feat(TPG>=6.14)!: promote enable_fqdn_network_policy to GA (#2225)

Signed-off-by: drfaust92 <[email protected]>

README.md

@@ -167,6 +167,7 @@ Then perform the following commands on the root folder:
 | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no |
 | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no |
 | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no |
+| enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no |
 | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no |
 | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
 | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no |
@@ -391,7 +392,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP][terraform-provider-google] v6.11+
+- [Terraform Provider for GCP][terraform-provider-google] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.

autogen/main/README.md

@@ -288,9 +288,9 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
 {% if beta_cluster %}
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.14+
 {% else %}
-- [Terraform Provider for GCP][terraform-provider-google] v6.11+
+- [Terraform Provider for GCP][terraform-provider-google] v6.14+
 {% endif %}
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.

autogen/main/cluster.tf.tmpl

@@ -259,9 +259,7 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-{% if beta_cluster %}
   enable_fqdn_network_policy = var.enable_fqdn_network_policy
-{% endif %}
 {% if autopilot_cluster %}
   enable_autopilot = true
 {% endif %}

autogen/main/variables.tf.tmpl

@@ -639,13 +639,13 @@ variable "workload_config_audit_mode" {
   type        = string
   default     = "DISABLED"
 }
+{% endif %}
 
 variable "enable_fqdn_network_policy" {
   type        = bool
   description = "Enable FQDN Network Policies on the cluster"
   default     = null
 }
-{% endif %}
 
 variable "enable_cilium_clusterwide_network_policy" {
   type          = bool

autogen/main/versions.tf.tmpl

@@ -24,33 +24,33 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
 {% elif beta_cluster and autopilot_cluster %}
   required_providers {
     google = {
       source = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
 {% elif autopilot_cluster  %}
   required_providers {
     google = {
       source = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
 {% else %}
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
 {% endif %}
     kubernetes = {

cluster.tf

@@ -199,6 +199,7 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  enable_fqdn_network_policy = var.enable_fqdn_network_policy
   dynamic "master_authorized_networks_config" {
     for_each = var.gcp_public_cidrs_access_enabled != null || length(var.master_authorized_networks) > 0 ? [true] : []
     content {

modules/beta-autopilot-private-cluster/README.md

@@ -216,7 +216,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.

modules/beta-autopilot-private-cluster/versions.tf

@@ -21,11 +21,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

modules/beta-autopilot-public-cluster/README.md

@@ -203,7 +203,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.

modules/beta-autopilot-public-cluster/versions.tf

@@ -21,11 +21,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

modules/beta-private-cluster-update-variant/README.md

@@ -445,7 +445,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.

modules/beta-private-cluster-update-variant/versions.tf

@@ -21,11 +21,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

modules/beta-private-cluster/README.md

@@ -423,7 +423,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.

modules/beta-private-cluster/versions.tf

@@ -21,11 +21,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

modules/beta-public-cluster-update-variant/README.md

@@ -433,7 +433,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.

modules/beta-public-cluster-update-variant/versions.tf

@@ -21,11 +21,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

modules/beta-public-cluster/README.md

@@ -411,7 +411,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.11+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.

modules/beta-public-cluster/versions.tf

@@ -21,11 +21,11 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

modules/private-cluster-update-variant/README.md

@@ -195,6 +195,7 @@ Then perform the following commands on the root folder:
 | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no |
 | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no |
 | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no |
+| enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no |
 | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no |
 | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
 | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no |
@@ -425,7 +426,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP][terraform-provider-google] v6.11+
+- [Terraform Provider for GCP][terraform-provider-google] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.

modules/private-cluster-update-variant/cluster.tf

@@ -199,6 +199,7 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  enable_fqdn_network_policy = var.enable_fqdn_network_policy
   dynamic "master_authorized_networks_config" {
     for_each = var.enable_private_endpoint || var.gcp_public_cidrs_access_enabled != null || length(var.master_authorized_networks) > 0 ? [true] : []
     content {

modules/private-cluster-update-variant/variables.tf

@@ -594,6 +594,12 @@ variable "enable_secret_manager_addon" {
   default     = false
 }
 
+variable "enable_fqdn_network_policy" {
+  type        = bool
+  description = "Enable FQDN Network Policies on the cluster"
+  default     = null
+}
+
 variable "enable_cilium_clusterwide_network_policy" {
   type        = bool
   description = "Enable Cilium Cluster Wide Network Policies on the cluster"

modules/private-cluster-update-variant/versions.tf

@@ -21,7 +21,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

modules/private-cluster/README.md

@@ -173,6 +173,7 @@ Then perform the following commands on the root folder:
 | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no |
 | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no |
 | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no |
+| enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no |
 | enable\_gcfs | Enable image streaming on cluster level. | `bool` | `false` | no |
 | enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
 | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no |
@@ -403,7 +404,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP][terraform-provider-google] v6.11+
+- [Terraform Provider for GCP][terraform-provider-google] v6.14+
 #### gcloud
 Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH.
 See the [module](https://github.com/terraform-google-modules/terraform-google-gcloud#downloading) documentation for more information.

modules/private-cluster/cluster.tf

@@ -199,6 +199,7 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  enable_fqdn_network_policy = var.enable_fqdn_network_policy
   dynamic "master_authorized_networks_config" {
     for_each = var.enable_private_endpoint || var.gcp_public_cidrs_access_enabled != null || length(var.master_authorized_networks) > 0 ? [true] : []
     content {

modules/private-cluster/variables.tf

@@ -594,6 +594,12 @@ variable "enable_secret_manager_addon" {
   default     = false
 }
 
+variable "enable_fqdn_network_policy" {
+  type        = bool
+  description = "Enable FQDN Network Policies on the cluster"
+  default     = null
+}
+
 variable "enable_cilium_clusterwide_network_policy" {
   type        = bool
   description = "Enable Cilium Cluster Wide Network Policies on the cluster"

modules/private-cluster/versions.tf

@@ -21,7 +21,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

variables.tf

@@ -558,6 +558,12 @@ variable "enable_secret_manager_addon" {
   default     = false
 }
 
+variable "enable_fqdn_network_policy" {
+  type        = bool
+  description = "Enable FQDN Network Policies on the cluster"
+  default     = null
+}
+
 variable "enable_cilium_clusterwide_network_policy" {
   type        = bool
   description = "Enable Cilium Cluster Wide Network Policies on the cluster"

versions.tf

@@ -21,7 +21,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.11.0, < 7"
+      version = ">= 6.14.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"