
index a67db04b38..8f951eb46a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -233,28 +233,32 @@ variable "enable_resource_consumption_export" {
variable "cluster_autoscaling" {
type = object({
- enabled = bool
- min_cpu_cores = number
- max_cpu_cores = number
- min_memory_gb = number
- max_memory_gb = number
- gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
- auto_repair = bool
- auto_upgrade = bool
- disk_size = optional(number)
- disk_type = optional(string)
+ enabled = bool
+ max_cpu_cores = number
+ min_memory_gb = number
+ min_cpu_cores = number
+ max_memory_gb = number
+ gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
+ auto_repair = bool
+ auto_upgrade = bool
+ disk_size = optional(number)
+ disk_type = optional(string)
+ enable_secure_boot = optional(bool)
+ enable_integrity_monitoring = optional(bool)
})
default = {
- enabled = false
- max_cpu_cores = 0
- min_cpu_cores = 0
- max_memory_gb = 0
- min_memory_gb = 0
- gpu_resources = []
- auto_repair = true
- auto_upgrade = true
- disk_size = 100
- disk_type = "pd-standard"
+ enabled = false
+ max_cpu_cores = 0
+ min_cpu_cores = 0
+ max_memory_gb = 0
+ min_memory_gb = 0
+ gpu_resources = []
+ auto_repair = true
+ auto_upgrade = true
+ disk_size = 100
+ disk_type = "pd-standard"
+ enable_secure_boot = false
+ enable_integrity_monitoring = true
}
description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)"
}