diff --git a/CHANGELOG.md b/CHANGELOG.md index 4caa5f677b..794ab548e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,46 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 Extending the adopted spec, each change should have a link to its corresponding pull request appended. +## [35.0.0](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v34.0.0...v35.0.0) (2024-12-11) + + +### ⚠ BREAKING CHANGES + +* master_ipv4_cidr_block optional for private standard clusters ([#2186](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2186)) +* **TPG>=6.11:** add endpoint_dns ([#2180](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2180)) +* **update-variant:** allow updating disk_type, disk_size_gb, machine_type, enable_gcfs in place ([#2195](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2195)) +* **TPG>=6.8.0:** add KCP log params ([#2166](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2166)) +* **private-cluster:** use private endpoint ([#2189](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2189)) +* Change the default value of "monitoring_enable_managed_prometheus" var to null ([#2188](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2188)) +* **TPG>=6.5.0:** promote `enable_gcfs` to GA ([#2178](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2178)) +* **TPG>=6.7.0:** promote `secret_manager_config` to GA ([#2159](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2159)) +* **TPG>=6.5.0:** support gcp_filestore_csi_driver_config for autopilot ([#2126](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2126)) + +### Features + +* add logging_config and monitoring_config to autopilot modules ([#2155](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2155)) ([0ebdfda](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/0ebdfda69591a525018ee9c4a41b353bb2777fa6)) +* Change the default value of "monitoring_enable_managed_prometheus" var to null ([#2188](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2188)) ([31a1619](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/31a1619eb34ba3e78c800c48aaf77205fac8066a)) +* **deps:** Update Terraform Google Provider to >= 6.7.0, < 6.11.0 ([#2184](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2184)) ([d73e2e9](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/d73e2e9aa9073887b9a4e51c947321f51124c519)) +* master_ipv4_cidr_block optional for private standard clusters ([#2186](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2186)) ([e0ea8e7](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/e0ea8e7d9f60b178e4f2e4537690924cc470957c)) +* Node pools can enable fast_socket ([#2200](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2200)) ([f23d52f](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/f23d52f0847fb48a25572eaabedd2945ee942f41)) +* promote additive_vpc_scope_dns_domain to GA ([#2194](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2194)) ([43d1c56](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/43d1c566c30cc8a799540a5be412362e6dea0aa9)) +* **TPG>=6.11:** add endpoint_dns ([#2180](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2180)) ([1f85f66](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/1f85f66544051d8cdb0196ce90af11fcefdc8789)) +* **TPG>=6.5.0:** promote `enable_gcfs` to GA ([#2178](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2178)) ([eb9b0be](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/eb9b0bec0cc116e7dd6c45c11855e9f65bd9334a)) +* **TPG>=6.5.0:** support gcp_filestore_csi_driver_config for autopilot ([#2126](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2126)) ([e3f016e](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/e3f016e77ba4c6bc82f8eaf4e10686305d049422)) +* **TPG>=6.7.0:** promote `secret_manager_config` to GA ([#2159](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2159)) ([7931bf4](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/7931bf4d7941555a6d9d881c0c5654adf3fd0c24)) +* **TPG>=6.8.0:** add KCP log params ([#2166](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2166)) ([9a1f4ea](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/9a1f4eafe3abffcb89b68916a881d40b5175e57b)) +* **update-variant:** allow updating disk_type, disk_size_gb, machine_type, enable_gcfs in place ([#2195](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2195)) ([276cbdb](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/276cbdb78161e39284c4f2015b2a9964b0fb80c3)) + + +### Bug Fixes + +* enable TPG v6.11+ ([#2197](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2197)) ([e9ab0df](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/e9ab0df39601ef6cf36d8324469037b6ecf2a67d)) +* limit TPG < 6.10 ([#2183](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2183)) ([3122b9d](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/3122b9d6ef65923afa3e14eb9312099b5f5efdd5)) +* node pool options cannot be set to false ([#2187](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2187)) ([752db66](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/752db669e02796d1bd7195d8af5c33e0cac55c8e)) +* **private-cluster:** use private endpoint ([#2189](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2189)) ([4b155cd](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/4b155cd90f0d2c391f6e387c46214d5bafd891fa)) +* standardize to >= TF v1.3 ([#2202](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2202)) ([a99aec2](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/a99aec272418a034e191d60f801d17bd008a3f55)) +* **TPG>=5.12.0:** Bump for [#2142](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2142) ([#2141](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2141)) ([#2170](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/2170)) ([52f8bea](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/52f8beacd2b88e60ae8fde207c4dd4b6ced4014a)) + ## [34.0.0](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v33.1.0...v34.0.0) (2024-10-30) diff --git a/Makefile b/Makefile index d7e7e3bd72..10aa380ad9 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ # Make will use bash instead of sh SHELL := /usr/bin/env bash -DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.22 +DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.23 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools REGISTRY_URL := gcr.io/cloud-foundation-cicd DOCKER_BIN ?= docker diff --git a/README.md b/README.md index 43b77ca60e..ea612e0a92 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ Sub modules are provided for creating private clusters, beta private clusters, a ## Compatibility -This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.10+. If you find incompatibilities using Terraform `>=1.3`, please open an issue. If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform @@ -317,6 +317,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_fast_socket | Enable the NCCL Fast Socket feature. `enable_gvnic` must also be enabled. | null | Optional | | enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_gvnic | gVNIC (GVE) is an alternative to the virtIO-based ethernet driver. Needs a Container-Optimized OS node image. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | @@ -390,7 +391,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP][terraform-provider-google] v5.9+ +- [Terraform Provider for GCP][terraform-provider-google] v6.11+ #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information. diff --git a/autogen/main/README.md b/autogen/main/README.md index 9ccbf7736d..79e152c294 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -42,7 +42,7 @@ The implications of this are that: {% endif %} ## Compatibility -This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.10+. If you find incompatibilities using Terraform `>=1.3`, please open an issue. If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform @@ -85,7 +85,6 @@ module "gke" { {% if private_cluster %} enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" {% endif %} {% if beta_cluster and autopilot_cluster != true %} istio = true @@ -205,6 +204,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_fast_socket | Enable the NCCL Fast Socket feature. `enable_gvnic` must also be enabled. | null | Optional | | enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_gvnic | gVNIC (GVE) is an alternative to the virtIO-based ethernet driver. Needs a Container-Optimized OS node image. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | @@ -288,9 +288,9 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ {% if beta_cluster %} -- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5.9+ +- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+ {% else %} -- [Terraform Provider for GCP][terraform-provider-google] v5.9+ +- [Terraform Provider for GCP][terraform-provider-google] v6.11+ {% endif %} #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 880e68ca63..4a0933305d 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -537,6 +537,13 @@ resource "google_container_cluster" "primary" { } } + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } + dynamic "kubelet_config" { for_each = length(setintersection( keys(var.node_pools[0]), @@ -930,6 +937,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "fast_socket" { + for_each = lookup(each.value, "enable_fast_socket", null) != null ? [each.value.enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } dynamic "reservation_affinity" { for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : [] content { diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index ef4844a028..cc4a14817b 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -146,7 +146,7 @@ locals { {% if private_cluster %} cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block {% else %} cluster_endpoint = google_container_cluster.primary.endpoint cluster_endpoint_for_nodes = "${google_container_cluster.primary.endpoint}/32" diff --git a/autogen/main/outputs.tf.tmpl b/autogen/main/outputs.tf.tmpl index aacaebddbc..86ae7d6210 100644 --- a/autogen/main/outputs.tf.tmpl +++ b/autogen/main/outputs.tf.tmpl @@ -207,7 +207,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index e133923c56..704915adf8 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -495,12 +495,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - {% if autopilot_cluster == true%} + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." default = null - {% else %} - default = "10.0.0.0/28" - {% endif %} } variable "private_endpoint_subnetwork" { diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index 4271074fe6..9bf43a11f9 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -63,6 +63,6 @@ terraform { } } provider_meta "{% if beta_cluster %}google-beta{% else %}google{% endif %}" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v35.0.0" } } diff --git a/autogen/safer-cluster/versions.tf.tmpl b/autogen/safer-cluster/versions.tf.tmpl index 10bfc954ef..344879275c 100644 --- a/autogen/safer-cluster/versions.tf.tmpl +++ b/autogen/safer-cluster/versions.tf.tmpl @@ -23,6 +23,6 @@ terraform { required_version = ">=1.3" provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v35.0.0" } } diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index 8a22a3dbeb..ce23f00b96 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -476,6 +476,6 @@ tags: - 'integration' substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' - _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.22' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.23' options: machineType: 'N1_HIGHCPU_8' diff --git a/cluster.tf b/cluster.tf index 51ceb2f44c..9d85632888 100644 --- a/cluster.tf +++ b/cluster.tf @@ -418,6 +418,13 @@ resource "google_container_cluster" "primary" { } } + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } + dynamic "kubelet_config" { for_each = length(setintersection( keys(var.node_pools[0]), @@ -641,6 +648,12 @@ resource "google_container_node_pool" "pools" { enabled = gvnic.value } } + dynamic "fast_socket" { + for_each = lookup(each.value, "enable_fast_socket", null) != null ? [each.value.enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } dynamic "reservation_affinity" { for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : [] content { @@ -932,6 +945,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "fast_socket" { + for_each = lookup(each.value, "enable_fast_socket", null) != null ? [each.value.enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } dynamic "reservation_affinity" { for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : [] content { diff --git a/docs/upgrading_to_v35.0.md b/docs/upgrading_to_v35.0.md index bd55288bb4..8c99dbc7c6 100644 --- a/docs/upgrading_to_v35.0.md +++ b/docs/upgrading_to_v35.0.md @@ -7,7 +7,7 @@ The Terraform Kubernetes Engine Module now requires version 6 of the Google Clou ### Private Cluster Sub-Modules Endpoint Output The private cluster sub-modules now return the cluster's private endpoint for the `endpoint` output when the `enable_private_endpoint` argument is `true`, regardless of the `deploy_using_private_endpoint` argument value. -## Update variant random ID keepers updated +### Update variant random ID keepers updated The v35.0 release updates the keepers for the update variant modules. This will force a recreation of the nodepools. @@ -50,3 +50,18 @@ To avoid this, it is possible to edit the remote state of the `random_id` resour 1. Bump the serial number at the top 2. Push the modified state to the remote `terraform state push default.tfstate` 3. Confirm the `random_id` resource(s) no longer changes (or the corresponding `nodepool`) in a `terraform plan` + +### master_ipv4_cidr_block default value +The default value for `master_ipv4_cidr_block` on private standard clusters has been changed from `"10.0.0.0/28"` to `null`. To maintain the previous default behavior, set `master_ipv4_cidr_block` to `"10.0.0.0/28"`. + +``` + module "gke" { + source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" + version = "~> 35.0" + + project_id = var.project_id + name = var.cluster_name + ++ master_ipv4_cidr_block = "10.0.0.0/28" + } +``` diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf index 6271b289a3..a868658f6e 100644 --- a/examples/deploy_service/main.tf +++ b/examples/deploy_service/main.tf @@ -55,7 +55,7 @@ resource "kubernetes_pod" "nginx-example" { spec { container { - image = "nginx:1.27.2" + image = "nginx:1.27.3" name = "nginx-example" } } diff --git a/examples/simple_regional_private/main.tf b/examples/simple_regional_private/main.tf index 3483a1ec87..0f703bfafe 100644 --- a/examples/simple_regional_private/main.tf +++ b/examples/simple_regional_private/main.tf @@ -49,7 +49,6 @@ module "gke" { enable_private_endpoint = true enable_private_nodes = true enable_secret_manager_addon = true - master_ipv4_cidr_block = "172.16.0.0/28" default_max_pods_per_node = 20 remove_default_node_pool = true deletion_protection = false diff --git a/modules/acm/versions.tf b/modules/acm/versions.tf index 66b512bb3b..4aafe0b30a 100644 --- a/modules/acm/versions.tf +++ b/modules/acm/versions.tf @@ -16,14 +16,14 @@ */ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.3" provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v35.0.0" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v35.0.0" } required_providers { diff --git a/modules/asm/versions.tf b/modules/asm/versions.tf index 1227961368..100665a2e1 100644 --- a/modules/asm/versions.tf +++ b/modules/asm/versions.tf @@ -16,7 +16,7 @@ */ terraform { - required_version = ">= 1.1" + required_version = ">= 1.3" required_providers { kubernetes = { @@ -36,10 +36,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v35.0.0" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v35.0.0" } } diff --git a/modules/auth/versions.tf b/modules/auth/versions.tf index a1a3c2543b..becf12dcda 100644 --- a/modules/auth/versions.tf +++ b/modules/auth/versions.tf @@ -16,7 +16,7 @@ */ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.3" required_providers { google = { source = "hashicorp/google" @@ -26,6 +26,6 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:auth/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:auth/v35.0.0" } } diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index a875dfbfd3..888c450654 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -15,7 +15,7 @@ For details on configuring private clusters with this module, check the [trouble ## Compatibility -This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.10+. If you find incompatibilities using Terraform `>=1.3`, please open an issue. If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform @@ -53,7 +53,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" dns_cache = false } @@ -129,7 +128,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `null` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER\_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR and DCGM. In beta provider, WORKLOADS is supported on top of those 12 values. (WORKLOADS is deprecated and removed in GKE 1.24.) KUBELET and CADVISOR are only supported in GKE 1.29.3-gke.1093000 and above. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | @@ -217,7 +216,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5.9+ +- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+ #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information. diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf index b4a08b336f..e2bd8547a3 100644 --- a/modules/beta-autopilot-private-cluster/main.tf +++ b/modules/beta-autopilot-private-cluster/main.tf @@ -79,7 +79,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/beta-autopilot-private-cluster/outputs.tf b/modules/beta-autopilot-private-cluster/outputs.tf index aa72f43460..d3e170f087 100644 --- a/modules/beta-autopilot-private-cluster/outputs.tf +++ b/modules/beta-autopilot-private-cluster/outputs.tf @@ -165,7 +165,7 @@ output "tpu_ipv4_cidr_block" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 628b1e89c7..813d42b716 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -279,7 +279,7 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." default = null } diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index 4a1b48e6e8..40276d063a 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-private-cluster/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-private-cluster/v35.0.0" } } diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 4022334b45..729039e281 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -12,7 +12,7 @@ Sub modules are provided for creating private clusters, beta private clusters, a ## Compatibility -This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.10+. If you find incompatibilities using Terraform `>=1.3`, please open an issue. If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform @@ -203,7 +203,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5.9+ +- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+ #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information. diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index e2563e96a5..903c390f6c 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-public-cluster/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-public-cluster/v35.0.0" } } diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index fc76c4c903..45d57d1651 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -37,7 +37,7 @@ The implications of this are that: ## Compatibility -This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.10+. If you find incompatibilities using Terraform `>=1.3`, please open an issue. If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform @@ -77,7 +77,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" istio = true cloudrun = true dns_cache = false @@ -251,7 +250,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | @@ -371,6 +370,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_fast_socket | Enable the NCCL Fast Socket feature. `enable_gvnic` must also be enabled. | null | Optional | | enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_gvnic | gVNIC (GVE) is an alternative to the virtIO-based ethernet driver. Needs a Container-Optimized OS node image. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | @@ -445,7 +445,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5.9+ +- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+ #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information. diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index f810a5e56f..e921f9fb8f 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -456,6 +456,13 @@ resource "google_container_cluster" "primary" { } } + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } + dynamic "kubelet_config" { for_each = length(setintersection( keys(var.node_pools[0]), @@ -799,6 +806,12 @@ resource "google_container_node_pool" "pools" { enabled = gvnic.value } } + dynamic "fast_socket" { + for_each = lookup(each.value, "enable_fast_socket", null) != null ? [each.value.enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } dynamic "reservation_affinity" { for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : [] content { @@ -1104,6 +1117,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "fast_socket" { + for_each = lookup(each.value, "enable_fast_socket", null) != null ? [each.value.enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } dynamic "reservation_affinity" { for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : [] content { diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index 5f0e25240a..c573681b7b 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -123,7 +123,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/beta-private-cluster-update-variant/outputs.tf b/modules/beta-private-cluster-update-variant/outputs.tf index 47b662f8af..78116b90a5 100644 --- a/modules/beta-private-cluster-update-variant/outputs.tf +++ b/modules/beta-private-cluster-update-variant/outputs.tf @@ -192,7 +192,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index eb66aa8471..8c2e2de46c 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -480,8 +480,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" { diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index 25cd3dc93a..adecc3cf56 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster-update-variant/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster-update-variant/v35.0.0" } } diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 8fbf18847d..30e38fb25f 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -15,7 +15,7 @@ For details on configuring private clusters with this module, check the [trouble ## Compatibility -This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.10+. If you find incompatibilities using Terraform `>=1.3`, please open an issue. If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform @@ -55,7 +55,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" istio = true cloudrun = true dns_cache = false @@ -229,7 +228,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | @@ -349,6 +348,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_fast_socket | Enable the NCCL Fast Socket feature. `enable_gvnic` must also be enabled. | null | Optional | | enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_gvnic | gVNIC (GVE) is an alternative to the virtIO-based ethernet driver. Needs a Container-Optimized OS node image. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | @@ -423,7 +423,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5.9+ +- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+ #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information. diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 4f9c200a75..fc4653e773 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -456,6 +456,13 @@ resource "google_container_cluster" "primary" { } } + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } + dynamic "kubelet_config" { for_each = length(setintersection( keys(var.node_pools[0]), @@ -718,6 +725,12 @@ resource "google_container_node_pool" "pools" { enabled = gvnic.value } } + dynamic "fast_socket" { + for_each = lookup(each.value, "enable_fast_socket", null) != null ? [each.value.enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } dynamic "reservation_affinity" { for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : [] content { @@ -1022,6 +1035,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "fast_socket" { + for_each = lookup(each.value, "enable_fast_socket", null) != null ? [each.value.enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } dynamic "reservation_affinity" { for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : [] content { diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 5f0e25240a..c573681b7b 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -123,7 +123,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/beta-private-cluster/outputs.tf b/modules/beta-private-cluster/outputs.tf index 47b662f8af..78116b90a5 100644 --- a/modules/beta-private-cluster/outputs.tf +++ b/modules/beta-private-cluster/outputs.tf @@ -192,7 +192,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index eb66aa8471..8c2e2de46c 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -480,8 +480,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" { diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 70bca18355..b1db745c32 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster/v35.0.0" } } diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 15b039f123..abdc91ce57 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -34,7 +34,7 @@ The implications of this are that: ## Compatibility -This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.10+. If you find incompatibilities using Terraform `>=1.3`, please open an issue. If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform @@ -357,6 +357,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_fast_socket | Enable the NCCL Fast Socket feature. `enable_gvnic` must also be enabled. | null | Optional | | enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_gvnic | gVNIC (GVE) is an alternative to the virtIO-based ethernet driver. Needs a Container-Optimized OS node image. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | @@ -432,7 +433,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5.9+ +- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+ #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information. diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 078ebed8a2..b170209e5d 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -456,6 +456,13 @@ resource "google_container_cluster" "primary" { } } + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } + dynamic "kubelet_config" { for_each = length(setintersection( keys(var.node_pools[0]), @@ -769,6 +776,12 @@ resource "google_container_node_pool" "pools" { enabled = gvnic.value } } + dynamic "fast_socket" { + for_each = lookup(each.value, "enable_fast_socket", null) != null ? [each.value.enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } dynamic "reservation_affinity" { for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : [] content { @@ -1074,6 +1087,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "fast_socket" { + for_each = lookup(each.value, "enable_fast_socket", null) != null ? [each.value.enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } dynamic "reservation_affinity" { for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : [] content { diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index 62df9c371b..69e0b48cb4 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster-update-variant/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster-update-variant/v35.0.0" } } diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 29bb2dde89..2b2789a5ce 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -12,7 +12,7 @@ Sub modules are provided for creating private clusters, beta private clusters, a ## Compatibility -This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.10+. If you find incompatibilities using Terraform `>=1.3`, please open an issue. If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform @@ -335,6 +335,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_fast_socket | Enable the NCCL Fast Socket feature. `enable_gvnic` must also be enabled. | null | Optional | | enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_gvnic | gVNIC (GVE) is an alternative to the virtIO-based ethernet driver. Needs a Container-Optimized OS node image. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | @@ -410,7 +411,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v5.9+ +- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+ #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information. diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 0e2a1bdc86..e64a1efd5b 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -456,6 +456,13 @@ resource "google_container_cluster" "primary" { } } + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } + dynamic "kubelet_config" { for_each = length(setintersection( keys(var.node_pools[0]), @@ -688,6 +695,12 @@ resource "google_container_node_pool" "pools" { enabled = gvnic.value } } + dynamic "fast_socket" { + for_each = lookup(each.value, "enable_fast_socket", null) != null ? [each.value.enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } dynamic "reservation_affinity" { for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : [] content { @@ -992,6 +1005,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "fast_socket" { + for_each = lookup(each.value, "enable_fast_socket", null) != null ? [each.value.enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } dynamic "reservation_affinity" { for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : [] content { diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index 833e76cade..ae1fced3b3 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster/v35.0.0" } } diff --git a/modules/binary-authorization/versions.tf b/modules/binary-authorization/versions.tf index 8f1d801565..578c0e6355 100644 --- a/modules/binary-authorization/versions.tf +++ b/modules/binary-authorization/versions.tf @@ -16,7 +16,7 @@ */ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.3" required_providers { google = { source = "hashicorp/google" @@ -28,6 +28,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:binary-authorization/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:binary-authorization/v35.0.0" } } diff --git a/modules/fleet-app-operator-permissions/versions.tf b/modules/fleet-app-operator-permissions/versions.tf index 92243370a9..3eae5ec177 100644 --- a/modules/fleet-app-operator-permissions/versions.tf +++ b/modules/fleet-app-operator-permissions/versions.tf @@ -15,7 +15,7 @@ */ terraform { - required_version = ">= 1.2.0" + required_version = ">= 1.3.0" required_providers { google = { @@ -33,7 +33,7 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:fleet-app-operator-permissions/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:fleet-app-operator-permissions/v35.0.0" } } diff --git a/modules/fleet-membership/versions.tf b/modules/fleet-membership/versions.tf index 9dfff21d28..b041e733ca 100644 --- a/modules/fleet-membership/versions.tf +++ b/modules/fleet-membership/versions.tf @@ -16,7 +16,7 @@ */ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.3" required_providers { google = { @@ -30,6 +30,6 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v35.0.0" } } diff --git a/modules/hub-legacy/versions.tf b/modules/hub-legacy/versions.tf index 95e3c8a6a5..0f0e26f7fc 100644 --- a/modules/hub-legacy/versions.tf +++ b/modules/hub-legacy/versions.tf @@ -16,7 +16,7 @@ */ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.3" required_providers { google = { source = "hashicorp/google" @@ -28,6 +28,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v35.0.0" } } diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 8710b871cf..7a2b611385 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -37,7 +37,7 @@ The implications of this are that: ## Compatibility -This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.10+. If you find incompatibilities using Terraform `>=1.3`, please open an issue. If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform @@ -77,7 +77,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" dns_cache = false node_pools = [ @@ -239,7 +238,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | @@ -353,6 +352,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_fast_socket | Enable the NCCL Fast Socket feature. `enable_gvnic` must also be enabled. | null | Optional | | enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_gvnic | gVNIC (GVE) is an alternative to the virtIO-based ethernet driver. Needs a Container-Optimized OS node image. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | @@ -425,7 +425,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP][terraform-provider-google] v5.9+ +- [Terraform Provider for GCP][terraform-provider-google] v6.11+ #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information. diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 1dab8ad096..53a3dc7a7d 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -418,6 +418,13 @@ resource "google_container_cluster" "primary" { } } + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } + dynamic "kubelet_config" { for_each = length(setintersection( keys(var.node_pools[0]), @@ -751,6 +758,12 @@ resource "google_container_node_pool" "pools" { enabled = gvnic.value } } + dynamic "fast_socket" { + for_each = lookup(each.value, "enable_fast_socket", null) != null ? [each.value.enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } dynamic "reservation_affinity" { for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : [] content { @@ -1043,6 +1056,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "fast_socket" { + for_each = lookup(each.value, "enable_fast_socket", null) != null ? [each.value.enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } dynamic "reservation_affinity" { for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : [] content { diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index 44ec74167a..dac248be86 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -111,7 +111,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/private-cluster-update-variant/outputs.tf b/modules/private-cluster-update-variant/outputs.tf index acb3c9da48..48f8afb79a 100644 --- a/modules/private-cluster-update-variant/outputs.tf +++ b/modules/private-cluster-update-variant/outputs.tf @@ -192,7 +192,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 11f0474b8c..769a67bb4f 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -474,8 +474,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" { diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index 0f8dc2f2ac..9511d00e34 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -33,6 +33,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster-update-variant/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster-update-variant/v35.0.0" } } diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 1fb8f3c332..49d64bad5f 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -15,7 +15,7 @@ For details on configuring private clusters with this module, check the [trouble ## Compatibility -This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.10+. If you find incompatibilities using Terraform `>=1.3`, please open an issue. If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform @@ -55,7 +55,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" dns_cache = false node_pools = [ @@ -217,7 +216,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | @@ -331,6 +330,7 @@ The node_pools variable takes the following parameters: | disk_size_gb | Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB | 100 | Optional | | disk_type | Type of the disk attached to each node (e.g. 'pd-standard' or 'pd-ssd') | pd-standard | Optional | | effect | Effect for the taint | | Required | +| enable_fast_socket | Enable the NCCL Fast Socket feature. `enable_gvnic` must also be enabled. | null | Optional | | enable_gcfs | Google Container File System (gcfs) has to be enabled for image streaming to be active. Needs image_type to be set to COS_CONTAINERD. | false | Optional | | enable_gvnic | gVNIC (GVE) is an alternative to the virtIO-based ethernet driver. Needs a Container-Optimized OS node image. | false | Optional | | enable_integrity_monitoring | Enables monitoring and attestation of the boot integrity of the instance. The attestation is performed against the integrity policy baseline. This baseline is initially derived from the implicitly trusted boot image when the instance is created. | true | Optional | @@ -403,7 +403,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP][terraform-provider-google] v5.9+ +- [Terraform Provider for GCP][terraform-provider-google] v6.11+ #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information. diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 2648648f23..486d16ab07 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -418,6 +418,13 @@ resource "google_container_cluster" "primary" { } } + dynamic "fast_socket" { + for_each = lookup(var.node_pools[0], "enable_fast_socket", null) != null ? [var.node_pools[0].enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } + dynamic "kubelet_config" { for_each = length(setintersection( keys(var.node_pools[0]), @@ -671,6 +678,12 @@ resource "google_container_node_pool" "pools" { enabled = gvnic.value } } + dynamic "fast_socket" { + for_each = lookup(each.value, "enable_fast_socket", null) != null ? [each.value.enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } dynamic "reservation_affinity" { for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : [] content { @@ -962,6 +975,12 @@ resource "google_container_node_pool" "windows_pools" { enabled = gvnic.value } } + dynamic "fast_socket" { + for_each = lookup(each.value, "enable_fast_socket", null) != null ? [each.value.enable_fast_socket] : [] + content { + enabled = fast_socket.value + } + } dynamic "reservation_affinity" { for_each = lookup(each.value, "queued_provisioning", false) || lookup(each.value, "consume_reservation_type", "") != "" ? [each.value] : [] content { diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index 44ec74167a..dac248be86 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -111,7 +111,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/private-cluster/outputs.tf b/modules/private-cluster/outputs.tf index acb3c9da48..48f8afb79a 100644 --- a/modules/private-cluster/outputs.tf +++ b/modules/private-cluster/outputs.tf @@ -192,7 +192,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 11f0474b8c..769a67bb4f 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -474,8 +474,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" { diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index 40a85a8f8f..c2e348a6f3 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -33,6 +33,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster/v35.0.0" } } diff --git a/modules/safer-cluster-update-variant/versions.tf b/modules/safer-cluster-update-variant/versions.tf index 14c48578d0..0f23acb369 100644 --- a/modules/safer-cluster-update-variant/versions.tf +++ b/modules/safer-cluster-update-variant/versions.tf @@ -21,6 +21,6 @@ terraform { required_version = ">=1.3" provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster-update-variant/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster-update-variant/v35.0.0" } } diff --git a/modules/safer-cluster/versions.tf b/modules/safer-cluster/versions.tf index 52eebd8aad..483e67fe98 100644 --- a/modules/safer-cluster/versions.tf +++ b/modules/safer-cluster/versions.tf @@ -21,6 +21,6 @@ terraform { required_version = ">=1.3" provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster/v35.0.0" } } diff --git a/modules/services/versions.tf b/modules/services/versions.tf index 21f0d2d161..04e9138fff 100644 --- a/modules/services/versions.tf +++ b/modules/services/versions.tf @@ -16,9 +16,9 @@ */ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.3" provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:services/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:services/v35.0.0" } } diff --git a/modules/workload-identity/versions.tf b/modules/workload-identity/versions.tf index c02df4fe15..86415c8fed 100644 --- a/modules/workload-identity/versions.tf +++ b/modules/workload-identity/versions.tf @@ -16,7 +16,7 @@ */ terraform { - required_version = ">= 0.13.0" + required_version = ">= 1.3" required_providers { google = { @@ -30,6 +30,6 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:workload-identity/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:workload-identity/v35.0.0" } } diff --git a/test/fixtures/safer_cluster_iap_bastion/version.tf b/test/fixtures/safer_cluster_iap_bastion/version.tf deleted file mode 100644 index 46c8c86f1d..0000000000 --- a/test/fixtures/safer_cluster_iap_bastion/version.tf +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Copyright 2023 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -terraform { - required_version = ">= 0.13.0" - required_providers { - google = { - source = "hashicorp/google" - version = ">= 4.51.0" - } - } -} diff --git a/test/integration/go.mod b/test/integration/go.mod index dd87f81c69..a9956b14de 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -2,14 +2,13 @@ module github.com/terraform-google-modules/terraform-google-kubernetes-engine/te go 1.22.7 -toolchain go1.22.9 +toolchain go1.23.4 require ( github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.17.0 github.com/gruntwork-io/terratest v0.47.2 github.com/hashicorp/terraform-json v0.23.0 github.com/stretchr/testify v1.10.0 - github.com/tidwall/gjson v1.18.0 ) require ( @@ -72,6 +71,7 @@ require ( github.com/pquerna/otp v1.4.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect + github.com/tidwall/gjson v1.18.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect github.com/tidwall/sjson v1.2.5 // indirect diff --git a/versions.tf b/versions.tf index ad3255bd50..95c1ad3109 100644 --- a/versions.tf +++ b/versions.tf @@ -33,6 +33,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine/v34.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine/v35.0.0" } }