fix!: remove istio and kalm

Author: apeabody

autogen/main/README.md

@@ -92,7 +92,6 @@ module "gke" {
   enable_private_nodes       = true
   {% endif %}
   {% if beta_cluster and autopilot_cluster != true  %}
-  istio                      = true
   cloudrun                   = true
   {% endif %}
   dns_cache                  = false

autogen/main/cluster.tf.tmpl

@@ -501,22 +501,13 @@ resource "google_container_cluster" "primary" {
     {% endif %}
 
     {% if beta_cluster and autopilot_cluster != true %}
-    istio_config {
-      disabled = !var.istio
-      auth     = var.istio_auth
-    }
-
     dynamic "cloudrun_config" {
       for_each = local.cluster_cloudrun_config
 
       content {
         disabled = cloudrun_config.value.disabled
       }
     }
-
-    kalm_config {
-      enabled = var.kalm_config
-    }
     {% endif %}
   }
   {% if autopilot_cluster %}

autogen/main/main.tf.tmpl

@@ -176,7 +176,6 @@ locals {
 
 {% if beta_cluster %}
   # BETA features
-  cluster_output_istio_disabled              = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
   cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false
 
   # /BETA features
@@ -239,7 +238,6 @@ locals {
 
 {% if beta_cluster %}
   # BETA features
-  cluster_istio_enabled               = !local.cluster_output_istio_disabled
   {% if autopilot_cluster != true %}
   cluster_telemetry_type_is_set       = var.cluster_telemetry_type != null
   {% endif %}

autogen/main/outputs.tf.tmpl

@@ -230,11 +230,6 @@ output "cloudrun_enabled" {
   {% endif %}
 }
 
-output "istio_enabled" {
-  description = "Whether Istio is enabled"
-  value       = local.cluster_istio_enabled
-}
-
 output "pod_security_policy_enabled" {
   description = "Whether pod security policy is enabled"
   value       = local.cluster_pod_security_policy_enabled

autogen/main/variables.tf.tmpl

@@ -1122,24 +1122,6 @@ variable "enable_multi_networking" {
 {% if beta_cluster %}
   {% if autopilot_cluster != true %}
 
-variable "istio" {
-  description = "(Beta) Enable Istio addon"
-  type        = bool
-  default     = false
-}
-
-variable "istio_auth" {
-  type        = string
-  description = "(Beta) The authentication type between services in Istio."
-  default     = "AUTH_MUTUAL_TLS"
-}
-
-variable "kalm_config" {
-  type        = bool
-  description = "(Beta) Whether KALM is enabled for this cluster."
-  default     = false
-}
-
 variable "cloudrun" {
   description = "(Beta) Enable CloudRun addon"
   type        = bool

autogen/safer-cluster/README.md

@@ -31,8 +31,8 @@ are available for configuration, recommendations on their settings are documente
 
     -   Placing them in the same cluster will provide fast network
         communication, and the different namespaces will be configured to
-        provide some administrative isolation. Istio will be used to encrypt and
-        control communication between applications.
+        provide some administrative isolation. Cloud Service Mesh can be used to
+        encrypt and control communication between applications.
 
 -   We suggest to store user or business data persistently in managed storage
     services that are inventoried and controlled by centralized teams.

autogen/safer-cluster/main.tf.tmpl

@@ -150,10 +150,6 @@ module "gke" {
 
   master_ipv4_cidr_block = var.master_ipv4_cidr_block
 
-  // Istio is recommended for pod-to-pod communications.
-  istio      = var.istio
-  istio_auth = var.istio_auth
-
   cloudrun = var.cloudrun
 
   dns_cache = var.dns_cache

autogen/safer-cluster/variables.tf.tmpl

@@ -323,18 +323,6 @@ variable "master_ipv4_cidr_block" {
   default     = "10.0.0.0/28"
 }
 
-variable "istio" {
-  description = "(Beta) Enable Istio addon"
-  type        = bool
-  default     = false
-}
-
-variable "istio_auth" {
-  type        = string
-  description = "(Beta) The authentication type between services in Istio."
-  default     = "AUTH_MUTUAL_TLS"
-}
-
 variable "dns_cache" {
   type        = bool
   description = "(Beta) The status of the NodeLocal DNSCache addon."

docs/upgrading_to_v43.0.md

@@ -0,0 +1,16 @@
+# Upgrading to v43.0
+The v43.0 release of *kubernetes-engine* is a backwards incompatible release.
+
+## Migration Guide
+
+### `kalm_config` Removal
+
+The `kalm_config` variable has been removed.
+
+Users currently including `kalm_config` should remove this variable from their module definition.
+
+### `istio_config` Removal
+
+The `istio` and `istio_auth` variables have been removed.  The `istio_enabled` output has also been removed from these modules and the autopilot beta modules.
+
+Users currently using the GKE Istio addon should migrate to Anthos Service Mesh (ASM) or another service mesh solution.

modules/beta-autopilot-private-cluster/README.md

@@ -194,7 +194,6 @@ Then perform the following commands on the root folder:
 | identity\_namespace | Workload Identity pool |
 | identity\_service\_enabled | Whether Identity Service is enabled |
 | intranode\_visibility\_enabled | Whether intra-node visibility is enabled |
-| istio\_enabled | Whether Istio is enabled |
 | location | Cluster location (region if regional cluster, zone if zonal cluster) |
 | logging\_service | Logging service used |
 | master\_authorized\_networks\_config | Networks from which access to master is permitted |