From cab383b9deb6b4d96b5047dbd09d4f861c614fe7 Mon Sep 17 00:00:00 2001 From: Paul Bonser Date: Tue, 16 Sep 2025 12:33:04 -0500 Subject: [PATCH 1/4] feat: add support for NAP/autopilot resource manager tags --- README.md | 3 ++- autogen/main/cluster.tf.tmpl | 8 ++++++-- autogen/main/variables.tf.tmpl | 8 +++++++- cluster.tf | 4 +++- examples/node_pool/main.tf | 2 +- metadata.display.yaml | 3 +++ metadata.yaml | 6 +++++- modules/beta-autopilot-private-cluster/README.md | 3 ++- modules/beta-autopilot-private-cluster/cluster.tf | 4 +++- .../beta-autopilot-private-cluster/metadata.display.yaml | 3 +++ modules/beta-autopilot-private-cluster/metadata.yaml | 6 +++++- modules/beta-autopilot-private-cluster/variables.tf | 8 +++++++- modules/beta-autopilot-public-cluster/README.md | 3 ++- modules/beta-autopilot-public-cluster/cluster.tf | 4 +++- .../beta-autopilot-public-cluster/metadata.display.yaml | 3 +++ modules/beta-autopilot-public-cluster/metadata.yaml | 6 +++++- modules/beta-autopilot-public-cluster/variables.tf | 8 +++++++- modules/beta-private-cluster-update-variant/README.md | 3 ++- modules/beta-private-cluster-update-variant/cluster.tf | 4 +++- .../metadata.display.yaml | 3 +++ modules/beta-private-cluster-update-variant/metadata.yaml | 6 +++++- modules/beta-private-cluster-update-variant/variables.tf | 8 +++++++- modules/beta-private-cluster/README.md | 3 ++- modules/beta-private-cluster/cluster.tf | 4 +++- modules/beta-private-cluster/metadata.display.yaml | 3 +++ modules/beta-private-cluster/metadata.yaml | 6 +++++- modules/beta-private-cluster/variables.tf | 8 +++++++- modules/beta-public-cluster-update-variant/README.md | 3 ++- modules/beta-public-cluster-update-variant/cluster.tf | 4 +++- .../metadata.display.yaml | 3 +++ modules/beta-public-cluster-update-variant/metadata.yaml | 6 +++++- modules/beta-public-cluster-update-variant/variables.tf | 8 +++++++- modules/beta-public-cluster/README.md | 3 ++- modules/beta-public-cluster/cluster.tf | 4 +++- modules/beta-public-cluster/metadata.display.yaml | 3 +++ modules/beta-public-cluster/metadata.yaml | 6 +++++- modules/beta-public-cluster/variables.tf | 8 +++++++- modules/gke-autopilot-cluster/metadata.yaml | 2 +- modules/gke-standard-cluster/metadata.yaml | 2 +- modules/private-cluster-update-variant/README.md | 3 ++- modules/private-cluster-update-variant/cluster.tf | 4 +++- .../private-cluster-update-variant/metadata.display.yaml | 3 +++ modules/private-cluster-update-variant/metadata.yaml | 6 +++++- modules/private-cluster-update-variant/variables.tf | 8 +++++++- modules/private-cluster/README.md | 3 ++- modules/private-cluster/cluster.tf | 4 +++- modules/private-cluster/metadata.display.yaml | 3 +++ modules/private-cluster/metadata.yaml | 6 +++++- modules/private-cluster/variables.tf | 8 +++++++- variables.tf | 8 +++++++- 50 files changed, 196 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index 6c5ffa8fe3..215983798c 100644 --- a/README.md +++ b/README.md @@ -234,7 +234,7 @@ Then perform the following commands on the root folder: | network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | -| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no | +| network\_tags | (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. | `list(string)` | `[]` | no | | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no | | node\_pools | List of maps containing node pools | `list(map(any))` | 
[
  {
    "name": "default-node-pool"
  }
]
| no | | node\_pools\_cgroup\_mode | Map of strings containing cgroup node config by node-pool name | `map(string)` | 
{
  "all": "",
  "default-node-pool": ""
}
| no | @@ -260,6 +260,7 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | | security\_posture\_vulnerability\_mode | Security posture vulnerability mode. Accepted values are `VULNERABILITY_DISABLED`, `VULNERABILITY_BASIC`, and `VULNERABILITY_ENTERPRISE`. Defaults to `VULNERABILITY_DISABLED`. | `string` | `"VULNERABILITY_DISABLED"` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index f4b10125c2..122445b4eb 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -329,7 +329,7 @@ resource "google_container_cluster" "primary" { } {% if autopilot_cluster %} dynamic "node_pool_auto_config" { - for_each = length(var.network_tags) > 0 || var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules || var.insecure_kubelet_readonly_port_enabled != null || var.node_pools_cgroup_mode != null ? [1] : [] + for_each = length(var.network_tags) > 0 || length(var.resource_manager_tags) > 0 || var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules || var.insecure_kubelet_readonly_port_enabled != null || var.node_pools_cgroup_mode != null ? [1] : [] content { dynamic "network_tags" { for_each = length(var.network_tags) > 0 || var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules ? [1] : [] @@ -338,6 +338,8 @@ resource "google_container_cluster" "primary" { } } + resource_manager_tags = length(var.resource_manager_tags) > 0 ? var.resource_manager_tags : null + dynamic "node_kubelet_config" { for_each = var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] content { @@ -356,7 +358,7 @@ resource "google_container_cluster" "primary" { {% if autopilot_cluster != true %} dynamic "node_pool_auto_config" { - for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] + for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || length(var.resource_manager_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] content { dynamic "network_tags" { for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules) ? [1] : [] @@ -365,6 +367,8 @@ resource "google_container_cluster" "primary" { } } + resource_manager_tags = length(var.resource_manager_tags) > 0 ? var.resource_manager_tags : null + dynamic "linux_node_config" { for_each = local.node_pools_cgroup_mode["all"] != "" ? [1] : [] content { diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 8d8a5e1796..92459ec60e 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -400,11 +400,17 @@ variable "node_pools_oauth_scopes" { {% endif %} variable "network_tags" { - description = "(Optional) - List of network tags applied to auto-provisioned node pools." + description = "(Optional) - List of network tags applied to autopilot and auto-provisioned node pools." type = list(string) default = [] } +variable "resource_manager_tags" { + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." + type = map(string) + default = {} +} + variable "enable_k8s_beta_apis" { description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." type = list(string) diff --git a/cluster.tf b/cluster.tf index 5be52ef883..edee42e00f 100644 --- a/cluster.tf +++ b/cluster.tf @@ -265,7 +265,7 @@ resource "google_container_cluster" "primary" { } dynamic "node_pool_auto_config" { - for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] + for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || length(var.resource_manager_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] content { dynamic "network_tags" { for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules) ? [1] : [] @@ -274,6 +274,8 @@ resource "google_container_cluster" "primary" { } } + resource_manager_tags = length(var.resource_manager_tags) > 0 ? var.resource_manager_tags : null + dynamic "linux_node_config" { for_each = local.node_pools_cgroup_mode["all"] != "" ? [1] : [] content { diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index 8b66d525b2..0c9dbde134 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -163,7 +163,7 @@ module "gke" { } node_pools_cgroup_mode = { - all = "CGROUP_MODE_V2" + all = "CGROUP_MODE_V2" pool-01 = "CGROUP_MODE_V1" } diff --git a/metadata.display.yaml b/metadata.display.yaml index 5c2f001d73..75b955fe5c 100644 --- a/metadata.display.yaml +++ b/metadata.display.yaml @@ -387,6 +387,9 @@ spec: remove_default_node_pool: name: remove_default_node_pool title: Remove Default Node Pool + resource_manager_tags: + name: resource_manager_tags + title: Resource Manager Tags resource_usage_export_dataset_id: name: resource_usage_export_dataset_id title: Resource Usage Export Dataset Id diff --git a/metadata.yaml b/metadata.yaml index f7a315b496..a8df869818 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -404,9 +404,13 @@ spec: - https://www.googleapis.com/auth/cloud-platform default-node-pool: [] - name: network_tags - description: (Optional) - List of network tags applied to auto-provisioned node pools. + description: (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: resource_manager_tags + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + varType: map(string) + defaultValue: {} - name: enable_k8s_beta_apis description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. varType: list(string) diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 59d1d8b49c..f1ef858228 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -144,7 +144,7 @@ Then perform the following commands on the root folder: | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | -| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no | +| network\_tags | (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. | `list(string)` | `[]` | no | | node\_pools\_cgroup\_mode | Specifies the Linux cgroup mode for autopilot Kubernetes nodes in the cluster. Accepted values are `CGROUP_MODE_UNSPECIFIED`, `CGROUP_MODE_V1`, and `CGROUP_MODE_V2`, which determine the control group hierarchy used for resource management. | `string` | `null` | no | | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | @@ -156,6 +156,7 @@ Then perform the following commands on the root folder: | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | | security\_posture\_vulnerability\_mode | Security posture vulnerability mode. Accepted values are `VULNERABILITY_DISABLED`, `VULNERABILITY_BASIC`, and `VULNERABILITY_ENTERPRISE`. Defaults to `VULNERABILITY_DISABLED`. | `string` | `"VULNERABILITY_DISABLED"` | no | diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index d1853672d5..b43db6a9f7 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -185,7 +185,7 @@ resource "google_container_cluster" "primary" { } } dynamic "node_pool_auto_config" { - for_each = length(var.network_tags) > 0 || var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules || var.insecure_kubelet_readonly_port_enabled != null || var.node_pools_cgroup_mode != null ? [1] : [] + for_each = length(var.network_tags) > 0 || length(var.resource_manager_tags) > 0 || var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules || var.insecure_kubelet_readonly_port_enabled != null || var.node_pools_cgroup_mode != null ? [1] : [] content { dynamic "network_tags" { for_each = length(var.network_tags) > 0 || var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules ? [1] : [] @@ -194,6 +194,8 @@ resource "google_container_cluster" "primary" { } } + resource_manager_tags = length(var.resource_manager_tags) > 0 ? var.resource_manager_tags : null + dynamic "node_kubelet_config" { for_each = var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] content { diff --git a/modules/beta-autopilot-private-cluster/metadata.display.yaml b/modules/beta-autopilot-private-cluster/metadata.display.yaml index 7e201962d1..436b04010f 100644 --- a/modules/beta-autopilot-private-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.display.yaml @@ -289,6 +289,9 @@ spec: release_channel: name: release_channel title: Release Channel + resource_manager_tags: + name: resource_manager_tags + title: Resource Manager Tags resource_usage_export_dataset_id: name: resource_usage_export_dataset_id title: Resource Usage Export Dataset Id diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml index 0f58298499..d36b601680 100644 --- a/modules/beta-autopilot-private-cluster/metadata.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.yaml @@ -246,9 +246,13 @@ spec: varType: bool defaultValue: true - name: network_tags - description: (Optional) - List of network tags applied to auto-provisioned node pools. + description: (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: resource_manager_tags + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + varType: map(string) + defaultValue: {} - name: enable_k8s_beta_apis description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. varType: list(string) diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 479a7ef0ae..3e03612b25 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -209,11 +209,17 @@ variable "enable_resource_consumption_export" { variable "network_tags" { - description = "(Optional) - List of network tags applied to auto-provisioned node pools." + description = "(Optional) - List of network tags applied to autopilot and auto-provisioned node pools." type = list(string) default = [] } +variable "resource_manager_tags" { + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + type = map(string) + default = {} +} + variable "enable_k8s_beta_apis" { description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." type = list(string) diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 52d2078adb..334cb7babb 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -133,7 +133,7 @@ Then perform the following commands on the root folder: | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | -| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no | +| network\_tags | (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. | `list(string)` | `[]` | no | | node\_pools\_cgroup\_mode | Specifies the Linux cgroup mode for autopilot Kubernetes nodes in the cluster. Accepted values are `CGROUP_MODE_UNSPECIFIED`, `CGROUP_MODE_V1`, and `CGROUP_MODE_V2`, which determine the control group hierarchy used for resource management. | `string` | `null` | no | | notification\_config\_topic | The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}. | `string` | `""` | no | | notification\_filter\_event\_type | Choose what type of notifications you want to receive. If no filters are applied, you'll receive all notification types. Can be used to filter what notifications are sent. Accepted values are UPGRADE\_AVAILABLE\_EVENT, UPGRADE\_EVENT, and SECURITY\_BULLETIN\_EVENT. | `list(string)` | `[]` | no | @@ -144,6 +144,7 @@ Then perform the following commands on the root folder: | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | | security\_posture\_vulnerability\_mode | Security posture vulnerability mode. Accepted values are `VULNERABILITY_DISABLED`, `VULNERABILITY_BASIC`, and `VULNERABILITY_ENTERPRISE`. Defaults to `VULNERABILITY_DISABLED`. | `string` | `"VULNERABILITY_DISABLED"` | no | diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 05ff62a148..ea5c881ed8 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -185,7 +185,7 @@ resource "google_container_cluster" "primary" { } } dynamic "node_pool_auto_config" { - for_each = length(var.network_tags) > 0 || var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules || var.insecure_kubelet_readonly_port_enabled != null || var.node_pools_cgroup_mode != null ? [1] : [] + for_each = length(var.network_tags) > 0 || length(var.resource_manager_tags) > 0 || var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules || var.insecure_kubelet_readonly_port_enabled != null || var.node_pools_cgroup_mode != null ? [1] : [] content { dynamic "network_tags" { for_each = length(var.network_tags) > 0 || var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules || var.add_shadow_firewall_rules ? [1] : [] @@ -194,6 +194,8 @@ resource "google_container_cluster" "primary" { } } + resource_manager_tags = length(var.resource_manager_tags) > 0 ? var.resource_manager_tags : null + dynamic "node_kubelet_config" { for_each = var.insecure_kubelet_readonly_port_enabled != null ? [1] : [] content { diff --git a/modules/beta-autopilot-public-cluster/metadata.display.yaml b/modules/beta-autopilot-public-cluster/metadata.display.yaml index 17d5755933..293e03bc74 100644 --- a/modules/beta-autopilot-public-cluster/metadata.display.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.display.yaml @@ -271,6 +271,9 @@ spec: release_channel: name: release_channel title: Release Channel + resource_manager_tags: + name: resource_manager_tags + title: Resource Manager Tags resource_usage_export_dataset_id: name: resource_usage_export_dataset_id title: Resource Usage Export Dataset Id diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml index 63de149d6e..58edd543e4 100644 --- a/modules/beta-autopilot-public-cluster/metadata.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.yaml @@ -246,9 +246,13 @@ spec: varType: bool defaultValue: true - name: network_tags - description: (Optional) - List of network tags applied to auto-provisioned node pools. + description: (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: resource_manager_tags + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + varType: map(string) + defaultValue: {} - name: enable_k8s_beta_apis description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. varType: list(string) diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index ef59e9744c..0b9cbaa56f 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -209,11 +209,17 @@ variable "enable_resource_consumption_export" { variable "network_tags" { - description = "(Optional) - List of network tags applied to auto-provisioned node pools." + description = "(Optional) - List of network tags applied to autopilot and auto-provisioned node pools." type = list(string) default = [] } +variable "resource_manager_tags" { + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + type = map(string) + default = {} +} + variable "enable_k8s_beta_apis" { description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." type = list(string) diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 15d37b8885..171cfb53a0 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -278,7 +278,7 @@ Then perform the following commands on the root folder: | network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | -| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no | +| network\_tags | (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. | `list(string)` | `[]` | no | | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no | | node\_pools | List of maps containing node pools | `list(map(any))` | 
[
  {
    "name": "default-node-pool"
  }
]
| no | | node\_pools\_cgroup\_mode | Map of strings containing cgroup node config by node-pool name | `map(string)` | 
{
  "all": "",
  "default-node-pool": ""
}
| no | @@ -305,6 +305,7 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | `bool` | `false` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 8e7790fb9d..93c8b6fac2 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -278,7 +278,7 @@ resource "google_container_cluster" "primary" { } dynamic "node_pool_auto_config" { - for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] + for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || length(var.resource_manager_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] content { dynamic "network_tags" { for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules) ? [1] : [] @@ -287,6 +287,8 @@ resource "google_container_cluster" "primary" { } } + resource_manager_tags = length(var.resource_manager_tags) > 0 ? var.resource_manager_tags : null + dynamic "linux_node_config" { for_each = local.node_pools_cgroup_mode["all"] != "" ? [1] : [] content { diff --git a/modules/beta-private-cluster-update-variant/metadata.display.yaml b/modules/beta-private-cluster-update-variant/metadata.display.yaml index 290b061de6..6131bca70c 100644 --- a/modules/beta-private-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.display.yaml @@ -430,6 +430,9 @@ spec: remove_default_node_pool: name: remove_default_node_pool title: Remove Default Node Pool + resource_manager_tags: + name: resource_manager_tags + title: Resource Manager Tags resource_usage_export_dataset_id: name: resource_usage_export_dataset_id title: Resource Usage Export Dataset Id diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index 93d63bb35f..536ea88aa7 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -364,9 +364,13 @@ spec: - https://www.googleapis.com/auth/cloud-platform default-node-pool: [] - name: network_tags - description: (Optional) - List of network tags applied to auto-provisioned node pools. + description: (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: resource_manager_tags + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + varType: map(string) + defaultValue: {} - name: enable_k8s_beta_apis description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. varType: list(string) diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index d86c6035d6..362f106324 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -377,11 +377,17 @@ variable "node_pools_oauth_scopes" { } variable "network_tags" { - description = "(Optional) - List of network tags applied to auto-provisioned node pools." + description = "(Optional) - List of network tags applied to autopilot and auto-provisioned node pools." type = list(string) default = [] } +variable "resource_manager_tags" { + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + type = map(string) + default = {} +} + variable "enable_k8s_beta_apis" { description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." type = list(string) diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index e7cb428627..4d503ac8c1 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -256,7 +256,7 @@ Then perform the following commands on the root folder: | network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | -| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no | +| network\_tags | (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. | `list(string)` | `[]` | no | | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no | | node\_pools | List of maps containing node pools | `list(map(any))` | 
[
  {
    "name": "default-node-pool"
  }
]
| no | | node\_pools\_cgroup\_mode | Map of strings containing cgroup node config by node-pool name | `map(string)` | 
{
  "all": "",
  "default-node-pool": ""
}
| no | @@ -283,6 +283,7 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | `bool` | `false` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index ba74d25db4..16fc1dad0e 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -278,7 +278,7 @@ resource "google_container_cluster" "primary" { } dynamic "node_pool_auto_config" { - for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] + for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || length(var.resource_manager_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] content { dynamic "network_tags" { for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules) ? [1] : [] @@ -287,6 +287,8 @@ resource "google_container_cluster" "primary" { } } + resource_manager_tags = length(var.resource_manager_tags) > 0 ? var.resource_manager_tags : null + dynamic "linux_node_config" { for_each = local.node_pools_cgroup_mode["all"] != "" ? [1] : [] content { diff --git a/modules/beta-private-cluster/metadata.display.yaml b/modules/beta-private-cluster/metadata.display.yaml index 83defb6bb0..d9416bda62 100644 --- a/modules/beta-private-cluster/metadata.display.yaml +++ b/modules/beta-private-cluster/metadata.display.yaml @@ -430,6 +430,9 @@ spec: remove_default_node_pool: name: remove_default_node_pool title: Remove Default Node Pool + resource_manager_tags: + name: resource_manager_tags + title: Resource Manager Tags resource_usage_export_dataset_id: name: resource_usage_export_dataset_id title: Resource Usage Export Dataset Id diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index 6db6bf9a9d..24fab96f33 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -364,9 +364,13 @@ spec: - https://www.googleapis.com/auth/cloud-platform default-node-pool: [] - name: network_tags - description: (Optional) - List of network tags applied to auto-provisioned node pools. + description: (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: resource_manager_tags + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + varType: map(string) + defaultValue: {} - name: enable_k8s_beta_apis description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. varType: list(string) diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index d86c6035d6..362f106324 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -377,11 +377,17 @@ variable "node_pools_oauth_scopes" { } variable "network_tags" { - description = "(Optional) - List of network tags applied to auto-provisioned node pools." + description = "(Optional) - List of network tags applied to autopilot and auto-provisioned node pools." type = list(string) default = [] } +variable "resource_manager_tags" { + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + type = map(string) + default = {} +} + variable "enable_k8s_beta_apis" { description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." type = list(string) diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 0c1e5e3cfc..549e6784d0 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -267,7 +267,7 @@ Then perform the following commands on the root folder: | network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | -| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no | +| network\_tags | (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. | `list(string)` | `[]` | no | | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no | | node\_pools | List of maps containing node pools | `list(map(any))` | 
[
  {
    "name": "default-node-pool"
  }
]
| no | | node\_pools\_cgroup\_mode | Map of strings containing cgroup node config by node-pool name | `map(string)` | 
{
  "all": "",
  "default-node-pool": ""
}
| no | @@ -293,6 +293,7 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | `bool` | `false` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 2ed8e1104c..bf5d4cea45 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -278,7 +278,7 @@ resource "google_container_cluster" "primary" { } dynamic "node_pool_auto_config" { - for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] + for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || length(var.resource_manager_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] content { dynamic "network_tags" { for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules) ? [1] : [] @@ -287,6 +287,8 @@ resource "google_container_cluster" "primary" { } } + resource_manager_tags = length(var.resource_manager_tags) > 0 ? var.resource_manager_tags : null + dynamic "linux_node_config" { for_each = local.node_pools_cgroup_mode["all"] != "" ? [1] : [] content { diff --git a/modules/beta-public-cluster-update-variant/metadata.display.yaml b/modules/beta-public-cluster-update-variant/metadata.display.yaml index 628cd12485..51d3f8cb86 100644 --- a/modules/beta-public-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.display.yaml @@ -412,6 +412,9 @@ spec: remove_default_node_pool: name: remove_default_node_pool title: Remove Default Node Pool + resource_manager_tags: + name: resource_manager_tags + title: Resource Manager Tags resource_usage_export_dataset_id: name: resource_usage_export_dataset_id title: Resource Usage Export Dataset Id diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index 77a6c232e2..210231fa50 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -364,9 +364,13 @@ spec: - https://www.googleapis.com/auth/cloud-platform default-node-pool: [] - name: network_tags - description: (Optional) - List of network tags applied to auto-provisioned node pools. + description: (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: resource_manager_tags + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + varType: map(string) + defaultValue: {} - name: enable_k8s_beta_apis description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. varType: list(string) diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index c496007585..c5a1b8f67d 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -377,11 +377,17 @@ variable "node_pools_oauth_scopes" { } variable "network_tags" { - description = "(Optional) - List of network tags applied to auto-provisioned node pools." + description = "(Optional) - List of network tags applied to autopilot and auto-provisioned node pools." type = list(string) default = [] } +variable "resource_manager_tags" { + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + type = map(string) + default = {} +} + variable "enable_k8s_beta_apis" { description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." type = list(string) diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 8b28c7fc2d..68257c2a3a 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -245,7 +245,7 @@ Then perform the following commands on the root folder: | network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | -| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no | +| network\_tags | (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. | `list(string)` | `[]` | no | | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no | | node\_pools | List of maps containing node pools | `list(map(any))` | 
[
  {
    "name": "default-node-pool"
  }
]
| no | | node\_pools\_cgroup\_mode | Map of strings containing cgroup node config by node-pool name | `map(string)` | 
{
  "all": "",
  "default-node-pool": ""
}
| no | @@ -271,6 +271,7 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | `bool` | `false` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 0a968942e4..b28fa1cfb7 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -278,7 +278,7 @@ resource "google_container_cluster" "primary" { } dynamic "node_pool_auto_config" { - for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] + for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || length(var.resource_manager_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] content { dynamic "network_tags" { for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules) ? [1] : [] @@ -287,6 +287,8 @@ resource "google_container_cluster" "primary" { } } + resource_manager_tags = length(var.resource_manager_tags) > 0 ? var.resource_manager_tags : null + dynamic "linux_node_config" { for_each = local.node_pools_cgroup_mode["all"] != "" ? [1] : [] content { diff --git a/modules/beta-public-cluster/metadata.display.yaml b/modules/beta-public-cluster/metadata.display.yaml index 73afdf0a79..f8d874ca0e 100644 --- a/modules/beta-public-cluster/metadata.display.yaml +++ b/modules/beta-public-cluster/metadata.display.yaml @@ -412,6 +412,9 @@ spec: remove_default_node_pool: name: remove_default_node_pool title: Remove Default Node Pool + resource_manager_tags: + name: resource_manager_tags + title: Resource Manager Tags resource_usage_export_dataset_id: name: resource_usage_export_dataset_id title: Resource Usage Export Dataset Id diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index 578ad281fa..607937c8ea 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -364,9 +364,13 @@ spec: - https://www.googleapis.com/auth/cloud-platform default-node-pool: [] - name: network_tags - description: (Optional) - List of network tags applied to auto-provisioned node pools. + description: (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: resource_manager_tags + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + varType: map(string) + defaultValue: {} - name: enable_k8s_beta_apis description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. varType: list(string) diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index c496007585..c5a1b8f67d 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -377,11 +377,17 @@ variable "node_pools_oauth_scopes" { } variable "network_tags" { - description = "(Optional) - List of network tags applied to auto-provisioned node pools." + description = "(Optional) - List of network tags applied to autopilot and auto-provisioned node pools." type = list(string) default = [] } +variable "resource_manager_tags" { + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + type = map(string) + default = {} +} + variable "enable_k8s_beta_apis" { description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." type = list(string) diff --git a/modules/gke-autopilot-cluster/metadata.yaml b/modules/gke-autopilot-cluster/metadata.yaml index e7e099e668..1daef196b9 100644 --- a/modules/gke-autopilot-cluster/metadata.yaml +++ b/modules/gke-autopilot-cluster/metadata.yaml @@ -569,9 +569,9 @@ spec: roles: - level: Project roles: + - roles/compute.admin - roles/container.admin - roles/iam.serviceAccountUser - - roles/compute.admin services: - compute.googleapis.com - container.googleapis.com diff --git a/modules/gke-standard-cluster/metadata.yaml b/modules/gke-standard-cluster/metadata.yaml index 1fd554dd19..ac3a8b614c 100644 --- a/modules/gke-standard-cluster/metadata.yaml +++ b/modules/gke-standard-cluster/metadata.yaml @@ -1008,9 +1008,9 @@ spec: roles: - level: Project roles: + - roles/iam.serviceAccountUser - roles/compute.admin - roles/container.admin - - roles/iam.serviceAccountUser services: - compute.googleapis.com - container.googleapis.com diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 9bf7205d27..02afc86092 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -267,7 +267,7 @@ Then perform the following commands on the root folder: | network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | -| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no | +| network\_tags | (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. | `list(string)` | `[]` | no | | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no | | node\_pools | List of maps containing node pools | `list(map(any))` | 
[
  {
    "name": "default-node-pool"
  }
]
| no | | node\_pools\_cgroup\_mode | Map of strings containing cgroup node config by node-pool name | `map(string)` | 
{
  "all": "",
  "default-node-pool": ""
}
| no | @@ -294,6 +294,7 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | | security\_posture\_vulnerability\_mode | Security posture vulnerability mode. Accepted values are `VULNERABILITY_DISABLED`, `VULNERABILITY_BASIC`, and `VULNERABILITY_ENTERPRISE`. Defaults to `VULNERABILITY_DISABLED`. | `string` | `"VULNERABILITY_DISABLED"` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 08d74d4498..558485814d 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -265,7 +265,7 @@ resource "google_container_cluster" "primary" { } dynamic "node_pool_auto_config" { - for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] + for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || length(var.resource_manager_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] content { dynamic "network_tags" { for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules) ? [1] : [] @@ -274,6 +274,8 @@ resource "google_container_cluster" "primary" { } } + resource_manager_tags = length(var.resource_manager_tags) > 0 ? var.resource_manager_tags : null + dynamic "linux_node_config" { for_each = local.node_pools_cgroup_mode["all"] != "" ? [1] : [] content { diff --git a/modules/private-cluster-update-variant/metadata.display.yaml b/modules/private-cluster-update-variant/metadata.display.yaml index 6e4b037fb5..d028feb50c 100644 --- a/modules/private-cluster-update-variant/metadata.display.yaml +++ b/modules/private-cluster-update-variant/metadata.display.yaml @@ -406,6 +406,9 @@ spec: remove_default_node_pool: name: remove_default_node_pool title: Remove Default Node Pool + resource_manager_tags: + name: resource_manager_tags + title: Resource Manager Tags resource_usage_export_dataset_id: name: resource_usage_export_dataset_id title: Resource Usage Export Dataset Id diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml index 3e62e97931..af0044dca6 100644 --- a/modules/private-cluster-update-variant/metadata.yaml +++ b/modules/private-cluster-update-variant/metadata.yaml @@ -364,9 +364,13 @@ spec: - https://www.googleapis.com/auth/cloud-platform default-node-pool: [] - name: network_tags - description: (Optional) - List of network tags applied to auto-provisioned node pools. + description: (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: resource_manager_tags + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + varType: map(string) + defaultValue: {} - name: enable_k8s_beta_apis description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. varType: list(string) diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index f6fbd47741..c5ea0b2fd8 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -377,11 +377,17 @@ variable "node_pools_oauth_scopes" { } variable "network_tags" { - description = "(Optional) - List of network tags applied to auto-provisioned node pools." + description = "(Optional) - List of network tags applied to autopilot and auto-provisioned node pools." type = list(string) default = [] } +variable "resource_manager_tags" { + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + type = map(string) + default = {} +} + variable "enable_k8s_beta_apis" { description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." type = list(string) diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 21e88dcc73..0afef338bc 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -245,7 +245,7 @@ Then perform the following commands on the root folder: | network\_policy | Enable network policy addon | `bool` | `false` | no | | network\_policy\_provider | The network policy provider. | `string` | `"CALICO"` | no | | network\_project\_id | The project ID of the shared VPC's host (for shared vpc support) | `string` | `""` | no | -| network\_tags | (Optional) - List of network tags applied to auto-provisioned node pools. | `list(string)` | `[]` | no | +| network\_tags | (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. | `list(string)` | `[]` | no | | node\_metadata | Specifies how node metadata is exposed to the workload running on the node | `string` | `"GKE_METADATA"` | no | | node\_pools | List of maps containing node pools | `list(map(any))` | 
[
  {
    "name": "default-node-pool"
  }
]
| no | | node\_pools\_cgroup\_mode | Map of strings containing cgroup node config by node-pool name | `map(string)` | 
{
  "all": "",
  "default-node-pool": ""
}
| no | @@ -272,6 +272,7 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | | security\_posture\_vulnerability\_mode | Security posture vulnerability mode. Accepted values are `VULNERABILITY_DISABLED`, `VULNERABILITY_BASIC`, and `VULNERABILITY_ENTERPRISE`. Defaults to `VULNERABILITY_DISABLED`. | `string` | `"VULNERABILITY_DISABLED"` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 7be1a89347..c9a03b8405 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -265,7 +265,7 @@ resource "google_container_cluster" "primary" { } dynamic "node_pool_auto_config" { - for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] + for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || length(var.resource_manager_tags) > 0 || var.add_cluster_firewall_rules || local.node_pools_cgroup_mode != null) ? [1] : [] content { dynamic "network_tags" { for_each = var.cluster_autoscaling.enabled && (length(var.network_tags) > 0 || var.add_cluster_firewall_rules) ? [1] : [] @@ -274,6 +274,8 @@ resource "google_container_cluster" "primary" { } } + resource_manager_tags = length(var.resource_manager_tags) > 0 ? var.resource_manager_tags : null + dynamic "linux_node_config" { for_each = local.node_pools_cgroup_mode["all"] != "" ? [1] : [] content { diff --git a/modules/private-cluster/metadata.display.yaml b/modules/private-cluster/metadata.display.yaml index 68bea01a11..6ffe232dc9 100644 --- a/modules/private-cluster/metadata.display.yaml +++ b/modules/private-cluster/metadata.display.yaml @@ -406,6 +406,9 @@ spec: remove_default_node_pool: name: remove_default_node_pool title: Remove Default Node Pool + resource_manager_tags: + name: resource_manager_tags + title: Resource Manager Tags resource_usage_export_dataset_id: name: resource_usage_export_dataset_id title: Resource Usage Export Dataset Id diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml index c1cfade008..1e79d868df 100644 --- a/modules/private-cluster/metadata.yaml +++ b/modules/private-cluster/metadata.yaml @@ -364,9 +364,13 @@ spec: - https://www.googleapis.com/auth/cloud-platform default-node-pool: [] - name: network_tags - description: (Optional) - List of network tags applied to auto-provisioned node pools. + description: (Optional) - List of network tags applied to autopilot and auto-provisioned node pools. varType: list(string) defaultValue: [] + - name: resource_manager_tags + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + varType: map(string) + defaultValue: {} - name: enable_k8s_beta_apis description: (Optional) - List of Kubernetes Beta APIs to enable in cluster. varType: list(string) diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index f6fbd47741..c5ea0b2fd8 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -377,11 +377,17 @@ variable "node_pools_oauth_scopes" { } variable "network_tags" { - description = "(Optional) - List of network tags applied to auto-provisioned node pools." + description = "(Optional) - List of network tags applied to autopilot and auto-provisioned node pools." type = list(string) default = [] } +variable "resource_manager_tags" { + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + type = map(string) + default = {} +} + variable "enable_k8s_beta_apis" { description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." type = list(string) diff --git a/variables.tf b/variables.tf index a3d5bc417a..1b9a5a4035 100644 --- a/variables.tf +++ b/variables.tf @@ -377,11 +377,17 @@ variable "node_pools_oauth_scopes" { } variable "network_tags" { - description = "(Optional) - List of network tags applied to auto-provisioned node pools." + description = "(Optional) - List of network tags applied to autopilot and auto-provisioned node pools." type = list(string) default = [] } +variable "resource_manager_tags" { + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + type = map(string) + default = {} +} + variable "enable_k8s_beta_apis" { description = "(Optional) - List of Kubernetes Beta APIs to enable in cluster." type = list(string) From 2c2393a11dfdf887307564629480c4ec700de0d2 Mon Sep 17 00:00:00 2001 From: Paul Bonser Date: Tue, 16 Sep 2025 12:37:05 -0500 Subject: [PATCH 2/4] re-render to get fixed var description --- README.md | 2 +- metadata.yaml | 2 +- modules/beta-autopilot-private-cluster/README.md | 2 +- modules/beta-autopilot-private-cluster/metadata.yaml | 2 +- modules/beta-autopilot-private-cluster/variables.tf | 2 +- modules/beta-autopilot-public-cluster/README.md | 2 +- modules/beta-autopilot-public-cluster/metadata.yaml | 2 +- modules/beta-autopilot-public-cluster/variables.tf | 2 +- modules/beta-private-cluster-update-variant/README.md | 2 +- modules/beta-private-cluster-update-variant/metadata.yaml | 2 +- modules/beta-private-cluster-update-variant/variables.tf | 2 +- modules/beta-private-cluster/README.md | 2 +- modules/beta-private-cluster/metadata.yaml | 2 +- modules/beta-private-cluster/variables.tf | 2 +- modules/beta-public-cluster-update-variant/README.md | 2 +- modules/beta-public-cluster-update-variant/metadata.yaml | 2 +- modules/beta-public-cluster-update-variant/variables.tf | 2 +- modules/beta-public-cluster/README.md | 2 +- modules/beta-public-cluster/metadata.yaml | 2 +- modules/beta-public-cluster/variables.tf | 2 +- modules/gke-autopilot-cluster/metadata.yaml | 2 +- modules/gke-node-pool/metadata.yaml | 2 +- modules/private-cluster-update-variant/README.md | 2 +- modules/private-cluster-update-variant/metadata.yaml | 2 +- modules/private-cluster-update-variant/variables.tf | 2 +- modules/private-cluster/README.md | 2 +- modules/private-cluster/metadata.yaml | 2 +- modules/private-cluster/variables.tf | 2 +- variables.tf | 2 +- 29 files changed, 29 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 215983798c..69c9b47884 100644 --- a/README.md +++ b/README.md @@ -260,7 +260,7 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | -| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: "tagKeys/{tag\_key\_id}"="tagValues/{tag\_value\_id}", "{org\_id}/{tag\_key\_name}"="{tag\_value\_name}", "{project\_id}/{tag\_key\_name}"="{tag\_value\_name}". | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | | security\_posture\_vulnerability\_mode | Security posture vulnerability mode. Accepted values are `VULNERABILITY_DISABLED`, `VULNERABILITY_BASIC`, and `VULNERABILITY_ENTERPRISE`. Defaults to `VULNERABILITY_DISABLED`. | `string` | `"VULNERABILITY_DISABLED"` | no | diff --git a/metadata.yaml b/metadata.yaml index a8df869818..84ec0d1b37 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -408,7 +408,7 @@ spec: varType: list(string) defaultValue: [] - name: resource_manager_tags - description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." varType: map(string) defaultValue: {} - name: enable_k8s_beta_apis diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index f1ef858228..98f63e3616 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -156,7 +156,7 @@ Then perform the following commands on the root folder: | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | -| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: "tagKeys/{tag\_key\_id}"="tagValues/{tag\_value\_id}", "{org\_id}/{tag\_key\_name}"="{tag\_value\_name}", "{project\_id}/{tag\_key\_name}"="{tag\_value\_name}". | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | | security\_posture\_vulnerability\_mode | Security posture vulnerability mode. Accepted values are `VULNERABILITY_DISABLED`, `VULNERABILITY_BASIC`, and `VULNERABILITY_ENTERPRISE`. Defaults to `VULNERABILITY_DISABLED`. | `string` | `"VULNERABILITY_DISABLED"` | no | diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml index d36b601680..28d06e78fb 100644 --- a/modules/beta-autopilot-private-cluster/metadata.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.yaml @@ -250,7 +250,7 @@ spec: varType: list(string) defaultValue: [] - name: resource_manager_tags - description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." varType: map(string) defaultValue: {} - name: enable_k8s_beta_apis diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 3e03612b25..e3a2994ef0 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -215,7 +215,7 @@ variable "network_tags" { } variable "resource_manager_tags" { - description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." type = map(string) default = {} } diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 334cb7babb..e700171a0d 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -144,7 +144,7 @@ Then perform the following commands on the root folder: | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no | | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | -| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: "tagKeys/{tag\_key\_id}"="tagValues/{tag\_value\_id}", "{org\_id}/{tag\_key\_name}"="{tag\_value\_name}", "{project\_id}/{tag\_key\_name}"="{tag\_value\_name}". | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | | security\_posture\_vulnerability\_mode | Security posture vulnerability mode. Accepted values are `VULNERABILITY_DISABLED`, `VULNERABILITY_BASIC`, and `VULNERABILITY_ENTERPRISE`. Defaults to `VULNERABILITY_DISABLED`. | `string` | `"VULNERABILITY_DISABLED"` | no | diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml index 58edd543e4..c33d72b311 100644 --- a/modules/beta-autopilot-public-cluster/metadata.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.yaml @@ -250,7 +250,7 @@ spec: varType: list(string) defaultValue: [] - name: resource_manager_tags - description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." varType: map(string) defaultValue: {} - name: enable_k8s_beta_apis diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index 0b9cbaa56f..c1851816f1 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -215,7 +215,7 @@ variable "network_tags" { } variable "resource_manager_tags" { - description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." type = map(string) default = {} } diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 171cfb53a0..436d3b1b82 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -305,7 +305,7 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | -| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: "tagKeys/{tag\_key\_id}"="tagValues/{tag\_value\_id}", "{org\_id}/{tag\_key\_name}"="{tag\_value\_name}", "{project\_id}/{tag\_key\_name}"="{tag\_value\_name}". | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | `bool` | `false` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index 536ea88aa7..3e79273106 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -368,7 +368,7 @@ spec: varType: list(string) defaultValue: [] - name: resource_manager_tags - description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." varType: map(string) defaultValue: {} - name: enable_k8s_beta_apis diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 362f106324..f5c82851a2 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -383,7 +383,7 @@ variable "network_tags" { } variable "resource_manager_tags" { - description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." type = map(string) default = {} } diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 4d503ac8c1..1f1079ba10 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -283,7 +283,7 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | -| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: "tagKeys/{tag\_key\_id}"="tagValues/{tag\_value\_id}", "{org\_id}/{tag\_key\_name}"="{tag\_value\_name}", "{project\_id}/{tag\_key\_name}"="{tag\_value\_name}". | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | `bool` | `false` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index 24fab96f33..359d737ecd 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -368,7 +368,7 @@ spec: varType: list(string) defaultValue: [] - name: resource_manager_tags - description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." varType: map(string) defaultValue: {} - name: enable_k8s_beta_apis diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 362f106324..f5c82851a2 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -383,7 +383,7 @@ variable "network_tags" { } variable "resource_manager_tags" { - description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." type = map(string) default = {} } diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 549e6784d0..3ab46dae72 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -293,7 +293,7 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | -| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: "tagKeys/{tag\_key\_id}"="tagValues/{tag\_value\_id}", "{org\_id}/{tag\_key\_name}"="{tag\_value\_name}", "{project\_id}/{tag\_key\_name}"="{tag\_value\_name}". | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | `bool` | `false` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index 210231fa50..853f62f754 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -368,7 +368,7 @@ spec: varType: list(string) defaultValue: [] - name: resource_manager_tags - description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." varType: map(string) defaultValue: {} - name: enable_k8s_beta_apis diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index c5a1b8f67d..8f536ce1ce 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -383,7 +383,7 @@ variable "network_tags" { } variable "resource_manager_tags" { - description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." type = map(string) default = {} } diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 68257c2a3a..c37bce528a 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -271,7 +271,7 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | -| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: "tagKeys/{tag\_key\_id}"="tagValues/{tag\_value\_id}", "{org\_id}/{tag\_key\_name}"="{tag\_value\_name}", "{project\_id}/{tag\_key\_name}"="{tag\_value\_name}". | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | `bool` | `false` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index 607937c8ea..0cddb61efd 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -368,7 +368,7 @@ spec: varType: list(string) defaultValue: [] - name: resource_manager_tags - description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." varType: map(string) defaultValue: {} - name: enable_k8s_beta_apis diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index c5a1b8f67d..8f536ce1ce 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -383,7 +383,7 @@ variable "network_tags" { } variable "resource_manager_tags" { - description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." type = map(string) default = {} } diff --git a/modules/gke-autopilot-cluster/metadata.yaml b/modules/gke-autopilot-cluster/metadata.yaml index 1daef196b9..bfb5ffe858 100644 --- a/modules/gke-autopilot-cluster/metadata.yaml +++ b/modules/gke-autopilot-cluster/metadata.yaml @@ -569,9 +569,9 @@ spec: roles: - level: Project roles: + - roles/iam.serviceAccountUser - roles/compute.admin - roles/container.admin - - roles/iam.serviceAccountUser services: - compute.googleapis.com - container.googleapis.com diff --git a/modules/gke-node-pool/metadata.yaml b/modules/gke-node-pool/metadata.yaml index 81c47a604a..85a4f9fa73 100644 --- a/modules/gke-node-pool/metadata.yaml +++ b/modules/gke-node-pool/metadata.yaml @@ -409,9 +409,9 @@ spec: roles: - level: Project roles: - - roles/compute.admin - roles/container.admin - roles/iam.serviceAccountUser + - roles/compute.admin services: - compute.googleapis.com - container.googleapis.com diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 02afc86092..234e255cee 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -294,7 +294,7 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | -| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: "tagKeys/{tag\_key\_id}"="tagValues/{tag\_value\_id}", "{org\_id}/{tag\_key\_name}"="{tag\_value\_name}", "{project\_id}/{tag\_key\_name}"="{tag\_value\_name}". | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | | security\_posture\_vulnerability\_mode | Security posture vulnerability mode. Accepted values are `VULNERABILITY_DISABLED`, `VULNERABILITY_BASIC`, and `VULNERABILITY_ENTERPRISE`. Defaults to `VULNERABILITY_DISABLED`. | `string` | `"VULNERABILITY_DISABLED"` | no | diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml index af0044dca6..f639e67fc2 100644 --- a/modules/private-cluster-update-variant/metadata.yaml +++ b/modules/private-cluster-update-variant/metadata.yaml @@ -368,7 +368,7 @@ spec: varType: list(string) defaultValue: [] - name: resource_manager_tags - description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." varType: map(string) defaultValue: {} - name: enable_k8s_beta_apis diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index c5ea0b2fd8..ed867a7afe 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -383,7 +383,7 @@ variable "network_tags" { } variable "resource_manager_tags" { - description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." type = map(string) default = {} } diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 0afef338bc..1010af8cf8 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -272,7 +272,7 @@ Then perform the following commands on the root folder: | registry\_project\_ids | Projects holding Google Container Registries. If empty, we use the cluster project. If a service account is created and the `grant_registry_access` variable is set to `true`, the `storage.objectViewer` and `artifactregsitry.reader` roles are assigned on these projects. | `list(string)` | `[]` | no | | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | `string` | `"REGULAR"` | no | | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no | -| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}` | `map(string)` | `{}` | no | +| resource\_manager\_tags | (Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: "tagKeys/{tag\_key\_id}"="tagValues/{tag\_value\_id}", "{org\_id}/{tag\_key\_name}"="{tag\_value\_name}", "{project\_id}/{tag\_key\_name}"="{tag\_value\_name}". | `map(string)` | `{}` | no | | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no | | security\_posture\_mode | Security posture mode. Accepted values are `DISABLED` and `BASIC`. Defaults to `DISABLED`. | `string` | `"DISABLED"` | no | | security\_posture\_vulnerability\_mode | Security posture vulnerability mode. Accepted values are `VULNERABILITY_DISABLED`, `VULNERABILITY_BASIC`, and `VULNERABILITY_ENTERPRISE`. Defaults to `VULNERABILITY_DISABLED`. | `string` | `"VULNERABILITY_DISABLED"` | no | diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml index 1e79d868df..fcd7f1d498 100644 --- a/modules/private-cluster/metadata.yaml +++ b/modules/private-cluster/metadata.yaml @@ -368,7 +368,7 @@ spec: varType: list(string) defaultValue: [] - name: resource_manager_tags - description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description: "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." varType: map(string) defaultValue: {} - name: enable_k8s_beta_apis diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index c5ea0b2fd8..ed867a7afe 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -383,7 +383,7 @@ variable "network_tags" { } variable "resource_manager_tags" { - description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." type = map(string) default = {} } diff --git a/variables.tf b/variables.tf index 1b9a5a4035..42f3201cfa 100644 --- a/variables.tf +++ b/variables.tf @@ -383,7 +383,7 @@ variable "network_tags" { } variable "resource_manager_tags" { - description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: `tagKeys/{tag_key_id}=tagValues/{tag_value_id}`, `{org_id}/{tag_key_name}={tag_value_name}`, `{project_id}/{tag_key_name}={tag_value_name}`" + description = "(Optional) - List of resource manager tags applied to autopilot and auto-provisioned node pools. A maximum of 5 tags can be specified. Tags must be in one of these formats: \"tagKeys/{tag_key_id}\"=\"tagValues/{tag_value_id}\", \"{org_id}/{tag_key_name}\"=\"{tag_value_name}\", \"{project_id}/{tag_key_name}\"=\"{tag_value_name}\"." type = map(string) default = {} } From b176ba3554e2e9162d7fe325661bba4f260b68f4 Mon Sep 17 00:00:00 2001 From: Paul Bonser Date: Wed, 24 Sep 2025 20:03:19 -0500 Subject: [PATCH 3/4] add check to node_pool test --- examples/gke_autopilot_cluster/main.tf | 2 +- examples/gke_standard_cluster/main.tf | 8 ++++---- examples/node_pool/main.tf | 18 ++++++++++++++++++ test/integration/node_pool/node_pool_test.go | 5 +++++ .../node_pool/testdata/TestNodePool.json | 2 +- test/setup/iam.tf | 3 ++- test/setup/main.tf | 2 +- 7 files changed, 32 insertions(+), 8 deletions(-) diff --git a/examples/gke_autopilot_cluster/main.tf b/examples/gke_autopilot_cluster/main.tf index 61f32bc8fa..ce0119025e 100644 --- a/examples/gke_autopilot_cluster/main.tf +++ b/examples/gke_autopilot_cluster/main.tf @@ -36,7 +36,7 @@ module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/gke-autopilot-cluster" version = "~> 38.0" - project_id = var.project_id + project_id = var.project_id name = "${local.cluster_type}-cluster" location = var.region network = module.gcp-network.network_self_link diff --git a/examples/gke_standard_cluster/main.tf b/examples/gke_standard_cluster/main.tf index d3927472e6..9ef7407a0e 100644 --- a/examples/gke_standard_cluster/main.tf +++ b/examples/gke_standard_cluster/main.tf @@ -37,7 +37,7 @@ module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/gke-standard-cluster" version = "~> 38.0" - project_id = var.project_id + project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" location = var.region network = var.network @@ -87,9 +87,9 @@ module "node_pool" { source = "terraform-google-modules/kubernetes-engine/google//modules/gke-node-pool" version = "~> 38.0" - project_id = var.project_id - location = var.region - cluster = module.gke.cluster_name + project_id = var.project_id + location = var.region + cluster = module.gke.cluster_name node_config = { disk_size_gb = 100 disk_type = "pd-standard" diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index 0c9dbde134..c526c2d369 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -26,6 +26,20 @@ provider "kubernetes" { cluster_ca_certificate = base64decode(module.gke.ca_certificate) } +resource "google_tags_tag_key" "key" { + parent = "projects/${var.project_id}" + short_name = "key${var.cluster_name_suffix}" + purpose = "GCE_FIREWALL" + purpose_data = { + network = "${var.project_id}/${var.network}" + } +} + +resource "google_tags_tag_value" "value" { + parent = google_tags_tag_key.key.id + short_name = "value${var.cluster_name_suffix}" +} + module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster" version = "~> 38.0" @@ -47,6 +61,10 @@ module "gke" { logging_variant = "MAX_THROUGHPUT" dns_allow_external_traffic = true + resource_manager_tags = { + "${var.project_id}/${google_tags_tag_key.key.short_name}" = google_tags_tag_value.value.short_name + } + node_pools = [ { name = "pool-01" diff --git a/test/integration/node_pool/node_pool_test.go b/test/integration/node_pool/node_pool_test.go index f030ad0bd9..8b4140d5a1 100644 --- a/test/integration/node_pool/node_pool_test.go +++ b/test/integration/node_pool/node_pool_test.go @@ -63,6 +63,11 @@ func TestNodePool(t *testing.T) { testutils.TGKEAssertGolden(assert, g, &cluster, []string{"pool-01", "pool-02", "pool-03", "pool-04", "pool-05"}, []string{"monitoringConfig.componentConfig.enableComponents"}) // TODO: enableComponents is UL assert.Contains([]string{"RUNNING", "RECONCILING"}, cluster.Get("status").String()) + // Resource Manager Tag Assertions + // TGKEAssertGolden doesn't work work with sanitized keys + tagKeyPath := fmt.Sprintf("nodePoolAutoConfig.resourceManagerTags.tags.%s/key-%s", projectId, randomString) + assert.Equal("value-"+randomString, cluster.Get(tagKeyPath).String()) + // K8s Assertions assert.JSONEq(`[ { diff --git a/test/integration/node_pool/testdata/TestNodePool.json b/test/integration/node_pool/testdata/TestNodePool.json index 3c4014a0c1..7916c7ce20 100644 --- a/test/integration/node_pool/testdata/TestNodePool.json +++ b/test/integration/node_pool/testdata/TestNodePool.json @@ -812,4 +812,4 @@ "workloadPool": "PROJECT_ID.svc.id.goog" }, "zone": "europe-west4" -} +} \ No newline at end of file diff --git a/test/setup/iam.tf b/test/setup/iam.tf index f48e8b8a32..ca073a7721 100644 --- a/test/setup/iam.tf +++ b/test/setup/iam.tf @@ -35,7 +35,8 @@ locals { "roles/iap.admin", "roles/gkehub.admin", "roles/cloudasset.viewer", - "roles/serviceusage.serviceUsageConsumer" + "roles/serviceusage.serviceUsageConsumer", + "roles/resourcemanager.tagAdmin", ] # roles as documented https://cloud.google.com/service-mesh/docs/installation-permissions diff --git a/test/setup/main.tf b/test/setup/main.tf index bff9990be8..85c3fa114c 100644 --- a/test/setup/main.tf +++ b/test/setup/main.tf @@ -80,7 +80,7 @@ module "gke-project-1" { activate_api_identities = [ { api = "container.googleapis.com" - roles = ["roles/cloudkms.cryptoKeyEncrypterDecrypter", "roles/container.serviceAgent"] + roles = ["roles/cloudkms.cryptoKeyEncrypterDecrypter", "roles/container.serviceAgent", "roles/resourcemanager.tagUser", "roles/resourcemanager.tagHoldAdmin"] }, ] } From c0c655036fdef011281a656aec0eccd96ab4afd8 Mon Sep 17 00:00:00 2001 From: Paul Bonser Date: Thu, 25 Sep 2025 11:01:42 -0500 Subject: [PATCH 4/4] re-add newline --- test/integration/node_pool/testdata/TestNodePool.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/node_pool/testdata/TestNodePool.json b/test/integration/node_pool/testdata/TestNodePool.json index 7916c7ce20..3c4014a0c1 100644 --- a/test/integration/node_pool/testdata/TestNodePool.json +++ b/test/integration/node_pool/testdata/TestNodePool.json @@ -812,4 +812,4 @@ "workloadPool": "PROJECT_ID.svc.id.goog" }, "zone": "europe-west4" -} \ No newline at end of file +}