From 0963d4cfa94153c4e9a770504015d81fd606af7d Mon Sep 17 00:00:00 2001 From: Imran Nayer Date: Thu, 4 Sep 2025 14:28:00 +0000 Subject: [PATCH 1/4] added lsutre --- README.md | 2 ++ autogen/main/cluster.tf.tmpl | 8 ++++++++ autogen/main/variables.tf.tmpl | 14 +++++++++++++- cluster.tf | 8 ++++++++ docs/upgrading_to_v39.0.md | 5 +++++ metadata.display.yaml | 9 +++++++++ metadata.yaml | 7 +++++++ modules/beta-autopilot-private-cluster/README.md | 2 ++ modules/beta-autopilot-private-cluster/cluster.tf | 8 ++++++++ .../metadata.display.yaml | 9 +++++++++ .../beta-autopilot-private-cluster/metadata.yaml | 7 +++++++ .../beta-autopilot-private-cluster/variables.tf | 14 +++++++++++++- modules/beta-autopilot-public-cluster/README.md | 2 ++ modules/beta-autopilot-public-cluster/cluster.tf | 8 ++++++++ .../metadata.display.yaml | 9 +++++++++ .../beta-autopilot-public-cluster/metadata.yaml | 7 +++++++ modules/beta-autopilot-public-cluster/variables.tf | 14 +++++++++++++- .../beta-private-cluster-update-variant/README.md | 2 ++ .../beta-private-cluster-update-variant/cluster.tf | 8 ++++++++ .../metadata.display.yaml | 9 +++++++++ .../metadata.yaml | 7 +++++++ .../variables.tf | 14 +++++++++++++- modules/beta-private-cluster/README.md | 2 ++ modules/beta-private-cluster/cluster.tf | 8 ++++++++ modules/beta-private-cluster/metadata.display.yaml | 9 +++++++++ modules/beta-private-cluster/metadata.yaml | 7 +++++++ modules/beta-private-cluster/variables.tf | 14 +++++++++++++- .../beta-public-cluster-update-variant/README.md | 2 ++ .../beta-public-cluster-update-variant/cluster.tf | 8 ++++++++ .../metadata.display.yaml | 9 +++++++++ .../metadata.yaml | 7 +++++++ .../variables.tf | 14 +++++++++++++- modules/beta-public-cluster/README.md | 2 ++ modules/beta-public-cluster/cluster.tf | 8 ++++++++ modules/beta-public-cluster/metadata.display.yaml | 9 +++++++++ modules/beta-public-cluster/metadata.yaml | 7 +++++++ modules/beta-public-cluster/variables.tf | 14 +++++++++++++- modules/private-cluster-update-variant/README.md | 2 ++ modules/private-cluster-update-variant/cluster.tf | 8 ++++++++ .../metadata.display.yaml | 9 +++++++++ .../private-cluster-update-variant/metadata.yaml | 7 +++++++ .../private-cluster-update-variant/variables.tf | 14 +++++++++++++- modules/private-cluster/README.md | 2 ++ modules/private-cluster/cluster.tf | 8 ++++++++ modules/private-cluster/metadata.display.yaml | 9 +++++++++ modules/private-cluster/metadata.yaml | 7 +++++++ modules/private-cluster/variables.tf | 14 +++++++++++++- variables.tf | 14 +++++++++++++- 48 files changed, 377 insertions(+), 10 deletions(-) create mode 100644 docs/upgrading_to_v39.0.md diff --git a/README.md b/README.md index 3d9e0b85bd..4dca0c00de 100644 --- a/README.md +++ b/README.md @@ -177,6 +177,7 @@ Then perform the following commands on the root folder: | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | +| enable\_legacy\_lustre\_port | Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | | enable\_multi\_networking | Whether multi-networking is enabled for this cluster | `bool` | `null` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | @@ -214,6 +215,7 @@ Then perform the following commands on the root folder: | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, KCP\_HPA, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | logging\_variant | (Optional) The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX\_THROUGHPUT. | `string` | `null` | no | +| lustre\_csi\_driver | The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes | `bool` | `null` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 60dd637a67..66995e41bb 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -384,6 +384,14 @@ resource "google_container_cluster" "primary" { enabled = var.filestore_csi_driver } + dynamic "lustre_csi_driver_config" { + for_each = var.lustre_csi_driver == null ? [] : ["lustre_csi_driver_config"] + content { + enabled = var.lustre_csi_driver + enable_legacy_lustre_port = var.enable_legacy_lustre_port + } + } + {% if autopilot_cluster != true %} network_policy_config { disabled = !var.network_policy diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 4211aa20ee..be652f0900 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -772,6 +772,18 @@ variable "filestore_csi_driver" { default = false } +variable "lustre_csi_driver" { + type = bool + description = "The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes" + default = null +} + +variable "enable_legacy_lustre_port" { + type = bool + description = "Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes" + default = false +} + {% if autopilot_cluster != true %} variable "network_policy" { type = bool diff --git a/cluster.tf b/cluster.tf index 5d8d52feea..1a7f928af3 100644 --- a/cluster.tf +++ b/cluster.tf @@ -292,6 +292,14 @@ resource "google_container_cluster" "primary" { enabled = var.filestore_csi_driver } + dynamic "lustre_csi_driver_config" { + for_each = var.lustre_csi_driver == null ? [] : ["lustre_csi_driver_config"] + content { + enabled = var.lustre_csi_driver + enable_legacy_lustre_port = var.enable_legacy_lustre_port + } + } + network_policy_config { disabled = !var.network_policy } diff --git a/docs/upgrading_to_v39.0.md b/docs/upgrading_to_v39.0.md new file mode 100644 index 0000000000..4cde96e53a --- /dev/null +++ b/docs/upgrading_to_v39.0.md @@ -0,0 +1,5 @@ +# Upgrading to v39.0 +The v39.0 release of *kubernetes-engine* is a backwards incompatible release. + +### Google Cloud Platform Provider upgrade +The Terraform Kubernetes Engine Module now requires version 6.47 or higher of the Google Cloud Platform Providers. diff --git a/metadata.display.yaml b/metadata.display.yaml index 20130caa5c..8ae04f9d59 100644 --- a/metadata.display.yaml +++ b/metadata.display.yaml @@ -138,6 +138,9 @@ spec: enable_l4_ilb_subsetting: name: enable_l4_ilb_subsetting title: Enable L4 Ilb Subsetting + enable_legacy_lustre_port: + name: enable_legacy_lustre_port + title: Enable Legacy Lustre Port enable_mesh_certificates: name: enable_mesh_certificates title: Enable Mesh Certificates @@ -249,6 +252,9 @@ spec: logging_variant: name: logging_variant title: Logging Variant + lustre_csi_driver: + name: lustre_csi_driver + title: Lustre Csi Driver maintenance_end_time: name: maintenance_end_time title: Maintenance End Time @@ -357,6 +363,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/metadata.yaml b/metadata.yaml index 25c8b1a0d9..2991d2371f 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -597,6 +597,13 @@ spec: description: The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes varType: bool defaultValue: false + - name: lustre_csi_driver + description: The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes + varType: bool + - name: enable_legacy_lustre_port + description: Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes + varType: bool + defaultValue: false - name: network_policy description: Enable network policy addon varType: bool diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 8bb24fff14..60fed83329 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -97,6 +97,7 @@ Then perform the following commands on the root folder: | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | +| enable\_legacy\_lustre\_port | Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes | `bool` | `false` | no | | enable\_multi\_networking | Whether multi-networking is enabled for this cluster | `bool` | `null` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_private\_endpoint | Whether the master's internal IP address is used as the cluster endpoint | `bool` | `false` | no | @@ -128,6 +129,7 @@ Then perform the following commands on the root folder: | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, KCP\_HPA, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | +| lustre\_csi\_driver | The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes | `bool` | `null` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index f88d73aefc..c9e87dfc35 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -229,6 +229,14 @@ resource "google_container_cluster" "primary" { enabled = var.filestore_csi_driver } + dynamic "lustre_csi_driver_config" { + for_each = var.lustre_csi_driver == null ? [] : ["lustre_csi_driver_config"] + content { + enabled = var.lustre_csi_driver + enable_legacy_lustre_port = var.enable_legacy_lustre_port + } + } + dynamic "gke_backup_agent_config" { for_each = local.gke_backup_agent_config diff --git a/modules/beta-autopilot-private-cluster/metadata.display.yaml b/modules/beta-autopilot-private-cluster/metadata.display.yaml index 4c27521a94..7c857b1cec 100644 --- a/modules/beta-autopilot-private-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.display.yaml @@ -103,6 +103,9 @@ spec: enable_l4_ilb_subsetting: name: enable_l4_ilb_subsetting title: Enable L4 Ilb Subsetting + enable_legacy_lustre_port: + name: enable_legacy_lustre_port + title: Enable Legacy Lustre Port enable_multi_networking: name: enable_multi_networking title: Enable Multi Networking @@ -202,6 +205,9 @@ spec: logging_enabled_components: name: logging_enabled_components title: Logging Enabled Components + lustre_csi_driver: + name: lustre_csi_driver + title: Lustre Csi Driver maintenance_end_time: name: maintenance_end_time title: Maintenance End Time @@ -262,6 +268,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml index e4ec88b169..d317ece91e 100644 --- a/modules/beta-autopilot-private-cluster/metadata.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.yaml @@ -422,6 +422,13 @@ spec: description: The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes varType: bool defaultValue: false + - name: lustre_csi_driver + description: The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes + varType: bool + - name: enable_legacy_lustre_port + description: Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes + varType: bool + defaultValue: false - name: database_encryption description: "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key." varType: list(object({ state = string, key_name = string })) diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 3289ccbab8..d6527f4b85 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -490,6 +490,18 @@ variable "filestore_csi_driver" { default = false } +variable "lustre_csi_driver" { + type = bool + description = "The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes" + default = null +} + +variable "enable_legacy_lustre_port" { + type = bool + description = "Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes" + default = false +} + variable "database_encryption" { description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key." type = list(object({ state = string, key_name = string })) diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index e844252556..cc11997a5b 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -90,6 +90,7 @@ Then perform the following commands on the root folder: | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | +| enable\_legacy\_lustre\_port | Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes | `bool` | `false` | no | | enable\_multi\_networking | Whether multi-networking is enabled for this cluster | `bool` | `null` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | | enable\_resource\_consumption\_export | Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. | `bool` | `true` | no | @@ -119,6 +120,7 @@ Then perform the following commands on the root folder: | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, KCP\_HPA, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | +| lustre\_csi\_driver | The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes | `bool` | `null` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index a0c3844b19..09a8806eaa 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -229,6 +229,14 @@ resource "google_container_cluster" "primary" { enabled = var.filestore_csi_driver } + dynamic "lustre_csi_driver_config" { + for_each = var.lustre_csi_driver == null ? [] : ["lustre_csi_driver_config"] + content { + enabled = var.lustre_csi_driver + enable_legacy_lustre_port = var.enable_legacy_lustre_port + } + } + dynamic "gke_backup_agent_config" { for_each = local.gke_backup_agent_config diff --git a/modules/beta-autopilot-public-cluster/metadata.display.yaml b/modules/beta-autopilot-public-cluster/metadata.display.yaml index 668f78e8b5..b13aa2855e 100644 --- a/modules/beta-autopilot-public-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.display.yaml @@ -100,6 +100,9 @@ spec: enable_l4_ilb_subsetting: name: enable_l4_ilb_subsetting title: Enable L4 Ilb Subsetting + enable_legacy_lustre_port: + name: enable_legacy_lustre_port + title: Enable Legacy Lustre Port enable_multi_networking: name: enable_multi_networking title: Enable Multi Networking @@ -193,6 +196,9 @@ spec: logging_enabled_components: name: logging_enabled_components title: Logging Enabled Components + lustre_csi_driver: + name: lustre_csi_driver + title: Lustre Csi Driver maintenance_end_time: name: maintenance_end_time title: Maintenance End Time @@ -244,6 +250,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml index d4ab1b8bf4..e137b1f335 100644 --- a/modules/beta-autopilot-public-cluster/metadata.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.yaml @@ -400,6 +400,13 @@ spec: description: The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes varType: bool defaultValue: false + - name: lustre_csi_driver + description: The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes + varType: bool + - name: enable_legacy_lustre_port + description: Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes + varType: bool + defaultValue: false - name: database_encryption description: "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key." varType: list(object({ state = string, key_name = string })) diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index 7990bcaa25..898beb98d0 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -454,6 +454,18 @@ variable "filestore_csi_driver" { default = false } +variable "lustre_csi_driver" { + type = bool + description = "The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes" + default = null +} + +variable "enable_legacy_lustre_port" { + type = bool + description = "Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes" + default = false +} + variable "database_encryption" { description = "Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: \"ENCRYPTED\"; \"DECRYPTED\". key_name is the name of a CloudKMS key." type = list(object({ state = string, key_name = string })) diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 6342346cad..dc4c25ecb4 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -212,6 +212,7 @@ Then perform the following commands on the root folder: | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | +| enable\_legacy\_lustre\_port | Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | | enable\_multi\_networking | Whether multi-networking is enabled for this cluster | `bool` | `null` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | @@ -256,6 +257,7 @@ Then perform the following commands on the root folder: | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, KCP\_HPA, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | logging\_variant | (Optional) The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX\_THROUGHPUT. | `string` | `null` | no | +| lustre\_csi\_driver | The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes | `bool` | `null` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 3d30e4f22f..f018effa78 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -305,6 +305,14 @@ resource "google_container_cluster" "primary" { enabled = var.filestore_csi_driver } + dynamic "lustre_csi_driver_config" { + for_each = var.lustre_csi_driver == null ? [] : ["lustre_csi_driver_config"] + content { + enabled = var.lustre_csi_driver + enable_legacy_lustre_port = var.enable_legacy_lustre_port + } + } + network_policy_config { disabled = !var.network_policy } diff --git a/modules/beta-private-cluster-update-variant/metadata.display.yaml b/modules/beta-private-cluster-update-variant/metadata.display.yaml index 85fc641407..85aec03dac 100644 --- a/modules/beta-private-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.display.yaml @@ -151,6 +151,9 @@ spec: enable_l4_ilb_subsetting: name: enable_l4_ilb_subsetting title: Enable L4 Ilb Subsetting + enable_legacy_lustre_port: + name: enable_legacy_lustre_port + title: Enable Legacy Lustre Port enable_mesh_certificates: name: enable_mesh_certificates title: Enable Mesh Certificates @@ -283,6 +286,9 @@ spec: logging_variant: name: logging_variant title: Logging Variant + lustre_csi_driver: + name: lustre_csi_driver + title: Lustre Csi Driver maintenance_end_time: name: maintenance_end_time title: Maintenance End Time @@ -400,6 +406,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index e9cf47f7b9..50d9f51309 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -590,6 +590,13 @@ spec: description: The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes varType: bool defaultValue: false + - name: lustre_csi_driver + description: The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes + varType: bool + - name: enable_legacy_lustre_port + description: Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes + varType: bool + defaultValue: false - name: network_policy description: Enable network policy addon varType: bool diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 097821e061..92709c3ad7 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -727,6 +727,18 @@ variable "filestore_csi_driver" { default = false } +variable "lustre_csi_driver" { + type = bool + description = "The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes" + default = null +} + +variable "enable_legacy_lustre_port" { + type = bool + description = "Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes" + default = false +} + variable "network_policy" { type = bool description = "Enable network policy addon" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index fa68a28ac4..bfb823cc95 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -190,6 +190,7 @@ Then perform the following commands on the root folder: | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | +| enable\_legacy\_lustre\_port | Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | | enable\_multi\_networking | Whether multi-networking is enabled for this cluster | `bool` | `null` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | @@ -234,6 +235,7 @@ Then perform the following commands on the root folder: | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, KCP\_HPA, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | logging\_variant | (Optional) The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX\_THROUGHPUT. | `string` | `null` | no | +| lustre\_csi\_driver | The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes | `bool` | `null` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 3b6b1f0712..071112dbe4 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -305,6 +305,14 @@ resource "google_container_cluster" "primary" { enabled = var.filestore_csi_driver } + dynamic "lustre_csi_driver_config" { + for_each = var.lustre_csi_driver == null ? [] : ["lustre_csi_driver_config"] + content { + enabled = var.lustre_csi_driver + enable_legacy_lustre_port = var.enable_legacy_lustre_port + } + } + network_policy_config { disabled = !var.network_policy } diff --git a/modules/beta-private-cluster/metadata.display.yaml b/modules/beta-private-cluster/metadata.display.yaml index 747ac7f7d0..78e9b778aa 100644 --- a/modules/beta-private-cluster/metadata.display.yaml +++ b/modules/beta-private-cluster/metadata.display.yaml @@ -151,6 +151,9 @@ spec: enable_l4_ilb_subsetting: name: enable_l4_ilb_subsetting title: Enable L4 Ilb Subsetting + enable_legacy_lustre_port: + name: enable_legacy_lustre_port + title: Enable Legacy Lustre Port enable_mesh_certificates: name: enable_mesh_certificates title: Enable Mesh Certificates @@ -283,6 +286,9 @@ spec: logging_variant: name: logging_variant title: Logging Variant + lustre_csi_driver: + name: lustre_csi_driver + title: Lustre Csi Driver maintenance_end_time: name: maintenance_end_time title: Maintenance End Time @@ -400,6 +406,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index 55bc24084b..485965ef93 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -590,6 +590,13 @@ spec: description: The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes varType: bool defaultValue: false + - name: lustre_csi_driver + description: The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes + varType: bool + - name: enable_legacy_lustre_port + description: Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes + varType: bool + defaultValue: false - name: network_policy description: Enable network policy addon varType: bool diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 097821e061..92709c3ad7 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -727,6 +727,18 @@ variable "filestore_csi_driver" { default = false } +variable "lustre_csi_driver" { + type = bool + description = "The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes" + default = null +} + +variable "enable_legacy_lustre_port" { + type = bool + description = "Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes" + default = false +} + variable "network_policy" { type = bool description = "Enable network policy addon" diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index b2da582ac9..8398e8ca9a 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -205,6 +205,7 @@ Then perform the following commands on the root folder: | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | +| enable\_legacy\_lustre\_port | Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | | enable\_multi\_networking | Whether multi-networking is enabled for this cluster | `bool` | `null` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | @@ -247,6 +248,7 @@ Then perform the following commands on the root folder: | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, KCP\_HPA, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | logging\_variant | (Optional) The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX\_THROUGHPUT. | `string` | `null` | no | +| lustre\_csi\_driver | The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes | `bool` | `null` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index bc5fbc6c51..5a7a258867 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -305,6 +305,14 @@ resource "google_container_cluster" "primary" { enabled = var.filestore_csi_driver } + dynamic "lustre_csi_driver_config" { + for_each = var.lustre_csi_driver == null ? [] : ["lustre_csi_driver_config"] + content { + enabled = var.lustre_csi_driver + enable_legacy_lustre_port = var.enable_legacy_lustre_port + } + } + network_policy_config { disabled = !var.network_policy } diff --git a/modules/beta-public-cluster-update-variant/metadata.display.yaml b/modules/beta-public-cluster-update-variant/metadata.display.yaml index 7aaca97523..d19fa9e08a 100644 --- a/modules/beta-public-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.display.yaml @@ -148,6 +148,9 @@ spec: enable_l4_ilb_subsetting: name: enable_l4_ilb_subsetting title: Enable L4 Ilb Subsetting + enable_legacy_lustre_port: + name: enable_legacy_lustre_port + title: Enable Legacy Lustre Port enable_mesh_certificates: name: enable_mesh_certificates title: Enable Mesh Certificates @@ -274,6 +277,9 @@ spec: logging_variant: name: logging_variant title: Logging Variant + lustre_csi_driver: + name: lustre_csi_driver + title: Lustre Csi Driver maintenance_end_time: name: maintenance_end_time title: Maintenance End Time @@ -382,6 +388,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index a33c9918c6..fa43de3e5f 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -568,6 +568,13 @@ spec: description: The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes varType: bool defaultValue: false + - name: lustre_csi_driver + description: The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes + varType: bool + - name: enable_legacy_lustre_port + description: Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes + varType: bool + defaultValue: false - name: network_policy description: Enable network policy addon varType: bool diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index bdd27befa7..3c7b2a8a4c 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -691,6 +691,18 @@ variable "filestore_csi_driver" { default = false } +variable "lustre_csi_driver" { + type = bool + description = "The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes" + default = null +} + +variable "enable_legacy_lustre_port" { + type = bool + description = "Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes" + default = false +} + variable "network_policy" { type = bool description = "Enable network policy addon" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index cfae0d8606..d31112ca3d 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -183,6 +183,7 @@ Then perform the following commands on the root folder: | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | +| enable\_legacy\_lustre\_port | Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | | enable\_multi\_networking | Whether multi-networking is enabled for this cluster | `bool` | `null` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | @@ -225,6 +226,7 @@ Then perform the following commands on the root folder: | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, KCP\_HPA, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | logging\_variant | (Optional) The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX\_THROUGHPUT. | `string` | `null` | no | +| lustre\_csi\_driver | The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes | `bool` | `null` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 73266458a0..98c5568a8d 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -305,6 +305,14 @@ resource "google_container_cluster" "primary" { enabled = var.filestore_csi_driver } + dynamic "lustre_csi_driver_config" { + for_each = var.lustre_csi_driver == null ? [] : ["lustre_csi_driver_config"] + content { + enabled = var.lustre_csi_driver + enable_legacy_lustre_port = var.enable_legacy_lustre_port + } + } + network_policy_config { disabled = !var.network_policy } diff --git a/modules/beta-public-cluster/metadata.display.yaml b/modules/beta-public-cluster/metadata.display.yaml index 16424f1f95..ad1545fe96 100644 --- a/modules/beta-public-cluster/metadata.display.yaml +++ b/modules/beta-public-cluster/metadata.display.yaml @@ -148,6 +148,9 @@ spec: enable_l4_ilb_subsetting: name: enable_l4_ilb_subsetting title: Enable L4 Ilb Subsetting + enable_legacy_lustre_port: + name: enable_legacy_lustre_port + title: Enable Legacy Lustre Port enable_mesh_certificates: name: enable_mesh_certificates title: Enable Mesh Certificates @@ -274,6 +277,9 @@ spec: logging_variant: name: logging_variant title: Logging Variant + lustre_csi_driver: + name: lustre_csi_driver + title: Lustre Csi Driver maintenance_end_time: name: maintenance_end_time title: Maintenance End Time @@ -382,6 +388,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index 4c1ecf88f8..b09a7a3cad 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -568,6 +568,13 @@ spec: description: The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes varType: bool defaultValue: false + - name: lustre_csi_driver + description: The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes + varType: bool + - name: enable_legacy_lustre_port + description: Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes + varType: bool + defaultValue: false - name: network_policy description: Enable network policy addon varType: bool diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index bdd27befa7..3c7b2a8a4c 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -691,6 +691,18 @@ variable "filestore_csi_driver" { default = false } +variable "lustre_csi_driver" { + type = bool + description = "The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes" + default = null +} + +variable "enable_legacy_lustre_port" { + type = bool + description = "Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes" + default = false +} + variable "network_policy" { type = bool description = "Enable network policy addon" diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index c22d38acdb..b9eac31574 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -206,6 +206,7 @@ Then perform the following commands on the root folder: | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | +| enable\_legacy\_lustre\_port | Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | | enable\_multi\_networking | Whether multi-networking is enabled for this cluster | `bool` | `null` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | @@ -245,6 +246,7 @@ Then perform the following commands on the root folder: | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, KCP\_HPA, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | logging\_variant | (Optional) The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX\_THROUGHPUT. | `string` | `null` | no | +| lustre\_csi\_driver | The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes | `bool` | `null` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index ce7f002147..4e9295ec55 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -292,6 +292,14 @@ resource "google_container_cluster" "primary" { enabled = var.filestore_csi_driver } + dynamic "lustre_csi_driver_config" { + for_each = var.lustre_csi_driver == null ? [] : ["lustre_csi_driver_config"] + content { + enabled = var.lustre_csi_driver + enable_legacy_lustre_port = var.enable_legacy_lustre_port + } + } + network_policy_config { disabled = !var.network_policy } diff --git a/modules/private-cluster-update-variant/metadata.display.yaml b/modules/private-cluster-update-variant/metadata.display.yaml index f9f9526958..70cce99af7 100644 --- a/modules/private-cluster-update-variant/metadata.display.yaml +++ b/modules/private-cluster-update-variant/metadata.display.yaml @@ -142,6 +142,9 @@ spec: enable_l4_ilb_subsetting: name: enable_l4_ilb_subsetting title: Enable L4 Ilb Subsetting + enable_legacy_lustre_port: + name: enable_legacy_lustre_port + title: Enable Legacy Lustre Port enable_mesh_certificates: name: enable_mesh_certificates title: Enable Mesh Certificates @@ -259,6 +262,9 @@ spec: logging_variant: name: logging_variant title: Logging Variant + lustre_csi_driver: + name: lustre_csi_driver + title: Lustre Csi Driver maintenance_end_time: name: maintenance_end_time title: Maintenance End Time @@ -376,6 +382,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml index 6ba4f3544a..d043ee12d3 100644 --- a/modules/private-cluster-update-variant/metadata.yaml +++ b/modules/private-cluster-update-variant/metadata.yaml @@ -579,6 +579,13 @@ spec: description: The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes varType: bool defaultValue: false + - name: lustre_csi_driver + description: The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes + varType: bool + - name: enable_legacy_lustre_port + description: Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes + varType: bool + defaultValue: false - name: network_policy description: Enable network policy addon varType: bool diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index fba4802f0b..4fabf3b03f 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -709,6 +709,18 @@ variable "filestore_csi_driver" { default = false } +variable "lustre_csi_driver" { + type = bool + description = "The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes" + default = null +} + +variable "enable_legacy_lustre_port" { + type = bool + description = "Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes" + default = false +} + variable "network_policy" { type = bool description = "Enable network policy addon" diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index bc38aeeeff..d57e4f933e 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -184,6 +184,7 @@ Then perform the following commands on the root folder: | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | +| enable\_legacy\_lustre\_port | Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes | `bool` | `false` | no | | enable\_mesh\_certificates | Controls the issuance of workload mTLS certificates. When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster. Requires Workload Identity. | `bool` | `false` | no | | enable\_multi\_networking | Whether multi-networking is enabled for this cluster | `bool` | `null` | no | | enable\_network\_egress\_export | Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | `bool` | `false` | no | @@ -223,6 +224,7 @@ Then perform the following commands on the root folder: | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, KCP\_HPA, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | logging\_variant | (Optional) The type of logging agent that is deployed by default for newly created node pools in the cluster. Valid values include DEFAULT and MAX\_THROUGHPUT. | `string` | `null` | no | +| lustre\_csi\_driver | The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes | `bool` | `null` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no | | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 352d8bf8e2..8263db43ce 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -292,6 +292,14 @@ resource "google_container_cluster" "primary" { enabled = var.filestore_csi_driver } + dynamic "lustre_csi_driver_config" { + for_each = var.lustre_csi_driver == null ? [] : ["lustre_csi_driver_config"] + content { + enabled = var.lustre_csi_driver + enable_legacy_lustre_port = var.enable_legacy_lustre_port + } + } + network_policy_config { disabled = !var.network_policy } diff --git a/modules/private-cluster/metadata.display.yaml b/modules/private-cluster/metadata.display.yaml index 0993346a8a..5dd95ae549 100644 --- a/modules/private-cluster/metadata.display.yaml +++ b/modules/private-cluster/metadata.display.yaml @@ -142,6 +142,9 @@ spec: enable_l4_ilb_subsetting: name: enable_l4_ilb_subsetting title: Enable L4 Ilb Subsetting + enable_legacy_lustre_port: + name: enable_legacy_lustre_port + title: Enable Legacy Lustre Port enable_mesh_certificates: name: enable_mesh_certificates title: Enable Mesh Certificates @@ -259,6 +262,9 @@ spec: logging_variant: name: logging_variant title: Logging Variant + lustre_csi_driver: + name: lustre_csi_driver + title: Lustre Csi Driver maintenance_end_time: name: maintenance_end_time title: Maintenance End Time @@ -376,6 +382,9 @@ spec: ray_operator_config: name: ray_operator_config title: Ray Operator Config + rbac_binding_config: + name: rbac_binding_config + title: Rbac Binding Config region: name: region title: Region diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml index d8fc85021c..5f368c4be6 100644 --- a/modules/private-cluster/metadata.yaml +++ b/modules/private-cluster/metadata.yaml @@ -579,6 +579,13 @@ spec: description: The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes varType: bool defaultValue: false + - name: lustre_csi_driver + description: The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes + varType: bool + - name: enable_legacy_lustre_port + description: Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes + varType: bool + defaultValue: false - name: network_policy description: Enable network policy addon varType: bool diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index fba4802f0b..4fabf3b03f 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -709,6 +709,18 @@ variable "filestore_csi_driver" { default = false } +variable "lustre_csi_driver" { + type = bool + description = "The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes" + default = null +} + +variable "enable_legacy_lustre_port" { + type = bool + description = "Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes" + default = false +} + variable "network_policy" { type = bool description = "Enable network policy addon" diff --git a/variables.tf b/variables.tf index 97ff6536e1..ae9b027bdb 100644 --- a/variables.tf +++ b/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -673,6 +673,18 @@ variable "filestore_csi_driver" { default = false } +variable "lustre_csi_driver" { + type = bool + description = "The status of the Lustre CSI driver addon, which allows the usage of a Lustre instances as volumes" + default = null +} + +variable "enable_legacy_lustre_port" { + type = bool + description = "Set it to true for GKE cluster runs a version earlier than 1.33.2-gke.4780000. Allows the Lustre CSI driver to initialize LNet (the virtual network layer for Lustre kernel module) using port 6988. This flag is required to workaround a port conflict with the gke-metadata-server on GKE nodes" + default = false +} + variable "network_policy" { type = bool description = "Enable network policy addon" From 4ed4fdb73350288bda3a137cedf5e8c81e161b01 Mon Sep 17 00:00:00 2001 From: Imran Nayer Date: Thu, 4 Sep 2025 14:29:22 +0000 Subject: [PATCH 2/4] updated test setup --- test/setup/main.tf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/setup/main.tf b/test/setup/main.tf index 211d890949..bff9990be8 100644 --- a/test/setup/main.tf +++ b/test/setup/main.tf @@ -72,6 +72,8 @@ module "gke-project-1" { # due to https://github.com/hashicorp/terraform-provider-google/issues/9505 for AP default_service_account = "keep" + deletion_policy = "DELETE" + auto_create_network = true activate_apis = local.apis @@ -95,6 +97,9 @@ module "gke-project-2" { # due to https://github.com/hashicorp/terraform-provider-google/issues/9505 for AP default_service_account = "keep" + deletion_policy = "DELETE" + + activate_apis = local.apis activate_api_identities = [ { @@ -132,6 +137,9 @@ module "gke-project-fleet" { # due to https://github.com/hashicorp/terraform-provider-google/issues/9505 for AP default_service_account = "keep" + deletion_policy = "DELETE" + + activate_apis = local.apis } From 25eeb46644a41797c892e713e9d1a9d7f5302aec Mon Sep 17 00:00:00 2001 From: Imran Nayer Date: Thu, 4 Sep 2025 17:40:21 +0000 Subject: [PATCH 3/4] fixed readme --- README.md | 2 +- autogen/main/README.md | 4 ++-- modules/beta-autopilot-private-cluster/README.md | 2 +- modules/beta-autopilot-public-cluster/README.md | 2 +- modules/beta-private-cluster-update-variant/README.md | 2 +- modules/beta-private-cluster/README.md | 2 +- modules/beta-public-cluster-update-variant/README.md | 2 +- modules/beta-public-cluster/README.md | 2 +- modules/gke-standard-cluster/metadata.yaml | 2 +- modules/private-cluster-update-variant/README.md | 2 +- modules/private-cluster/README.md | 2 +- 11 files changed, 12 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 7c01c759ca..3f941e3d2c 100644 --- a/README.md +++ b/README.md @@ -438,7 +438,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP][terraform-provider-google] v6.41+ +- [Terraform Provider for GCP][terraform-provider-google] v6.47+ #### gcloud diff --git a/autogen/main/README.md b/autogen/main/README.md index 92a0296679..d8559f66a1 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -319,9 +319,9 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog - [Terraform](https://www.terraform.io/downloads.html) 1.3+ {% if beta_cluster %} -- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.41+ +- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.47+ {% else %} -- [Terraform Provider for GCP][terraform-provider-google] v6.41+ +- [Terraform Provider for GCP][terraform-provider-google] v6.47+ {% endif %} #### gcloud diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 6dae39b21d..4822535d54 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -232,7 +232,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.41+ +- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.47+ #### gcloud diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 54b2020060..e3e5287c5f 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -218,7 +218,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.41+ +- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.47+ #### gcloud diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 84f48aaafb..38c8717704 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -492,7 +492,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.41+ +- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.47+ #### gcloud diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 70438408dc..4af2ff92f2 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -470,7 +470,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.41+ +- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.47+ #### gcloud diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 03cdb79cc6..e9e9c3c64d 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -479,7 +479,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.41+ +- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.47+ #### gcloud diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 45a6cf80ad..397dfea394 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -457,7 +457,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.41+ +- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.47+ #### gcloud diff --git a/modules/gke-standard-cluster/metadata.yaml b/modules/gke-standard-cluster/metadata.yaml index 13ce551921..df408e90b4 100644 --- a/modules/gke-standard-cluster/metadata.yaml +++ b/modules/gke-standard-cluster/metadata.yaml @@ -1008,9 +1008,9 @@ spec: roles: - level: Project roles: - - roles/iam.serviceAccountUser - roles/compute.admin - roles/container.admin + - roles/iam.serviceAccountUser services: - compute.googleapis.com - container.googleapis.com diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 13d31f7ee8..ff84169cda 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -473,7 +473,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP][terraform-provider-google] v6.41+ +- [Terraform Provider for GCP][terraform-provider-google] v6.47+ #### gcloud diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 9968fd2a9d..0d35d0e58c 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -451,7 +451,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Terraform and Plugins - [Terraform](https://www.terraform.io/downloads.html) 1.3+ -- [Terraform Provider for GCP][terraform-provider-google] v6.41+ +- [Terraform Provider for GCP][terraform-provider-google] v6.47+ #### gcloud From a77f86a41b769d011c69bee6671adb281caab9cc Mon Sep 17 00:00:00 2001 From: Imran Nayer Date: Fri, 5 Sep 2025 13:41:29 +0000 Subject: [PATCH 4/4] updated --- autogen/main/variables.tf.tmpl | 2 +- modules/beta-autopilot-private-cluster/variables.tf | 2 +- modules/beta-autopilot-public-cluster/variables.tf | 2 +- modules/beta-private-cluster-update-variant/variables.tf | 2 +- modules/beta-private-cluster/variables.tf | 2 +- modules/beta-public-cluster-update-variant/variables.tf | 2 +- modules/beta-public-cluster/variables.tf | 2 +- modules/gke-autopilot-cluster/metadata.yaml | 2 +- modules/private-cluster-update-variant/variables.tf | 2 +- modules/private-cluster/variables.tf | 2 +- variables.tf | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index a6c7c524c1..f70041a524 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -1,5 +1,5 @@ /** - * Copyright 2025 Google LLC + * Copyright 2022-2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index bfb565d6a5..9e8c533633 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2025 Google LLC + * Copyright 2022-2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index ebc7116723..a9cdf3c50a 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2025 Google LLC + * Copyright 2022-2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index fab209d363..e7dfcf3c36 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2025 Google LLC + * Copyright 2022-2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index fab209d363..e7dfcf3c36 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2025 Google LLC + * Copyright 2022-2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index ce8d049bab..a3db7b3def 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2025 Google LLC + * Copyright 2022-2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index ce8d049bab..a3db7b3def 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2025 Google LLC + * Copyright 2022-2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/modules/gke-autopilot-cluster/metadata.yaml b/modules/gke-autopilot-cluster/metadata.yaml index 756a57a226..20d1a50662 100644 --- a/modules/gke-autopilot-cluster/metadata.yaml +++ b/modules/gke-autopilot-cluster/metadata.yaml @@ -569,9 +569,9 @@ spec: roles: - level: Project roles: - - roles/compute.admin - roles/container.admin - roles/iam.serviceAccountUser + - roles/compute.admin services: - compute.googleapis.com - container.googleapis.com diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 0055fd714a..39a5443e9e 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2025 Google LLC + * Copyright 2022-2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 0055fd714a..39a5443e9e 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2025 Google LLC + * Copyright 2022-2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/variables.tf b/variables.tf index 94470b9169..ac1afd2ec0 100644 --- a/variables.tf +++ b/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2025 Google LLC + * Copyright 2022-2025 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License.