feat: add support for additional_pod_ranges_config

README.md

@@ -144,6 +144,7 @@ Then perform the following commands on the root folder:
 | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
 | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
 | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
+| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no |
 | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
 | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no |
 | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |

autogen/main/cluster.tf.tmpl

@@ -541,6 +541,13 @@ resource "google_container_cluster" "primary" {
         pod_range_names = var.additional_ip_range_pods
       }
     }
+    dynamic "additional_pod_ranges_config" {
+      for_each = var.additional_pod_ranges_config
+      content {
+        subnetwork           = var.additional_pod_ranges_config.subnetwork
+        pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names
+      }
+    }
     stack_type                    = var.stack_type
   }
 

autogen/main/variables.tf.tmpl

@@ -174,6 +174,12 @@ variable "additional_ip_range_pods" {
   default     = []
 }
 
+variable "additional_pod_ranges_config" {
+  type        = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
+  description = "the configuration for individual additional subnetworks attached to the cluster"
+  default = []
+}
+
 variable "ip_range_services" {
   type        = string
   description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."

cluster.tf

@@ -411,6 +411,13 @@ resource "google_container_cluster" "primary" {
         pod_range_names = var.additional_ip_range_pods
       }
     }
+    dynamic "additional_pod_ranges_config" {
+      for_each = var.additional_pod_ranges_config
+      content {
+        subnetwork           = var.additional_pod_ranges_config.subnetwork
+        pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names
+      }
+    }
     stack_type = var.stack_type
   }
 

metadata.display.yaml

@@ -39,6 +39,9 @@ spec:
         additional_ip_range_pods:
           name: additional_ip_range_pods
           title: Additional Ip Range Pods
+        additional_pod_ranges_config:
+          name: additional_pod_ranges_config
+          title: Additional Pod Ranges Config
         additive_vpc_scope_dns_domain:
           name: additive_vpc_scope_dns_domain
           title: Additive Vpc Scope Dns Domain

metadata.yaml

@@ -259,6 +259,10 @@ spec:
         description: List of _names_ of the additional secondary subnet ip ranges to use for pods
         varType: list(string)
         defaultValue: []
+      - name: additional_pod_ranges_config
+        description: the configuration for individual additional subnetworks attached to the cluster
+        varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
+        defaultValue: []
       - name: ip_range_services
         description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used.
         varType: string

modules/beta-autopilot-private-cluster/README.md

@@ -77,6 +77,7 @@ Then perform the following commands on the root folder:
 | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
 | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
 | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
+| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no |
 | allow\_net\_admin | (Optional) Enable NET\_ADMIN for the cluster. | `bool` | `null` | no |
 | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no |
 | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |

modules/beta-autopilot-private-cluster/cluster.tf

@@ -312,6 +312,13 @@ resource "google_container_cluster" "primary" {
         pod_range_names = var.additional_ip_range_pods
       }
     }
+    dynamic "additional_pod_ranges_config" {
+      for_each = var.additional_pod_ranges_config
+      content {
+        subnetwork           = var.additional_pod_ranges_config.subnetwork
+        pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names
+      }
+    }
     stack_type = var.stack_type
   }
 

modules/beta-autopilot-private-cluster/metadata.display.yaml

@@ -40,6 +40,9 @@ spec:
         additional_ip_range_pods:
           name: additional_ip_range_pods
           title: Additional Ip Range Pods
+        additional_pod_ranges_config:
+          name: additional_pod_ranges_config
+          title: Additional Pod Ranges Config
         allow_net_admin:
           name: allow_net_admin
           title: Allow Net Admin

modules/beta-autopilot-private-cluster/metadata.yaml

@@ -218,6 +218,10 @@ spec:
         description: List of _names_ of the additional secondary subnet ip ranges to use for pods
         varType: list(string)
         defaultValue: []
+      - name: additional_pod_ranges_config
+        description: the configuration for individual additional subnetworks attached to the cluster
+        varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
+        defaultValue: []
       - name: ip_range_services
         description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used.
         varType: string

modules/beta-autopilot-private-cluster/variables.tf

@@ -164,6 +164,12 @@ variable "additional_ip_range_pods" {
   default     = []
 }
 
+variable "additional_pod_ranges_config" {
+  type        = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
+  description = "the configuration for individual additional subnetworks attached to the cluster"
+  default     = []
+}
+
 variable "ip_range_services" {
   type        = string
   description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."

modules/beta-autopilot-public-cluster/README.md

@@ -71,6 +71,7 @@ Then perform the following commands on the root folder:
 | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
 | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
 | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
+| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no |
 | allow\_net\_admin | (Optional) Enable NET\_ADMIN for the cluster. | `bool` | `null` | no |
 | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no |
 | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |

modules/beta-autopilot-public-cluster/cluster.tf

@@ -312,6 +312,13 @@ resource "google_container_cluster" "primary" {
         pod_range_names = var.additional_ip_range_pods
       }
     }
+    dynamic "additional_pod_ranges_config" {
+      for_each = var.additional_pod_ranges_config
+      content {
+        subnetwork           = var.additional_pod_ranges_config.subnetwork
+        pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names
+      }
+    }
     stack_type = var.stack_type
   }
 

modules/beta-autopilot-public-cluster/metadata.display.yaml

@@ -40,6 +40,9 @@ spec:
         additional_ip_range_pods:
           name: additional_ip_range_pods
           title: Additional Ip Range Pods
+        additional_pod_ranges_config:
+          name: additional_pod_ranges_config
+          title: Additional Pod Ranges Config
         allow_net_admin:
           name: allow_net_admin
           title: Allow Net Admin

modules/beta-autopilot-public-cluster/metadata.yaml

@@ -218,6 +218,10 @@ spec:
         description: List of _names_ of the additional secondary subnet ip ranges to use for pods
         varType: list(string)
         defaultValue: []
+      - name: additional_pod_ranges_config
+        description: the configuration for individual additional subnetworks attached to the cluster
+        varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
+        defaultValue: []
       - name: ip_range_services
         description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used.
         varType: string

modules/beta-autopilot-public-cluster/variables.tf

@@ -164,6 +164,12 @@ variable "additional_ip_range_pods" {
   default     = []
 }
 
+variable "additional_pod_ranges_config" {
+  type        = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
+  description = "the configuration for individual additional subnetworks attached to the cluster"
+  default     = []
+}
+
 variable "ip_range_services" {
   type        = string
   description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."

modules/beta-private-cluster-update-variant/README.md

@@ -175,6 +175,7 @@ Then perform the following commands on the root folder:
 | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
 | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
 | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
+| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no |
 | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
 | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no |
 | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |

modules/beta-private-cluster-update-variant/cluster.tf

@@ -448,6 +448,13 @@ resource "google_container_cluster" "primary" {
         pod_range_names = var.additional_ip_range_pods
       }
     }
+    dynamic "additional_pod_ranges_config" {
+      for_each = var.additional_pod_ranges_config
+      content {
+        subnetwork           = var.additional_pod_ranges_config.subnetwork
+        pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names
+      }
+    }
     stack_type = var.stack_type
   }
 

modules/beta-private-cluster-update-variant/metadata.display.yaml

@@ -40,6 +40,9 @@ spec:
         additional_ip_range_pods:
           name: additional_ip_range_pods
           title: Additional Ip Range Pods
+        additional_pod_ranges_config:
+          name: additional_pod_ranges_config
+          title: Additional Pod Ranges Config
         additive_vpc_scope_dns_domain:
           name: additive_vpc_scope_dns_domain
           title: Additive Vpc Scope Dns Domain

modules/beta-private-cluster-update-variant/metadata.yaml

@@ -219,6 +219,10 @@ spec:
         description: List of _names_ of the additional secondary subnet ip ranges to use for pods
         varType: list(string)
         defaultValue: []
+      - name: additional_pod_ranges_config
+        description: the configuration for individual additional subnetworks attached to the cluster
+        varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
+        defaultValue: []
       - name: ip_range_services
         description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used.
         varType: string

modules/beta-private-cluster-update-variant/variables.tf

@@ -155,6 +155,12 @@ variable "additional_ip_range_pods" {
   default     = []
 }
 
+variable "additional_pod_ranges_config" {
+  type        = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
+  description = "the configuration for individual additional subnetworks attached to the cluster"
+  default     = []
+}
+
 variable "ip_range_services" {
   type        = string
   description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."

modules/beta-private-cluster/README.md

@@ -153,6 +153,7 @@ Then perform the following commands on the root folder:
 | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no |
 | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no |
 | additional\_ip\_range\_pods | List of _names_ of the additional secondary subnet ip ranges to use for pods | `list(string)` | `[]` | no |
+| additional\_pod\_ranges\_config | the configuration for individual additional subnetworks attached to the cluster | `list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))` | `[]` | no |
 | additive\_vpc\_scope\_dns\_domain | This will enable Cloud DNS additive VPC scope. Must provide a domain name that is unique within the VPC. For this to work cluster\_dns = `CLOUD_DNS` and cluster\_dns\_scope = `CLUSTER_SCOPE` must both be set as well. | `string` | `""` | no |
 | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | `string` | `null` | no |
 | boot\_disk\_kms\_key | The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool, if not overridden in `node_pools`. This should be of the form projects/[KEY\_PROJECT\_ID]/locations/[LOCATION]/keyRings/[RING\_NAME]/cryptoKeys/[KEY\_NAME]. For more information about protecting resources with Cloud KMS Keys please see: https://cloud.google.com/compute/docs/disks/customer-managed-encryption | `string` | `null` | no |

modules/beta-private-cluster/cluster.tf

@@ -448,6 +448,13 @@ resource "google_container_cluster" "primary" {
         pod_range_names = var.additional_ip_range_pods
       }
     }
+    dynamic "additional_pod_ranges_config" {
+      for_each = var.additional_pod_ranges_config
+      content {
+        subnetwork           = var.additional_pod_ranges_config.subnetwork
+        pod_ipv4_range_names = var.additional_pod_ranges_config.pod_ipv4_range_names
+      }
+    }
     stack_type = var.stack_type
   }
 

modules/beta-private-cluster/metadata.display.yaml

@@ -40,6 +40,9 @@ spec:
         additional_ip_range_pods:
           name: additional_ip_range_pods
           title: Additional Ip Range Pods
+        additional_pod_ranges_config:
+          name: additional_pod_ranges_config
+          title: Additional Pod Ranges Config
         additive_vpc_scope_dns_domain:
           name: additive_vpc_scope_dns_domain
           title: Additive Vpc Scope Dns Domain

modules/beta-private-cluster/metadata.yaml

@@ -219,6 +219,10 @@ spec:
         description: List of _names_ of the additional secondary subnet ip ranges to use for pods
         varType: list(string)
         defaultValue: []
+      - name: additional_pod_ranges_config
+        description: the configuration for individual additional subnetworks attached to the cluster
+        varType: list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
+        defaultValue: []
       - name: ip_range_services
         description: The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used.
         varType: string

modules/beta-private-cluster/variables.tf

@@ -155,6 +155,12 @@ variable "additional_ip_range_pods" {
   default     = []
 }
 
+variable "additional_pod_ranges_config" {
+  type        = list(object({ subnetwork = string, pod_ipv4_range_names = list(string) }))
+  description = "the configuration for individual additional subnetworks attached to the cluster"
+  default     = []
+}
+
 variable "ip_range_services" {
   type        = string
   description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."