diff --git a/autogen/main/README.md b/autogen/main/README.md index d8559f66a1..f59184d88a 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -92,7 +92,6 @@ module "gke" { enable_private_nodes = true {% endif %} {% if beta_cluster and autopilot_cluster != true %} - istio = true cloudrun = true {% endif %} dns_cache = false diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index aa9a960938..20a8dfd2d2 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -501,11 +501,6 @@ resource "google_container_cluster" "primary" { {% endif %} {% if beta_cluster and autopilot_cluster != true %} - istio_config { - disabled = !var.istio - auth = var.istio_auth - } - dynamic "cloudrun_config" { for_each = local.cluster_cloudrun_config @@ -513,10 +508,6 @@ resource "google_container_cluster" "primary" { disabled = cloudrun_config.value.disabled } } - - kalm_config { - enabled = var.kalm_config - } {% endif %} } {% if autopilot_cluster %} diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index ce3268200c..0034bdd5fe 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -176,7 +176,6 @@ locals { {% if beta_cluster %} # BETA features - cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false # /BETA features @@ -239,7 +238,6 @@ locals { {% if beta_cluster %} # BETA features - cluster_istio_enabled = !local.cluster_output_istio_disabled {% if autopilot_cluster != true %} cluster_telemetry_type_is_set = var.cluster_telemetry_type != null {% endif %} diff --git a/autogen/main/outputs.tf.tmpl b/autogen/main/outputs.tf.tmpl index 767edfdfb1..fa9e33c5bf 100644 --- a/autogen/main/outputs.tf.tmpl +++ b/autogen/main/outputs.tf.tmpl @@ -230,11 +230,6 @@ output "cloudrun_enabled" { {% endif %} } -output "istio_enabled" { - description = "Whether Istio is enabled" - value = local.cluster_istio_enabled -} - output "pod_security_policy_enabled" { description = "Whether pod security policy is enabled" value = local.cluster_pod_security_policy_enabled diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index d431e1be02..d58e58cc3a 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -1122,24 +1122,6 @@ variable "enable_multi_networking" { {% if beta_cluster %} {% if autopilot_cluster != true %} -variable "istio" { - description = "(Beta) Enable Istio addon" - type = bool - default = false -} - -variable "istio_auth" { - type = string - description = "(Beta) The authentication type between services in Istio." - default = "AUTH_MUTUAL_TLS" -} - -variable "kalm_config" { - type = bool - description = "(Beta) Whether KALM is enabled for this cluster." - default = false -} - variable "cloudrun" { description = "(Beta) Enable CloudRun addon" type = bool diff --git a/autogen/safer-cluster/README.md b/autogen/safer-cluster/README.md index 772dff12d4..b20203a0f5 100644 --- a/autogen/safer-cluster/README.md +++ b/autogen/safer-cluster/README.md @@ -31,8 +31,8 @@ are available for configuration, recommendations on their settings are documente - Placing them in the same cluster will provide fast network communication, and the different namespaces will be configured to - provide some administrative isolation. Istio will be used to encrypt and - control communication between applications. + provide some administrative isolation. Cloud Service Mesh can be used to + encrypt and control communication between applications. - We suggest to store user or business data persistently in managed storage services that are inventoried and controlled by centralized teams. diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl index 8415104812..2f38b49b64 100644 --- a/autogen/safer-cluster/main.tf.tmpl +++ b/autogen/safer-cluster/main.tf.tmpl @@ -150,10 +150,6 @@ module "gke" { master_ipv4_cidr_block = var.master_ipv4_cidr_block - // Istio is recommended for pod-to-pod communications. - istio = var.istio - istio_auth = var.istio_auth - cloudrun = var.cloudrun dns_cache = var.dns_cache diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl index 4627cb489f..7b4c9def0a 100644 --- a/autogen/safer-cluster/variables.tf.tmpl +++ b/autogen/safer-cluster/variables.tf.tmpl @@ -323,18 +323,6 @@ variable "master_ipv4_cidr_block" { default = "10.0.0.0/28" } -variable "istio" { - description = "(Beta) Enable Istio addon" - type = bool - default = false -} - -variable "istio_auth" { - type = string - description = "(Beta) The authentication type between services in Istio." - default = "AUTH_MUTUAL_TLS" -} - variable "dns_cache" { type = bool description = "(Beta) The status of the NodeLocal DNSCache addon." diff --git a/docs/upgrading_to_v43.0.md b/docs/upgrading_to_v43.0.md new file mode 100644 index 0000000000..e20c07620f --- /dev/null +++ b/docs/upgrading_to_v43.0.md @@ -0,0 +1,16 @@ +# Upgrading to v43.0 +The v43.0 release of *kubernetes-engine* is a backwards incompatible release. + +## Migration Guide + +### `kalm_config` Removal + +The `kalm_config` variable has been removed. + +Users currently including `kalm_config` should remove this variable from their module definition. + +### `istio_config` Removal + +The `istio` and `istio_auth` variables have been removed. The `istio_enabled` output has also been removed from these modules and the autopilot beta modules. + +Users currently using the GKE Istio addon should migrate to Anthos Service Mesh (ASM) or another service mesh solution. diff --git a/examples/acm-terraform-blog-part1/terraform/gke.tf b/examples/acm-terraform-blog-part1/terraform/gke.tf index 3beb5216c2..8c587ae0a8 100644 --- a/examples/acm-terraform-blog-part1/terraform/gke.tf +++ b/examples/acm-terraform-blog-part1/terraform/gke.tf @@ -31,7 +31,7 @@ module "enabled_google_apis" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = module.enabled_google_apis.project_id name = "sfl-acm-part1" region = var.region diff --git a/examples/acm-terraform-blog-part2/terraform/gke.tf b/examples/acm-terraform-blog-part2/terraform/gke.tf index 81091740f7..8899ab17ea 100644 --- a/examples/acm-terraform-blog-part2/terraform/gke.tf +++ b/examples/acm-terraform-blog-part2/terraform/gke.tf @@ -31,7 +31,7 @@ module "enabled_google_apis" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = module.enabled_google_apis.project_id name = "sfl-acm-part2" region = var.region diff --git a/examples/acm-terraform-blog-part3/terraform/gke.tf b/examples/acm-terraform-blog-part3/terraform/gke.tf index 2f7c179cab..d24a2e1965 100644 --- a/examples/acm-terraform-blog-part3/terraform/gke.tf +++ b/examples/acm-terraform-blog-part3/terraform/gke.tf @@ -33,7 +33,7 @@ module "enabled_google_apis" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = module.enabled_google_apis.project_id name = "sfl-acm-part3" region = var.region @@ -48,7 +48,7 @@ module "gke" { module "wi" { source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity" - version = "~> 41.0" + version = "~> 42.0" gcp_sa_name = "cnrmsa" cluster_name = module.gke.name name = "cnrm-controller-manager" diff --git a/examples/autopilot_private_firewalls/main.tf b/examples/autopilot_private_firewalls/main.tf index 6fa2a0e9c1..b7ffdc7670 100644 --- a/examples/autopilot_private_firewalls/main.tf +++ b/examples/autopilot_private_firewalls/main.tf @@ -34,7 +34,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster" diff --git a/examples/confidential_autopilot_private/main.tf b/examples/confidential_autopilot_private/main.tf index ebea6b7ca8..f44f1f3fa2 100644 --- a/examples/confidential_autopilot_private/main.tf +++ b/examples/confidential_autopilot_private/main.tf @@ -54,7 +54,7 @@ resource "google_kms_crypto_key_iam_member" "main" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster" diff --git a/examples/confidential_safer_cluster/main.tf b/examples/confidential_safer_cluster/main.tf index 1cda96cdf4..de34a517a9 100644 --- a/examples/confidential_safer_cluster/main.tf +++ b/examples/confidential_safer_cluster/main.tf @@ -62,7 +62,7 @@ resource "google_kms_crypto_key_iam_member" "main" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster-${random_string.suffix.result}" diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf index 38ad3813a0..b03b31cc4a 100644 --- a/examples/deploy_service/main.tf +++ b/examples/deploy_service/main.tf @@ -28,7 +28,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/disable_client_cert/main.tf b/examples/disable_client_cert/main.tf index 1f8411260f..8d07c9625f 100644 --- a/examples/disable_client_cert/main.tf +++ b/examples/disable_client_cert/main.tf @@ -28,7 +28,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/gke_autopilot_cluster/main.tf b/examples/gke_autopilot_cluster/main.tf index 78780ddf3b..47aa54603b 100644 --- a/examples/gke_autopilot_cluster/main.tf +++ b/examples/gke_autopilot_cluster/main.tf @@ -34,7 +34,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/gke-autopilot-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster" diff --git a/examples/gke_standard_cluster/main.tf b/examples/gke_standard_cluster/main.tf index f4a8745bfd..5dec074da7 100644 --- a/examples/gke_standard_cluster/main.tf +++ b/examples/gke_standard_cluster/main.tf @@ -35,7 +35,7 @@ data "google_compute_subnetwork" "subnetwork" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/gke-standard-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" @@ -85,7 +85,7 @@ module "gke" { module "node_pool" { source = "terraform-google-modules/kubernetes-engine/google//modules/gke-node-pool" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id location = var.region diff --git a/examples/island_cluster_anywhere_in_gcp_design/main.tf b/examples/island_cluster_anywhere_in_gcp_design/main.tf index d71248c8d6..441dd0d5b2 100644 --- a/examples/island_cluster_anywhere_in_gcp_design/main.tf +++ b/examples/island_cluster_anywhere_in_gcp_design/main.tf @@ -27,7 +27,7 @@ resource "google_service_account" "gke-sa" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster" - version = "~> 41.0" + version = "~> 42.0" for_each = { for k, v in var.gke_spokes : k => v } diff --git a/examples/island_cluster_with_vm_router/main.tf b/examples/island_cluster_with_vm_router/main.tf index 5af89e5a65..77d236fa69 100644 --- a/examples/island_cluster_with_vm_router/main.tf +++ b/examples/island_cluster_with_vm_router/main.tf @@ -143,7 +143,7 @@ module "net" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster" - version = "~> 41.0" + version = "~> 42.0" depends_on = [google_compute_instance.vm] diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index 5603d10472..e448e35945 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -42,7 +42,7 @@ resource "google_tags_tag_value" "value" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/node_pool_update_variant/main.tf b/examples/node_pool_update_variant/main.tf index da36030e4b..ec2afd1232 100644 --- a/examples/node_pool_update_variant/main.tf +++ b/examples/node_pool_update_variant/main.tf @@ -34,7 +34,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster-update-variant" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/node_pool_update_variant_beta/main.tf b/examples/node_pool_update_variant_beta/main.tf index 16be327d8c..d8cd0a4489 100644 --- a/examples/node_pool_update_variant_beta/main.tf +++ b/examples/node_pool_update_variant_beta/main.tf @@ -39,7 +39,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster-update-variant" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/node_pool_update_variant_public_beta/main.tf b/examples/node_pool_update_variant_public_beta/main.tf index 99e1f041fb..e63f23fb33 100644 --- a/examples/node_pool_update_variant_public_beta/main.tf +++ b/examples/node_pool_update_variant_public_beta/main.tf @@ -39,7 +39,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster-update-variant" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/private_zonal_with_networking/main.tf b/examples/private_zonal_with_networking/main.tf index 6cbb7574cc..87bea033b6 100644 --- a/examples/private_zonal_with_networking/main.tf +++ b/examples/private_zonal_with_networking/main.tf @@ -61,7 +61,7 @@ data "google_compute_subnetwork" "subnetwork" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = var.cluster_name diff --git a/examples/regional_private_node_pool_oauth_scopes/main.tf b/examples/regional_private_node_pool_oauth_scopes/main.tf index e981880b46..39e0e4b5d0 100644 --- a/examples/regional_private_node_pool_oauth_scopes/main.tf +++ b/examples/regional_private_node_pool_oauth_scopes/main.tf @@ -16,7 +16,7 @@ module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "random-test-cluster" diff --git a/examples/safer_cluster/main.tf b/examples/safer_cluster/main.tf index ecbeffcb5f..f22bbdaf1c 100644 --- a/examples/safer_cluster/main.tf +++ b/examples/safer_cluster/main.tf @@ -52,7 +52,7 @@ resource "random_shuffle" "version" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster-${random_string.suffix.result}" diff --git a/examples/safer_cluster_iap_bastion/cluster.tf b/examples/safer_cluster_iap_bastion/cluster.tf index 2635e4b241..0b6ed538b7 100644 --- a/examples/safer_cluster_iap_bastion/cluster.tf +++ b/examples/safer_cluster_iap_bastion/cluster.tf @@ -16,7 +16,7 @@ module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = module.enabled_google_apis.project_id name = var.cluster_name diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf index 7784c0938c..ca6c13265c 100644 --- a/examples/shared_vpc/main.tf +++ b/examples/shared_vpc/main.tf @@ -28,7 +28,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/simple_autopilot_private/main.tf b/examples/simple_autopilot_private/main.tf index 62f0f94185..1b332219aa 100644 --- a/examples/simple_autopilot_private/main.tf +++ b/examples/simple_autopilot_private/main.tf @@ -34,7 +34,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster" diff --git a/examples/simple_autopilot_private_cmek/main.tf b/examples/simple_autopilot_private_cmek/main.tf index 9eb352bb6a..cf0328ec38 100644 --- a/examples/simple_autopilot_private_cmek/main.tf +++ b/examples/simple_autopilot_private_cmek/main.tf @@ -56,7 +56,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster" diff --git a/examples/simple_autopilot_private_non_default_sa/main.tf b/examples/simple_autopilot_private_non_default_sa/main.tf index d5d974842b..d029dbe0f9 100644 --- a/examples/simple_autopilot_private_non_default_sa/main.tf +++ b/examples/simple_autopilot_private_non_default_sa/main.tf @@ -35,7 +35,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster" diff --git a/examples/simple_autopilot_public/main.tf b/examples/simple_autopilot_public/main.tf index 4bb10a54a1..342dbc2b37 100644 --- a/examples/simple_autopilot_public/main.tf +++ b/examples/simple_autopilot_public/main.tf @@ -34,7 +34,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-public-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster" diff --git a/examples/simple_fleet_app_operator_permissions/main.tf b/examples/simple_fleet_app_operator_permissions/main.tf index 0a5cfee6e6..197bb454ad 100644 --- a/examples/simple_fleet_app_operator_permissions/main.tf +++ b/examples/simple_fleet_app_operator_permissions/main.tf @@ -57,7 +57,7 @@ resource "google_gke_hub_feature" "rbacrolebindingactuation" { # Grant permissions to the app operator to work with the Fleet Scope. module "permissions" { source = "terraform-google-modules/kubernetes-engine/google//modules/fleet-app-operator-permissions" - version = "~> 41.0" + version = "~> 42.0" fleet_project_id = var.fleet_project_id scope_id = google_gke_hub_scope.scope.scope_id @@ -72,7 +72,7 @@ module "permissions" { # Grant custom role permissions to the app operator to work with the Fleet Scope. module "custom_permissions" { source = "terraform-google-modules/kubernetes-engine/google//modules/fleet-app-operator-permissions" - version = "~> 41.0" + version = "~> 42.0" fleet_project_id = var.fleet_project_id scope_id = google_gke_hub_scope.scope.scope_id diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf index 6ac7acd18c..317fc55ab8 100644 --- a/examples/simple_regional/main.tf +++ b/examples/simple_regional/main.tf @@ -28,7 +28,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/simple_regional_additional_ip_ranges/main.tf b/examples/simple_regional_additional_ip_ranges/main.tf index e097a7e744..b93bcd1274 100644 --- a/examples/simple_regional_additional_ip_ranges/main.tf +++ b/examples/simple_regional_additional_ip_ranges/main.tf @@ -28,7 +28,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/simple_regional_beta/main.tf b/examples/simple_regional_beta/main.tf index f8ba9ad888..0528a8dea3 100644 --- a/examples/simple_regional_beta/main.tf +++ b/examples/simple_regional_beta/main.tf @@ -22,7 +22,7 @@ data "google_client_config" "default" {} module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/simple_regional_cluster_autoscaling/main.tf b/examples/simple_regional_cluster_autoscaling/main.tf index 4110cb82a1..552b7c7737 100644 --- a/examples/simple_regional_cluster_autoscaling/main.tf +++ b/examples/simple_regional_cluster_autoscaling/main.tf @@ -28,7 +28,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/simple_regional_private/main.tf b/examples/simple_regional_private/main.tf index 8d81ea6c44..e83562eaae 100644 --- a/examples/simple_regional_private/main.tf +++ b/examples/simple_regional_private/main.tf @@ -34,7 +34,7 @@ data "google_compute_subnetwork" "subnetwork" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf index 531cdb8d72..1580d77420 100644 --- a/examples/simple_regional_private_beta/main.tf +++ b/examples/simple_regional_private_beta/main.tf @@ -34,7 +34,7 @@ data "google_compute_subnetwork" "subnetwork" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/simple_regional_private_with_cluster_version/main.tf b/examples/simple_regional_private_with_cluster_version/main.tf index 68ac742be1..27f0437aa7 100644 --- a/examples/simple_regional_private_with_cluster_version/main.tf +++ b/examples/simple_regional_private_with_cluster_version/main.tf @@ -34,7 +34,7 @@ data "google_compute_subnetwork" "subnetwork" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/simple_regional_with_gateway_api/main.tf b/examples/simple_regional_with_gateway_api/main.tf index 00e66fecab..36947de7bb 100644 --- a/examples/simple_regional_with_gateway_api/main.tf +++ b/examples/simple_regional_with_gateway_api/main.tf @@ -28,7 +28,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/simple_regional_with_ipv6/main.tf b/examples/simple_regional_with_ipv6/main.tf index 84464576f7..4c9a2a7ff8 100644 --- a/examples/simple_regional_with_ipv6/main.tf +++ b/examples/simple_regional_with_ipv6/main.tf @@ -28,7 +28,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/simple_regional_with_kubeconfig/main.tf b/examples/simple_regional_with_kubeconfig/main.tf index ef4f9e3680..5476243d20 100644 --- a/examples/simple_regional_with_kubeconfig/main.tf +++ b/examples/simple_regional_with_kubeconfig/main.tf @@ -28,7 +28,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" @@ -45,7 +45,7 @@ module "gke" { module "gke_auth" { source = "terraform-google-modules/kubernetes-engine/google//modules/auth" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id location = module.gke.location diff --git a/examples/simple_regional_with_networking/main.tf b/examples/simple_regional_with_networking/main.tf index 5f47154bfc..e890b58aff 100644 --- a/examples/simple_regional_with_networking/main.tf +++ b/examples/simple_regional_with_networking/main.tf @@ -53,7 +53,7 @@ module "gcp-network" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = var.cluster_name diff --git a/examples/simple_windows_node_pool/main.tf b/examples/simple_windows_node_pool/main.tf index 8f9f63e8ca..edb4f7ab49 100644 --- a/examples/simple_windows_node_pool/main.tf +++ b/examples/simple_windows_node_pool/main.tf @@ -28,7 +28,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id regional = false diff --git a/examples/simple_zonal_private/main.tf b/examples/simple_zonal_private/main.tf index e6ae13cfdd..bfe54e354b 100644 --- a/examples/simple_zonal_private/main.tf +++ b/examples/simple_zonal_private/main.tf @@ -34,7 +34,7 @@ data "google_compute_subnetwork" "subnetwork" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/simple_zonal_with_hub/hub.tf b/examples/simple_zonal_with_hub/hub.tf index b45c296125..2f4310c2d8 100644 --- a/examples/simple_zonal_with_hub/hub.tf +++ b/examples/simple_zonal_with_hub/hub.tf @@ -16,7 +16,7 @@ module "hub" { source = "terraform-google-modules/kubernetes-engine/google//modules/fleet-membership" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id location = module.gke.location diff --git a/examples/simple_zonal_with_hub/main.tf b/examples/simple_zonal_with_hub/main.tf index c5167e6a8b..1c13781fba 100644 --- a/examples/simple_zonal_with_hub/main.tf +++ b/examples/simple_zonal_with_hub/main.tf @@ -28,7 +28,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id regional = false diff --git a/examples/simple_zonal_with_hub_kubeconfig/hub.tf b/examples/simple_zonal_with_hub_kubeconfig/hub.tf index 4575eb457a..96af398729 100644 --- a/examples/simple_zonal_with_hub_kubeconfig/hub.tf +++ b/examples/simple_zonal_with_hub_kubeconfig/hub.tf @@ -16,7 +16,7 @@ module "hub" { source = "terraform-google-modules/kubernetes-engine/google//modules/hub-legacy" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id location = "remote" diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf index ea35f45bb0..9cf78b520e 100644 --- a/examples/stub_domains/main.tf +++ b/examples/stub_domains/main.tf @@ -28,7 +28,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/stub_domains_private/main.tf b/examples/stub_domains_private/main.tf index e907d3fb88..6e8bfc0bb6 100644 --- a/examples/stub_domains_private/main.tf +++ b/examples/stub_domains_private/main.tf @@ -30,7 +30,7 @@ data "google_compute_subnetwork" "subnetwork" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" - version = "~> 41.0" + version = "~> 42.0" ip_range_pods = var.ip_range_pods ip_range_services = var.ip_range_services diff --git a/examples/stub_domains_upstream_nameservers/main.tf b/examples/stub_domains_upstream_nameservers/main.tf index 2d9345a217..68977572cb 100644 --- a/examples/stub_domains_upstream_nameservers/main.tf +++ b/examples/stub_domains_upstream_nameservers/main.tf @@ -28,7 +28,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/upstream_nameservers/main.tf b/examples/upstream_nameservers/main.tf index d02270cf50..ec7ec57ae9 100644 --- a/examples/upstream_nameservers/main.tf +++ b/examples/upstream_nameservers/main.tf @@ -28,7 +28,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/examples/workload_identity/main.tf b/examples/workload_identity/main.tf index b704d740c9..a7f46f1ebf 100644 --- a/examples/workload_identity/main.tf +++ b/examples/workload_identity/main.tf @@ -32,7 +32,7 @@ provider "kubernetes" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" @@ -58,7 +58,7 @@ module "gke" { # example without existing KSA module "workload_identity" { source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "iden-${module.gke.name}" @@ -78,7 +78,7 @@ resource "kubernetes_service_account" "test" { module "workload_identity_existing_ksa" { source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "existing-${module.gke.name}" @@ -97,7 +97,7 @@ resource "google_service_account" "custom" { module "workload_identity_existing_gsa" { source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = google_service_account.custom.account_id diff --git a/examples/workload_metadata_config/main.tf b/examples/workload_metadata_config/main.tf index 81a65f052a..1f1cd4c1c5 100644 --- a/examples/workload_metadata_config/main.tf +++ b/examples/workload_metadata_config/main.tf @@ -34,7 +34,7 @@ data "google_compute_subnetwork" "subnetwork" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" - version = "~> 41.0" + version = "~> 42.0" project_id = var.project_id name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index e13f196d5d..6d3cb7287a 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -194,7 +194,6 @@ Then perform the following commands on the root folder: | identity\_namespace | Workload Identity pool | | identity\_service\_enabled | Whether Identity Service is enabled | | intranode\_visibility\_enabled | Whether intra-node visibility is enabled | -| istio\_enabled | Whether Istio is enabled | | location | Cluster location (region if regional cluster, zone if zonal cluster) | | logging\_service | Logging service used | | master\_authorized\_networks\_config | Networks from which access to master is permitted | diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf index 04b06a22e3..bdd7167857 100644 --- a/modules/beta-autopilot-private-cluster/main.tf +++ b/modules/beta-autopilot-private-cluster/main.tf @@ -99,7 +99,6 @@ locals { cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false # BETA features - cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false # /BETA features @@ -133,7 +132,6 @@ locals { cluster_secret_manager_addon_enabled = local.cluster_output_secret_manager_addon_enabled # BETA features - cluster_istio_enabled = !local.cluster_output_istio_disabled cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled # /BETA features diff --git a/modules/beta-autopilot-private-cluster/metadata.yaml b/modules/beta-autopilot-private-cluster/metadata.yaml index c82238ff51..65a388d442 100644 --- a/modules/beta-autopilot-private-cluster/metadata.yaml +++ b/modules/beta-autopilot-private-cluster/metadata.yaml @@ -564,8 +564,6 @@ spec: description: Whether Identity Service is enabled - name: intranode_visibility_enabled description: Whether intra-node visibility is enabled - - name: istio_enabled - description: Whether Istio is enabled - name: location description: Cluster location (region if regional cluster, zone if zonal cluster) - name: logging_service diff --git a/modules/beta-autopilot-private-cluster/outputs.tf b/modules/beta-autopilot-private-cluster/outputs.tf index 365d3f158c..0a55d5f5c9 100644 --- a/modules/beta-autopilot-private-cluster/outputs.tf +++ b/modules/beta-autopilot-private-cluster/outputs.tf @@ -182,11 +182,6 @@ output "cloudrun_enabled" { value = false } -output "istio_enabled" { - description = "Whether Istio is enabled" - value = local.cluster_istio_enabled -} - output "pod_security_policy_enabled" { description = "Whether pod security policy is enabled" value = local.cluster_pod_security_policy_enabled diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index bbe82f9407..7447632cb4 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -182,7 +182,6 @@ Then perform the following commands on the root folder: | identity\_namespace | Workload Identity pool | | identity\_service\_enabled | Whether Identity Service is enabled | | intranode\_visibility\_enabled | Whether intra-node visibility is enabled | -| istio\_enabled | Whether Istio is enabled | | location | Cluster location (region if regional cluster, zone if zonal cluster) | | logging\_service | Logging service used | | master\_authorized\_networks\_config | Networks from which access to master is permitted | diff --git a/modules/beta-autopilot-public-cluster/main.tf b/modules/beta-autopilot-public-cluster/main.tf index a665591fd6..7ae5bf9f72 100644 --- a/modules/beta-autopilot-public-cluster/main.tf +++ b/modules/beta-autopilot-public-cluster/main.tf @@ -92,7 +92,6 @@ locals { cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false # BETA features - cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false # /BETA features @@ -126,7 +125,6 @@ locals { cluster_secret_manager_addon_enabled = local.cluster_output_secret_manager_addon_enabled # BETA features - cluster_istio_enabled = !local.cluster_output_istio_disabled cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled # /BETA features diff --git a/modules/beta-autopilot-public-cluster/metadata.yaml b/modules/beta-autopilot-public-cluster/metadata.yaml index a78badd469..9850e671c1 100644 --- a/modules/beta-autopilot-public-cluster/metadata.yaml +++ b/modules/beta-autopilot-public-cluster/metadata.yaml @@ -542,8 +542,6 @@ spec: description: Whether Identity Service is enabled - name: intranode_visibility_enabled description: Whether intra-node visibility is enabled - - name: istio_enabled - description: Whether Istio is enabled - name: location description: Cluster location (region if regional cluster, zone if zonal cluster) - name: logging_service diff --git a/modules/beta-autopilot-public-cluster/outputs.tf b/modules/beta-autopilot-public-cluster/outputs.tf index 9a4b7b9501..e86a83e914 100644 --- a/modules/beta-autopilot-public-cluster/outputs.tf +++ b/modules/beta-autopilot-public-cluster/outputs.tf @@ -172,11 +172,6 @@ output "cloudrun_enabled" { value = false } -output "istio_enabled" { - description = "Whether Istio is enabled" - value = local.cluster_istio_enabled -} - output "pod_security_policy_enabled" { description = "Whether pod security policy is enabled" value = local.cluster_pod_security_policy_enabled diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 5ca2e3b2b2..642ebc5fa9 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -80,7 +80,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - istio = true cloudrun = true dns_cache = false @@ -253,9 +252,6 @@ Then perform the following commands on the root folder: | ip\_range\_pods | The _name_ of the secondary subnet ip range to use for pods | `string` | n/a | yes | | ip\_range\_services | The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. | `string` | `null` | no | | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no | -| istio | (Beta) Enable Istio addon | `bool` | `false` | no | -| istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | -| kalm\_config | (Beta) Whether KALM is enabled for this cluster. | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, KCP\_HPA, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | @@ -350,7 +346,6 @@ Then perform the following commands on the root folder: | identity\_service\_enabled | Whether Identity Service is enabled | | instance\_group\_urls | List of GKE generated instance groups | | intranode\_visibility\_enabled | Whether intra-node visibility is enabled | -| istio\_enabled | Whether Istio is enabled | | location | Cluster location (region if regional cluster, zone if zonal cluster) | | logging\_service | Logging service used | | master\_authorized\_networks\_config | Networks from which access to master is permitted | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 400b6ff8dd..3a2f7dd656 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -414,11 +414,6 @@ resource "google_container_cluster" "primary" { } } - istio_config { - disabled = !var.istio - auth = var.istio_auth - } - dynamic "cloudrun_config" { for_each = local.cluster_cloudrun_config @@ -426,10 +421,6 @@ resource "google_container_cluster" "primary" { disabled = cloudrun_config.value.disabled } } - - kalm_config { - enabled = var.kalm_config - } } datapath_provider = var.datapath_provider diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index 7e82e41d1e..b56e68cfb8 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -146,7 +146,6 @@ locals { cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false # BETA features - cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false # /BETA features @@ -196,7 +195,6 @@ locals { }] : [] # BETA features - cluster_istio_enabled = !local.cluster_output_istio_disabled cluster_telemetry_type_is_set = var.cluster_telemetry_type != null cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled diff --git a/modules/beta-private-cluster-update-variant/metadata.display.yaml b/modules/beta-private-cluster-update-variant/metadata.display.yaml index 8720e9bb39..55733633e9 100644 --- a/modules/beta-private-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.display.yaml @@ -280,15 +280,6 @@ spec: issue_client_certificate: name: issue_client_certificate title: Issue Client Certificate - istio: - name: istio - title: Istio - istio_auth: - name: istio_auth - title: Istio Auth - kalm_config: - name: kalm_config - title: Kalm Config kubernetes_version: name: kubernetes_version title: Kubernetes Version diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index ebff7640d6..0613f83826 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -766,18 +766,6 @@ spec: - name: enable_multi_networking description: Whether multi-networking is enabled for this cluster varType: bool - - name: istio - description: (Beta) Enable Istio addon - varType: bool - defaultValue: false - - name: istio_auth - description: (Beta) The authentication type between services in Istio. - varType: string - defaultValue: AUTH_MUTUAL_TLS - - name: kalm_config - description: (Beta) Whether KALM is enabled for this cluster. - varType: bool - defaultValue: false - name: cloudrun description: (Beta) Enable CloudRun addon varType: bool @@ -863,8 +851,6 @@ spec: description: List of GKE generated instance groups - name: intranode_visibility_enabled description: Whether intra-node visibility is enabled - - name: istio_enabled - description: Whether Istio is enabled - name: location description: Cluster location (region if regional cluster, zone if zonal cluster) - name: logging_service diff --git a/modules/beta-private-cluster-update-variant/outputs.tf b/modules/beta-private-cluster-update-variant/outputs.tf index 282eea5f12..21ec9b1799 100644 --- a/modules/beta-private-cluster-update-variant/outputs.tf +++ b/modules/beta-private-cluster-update-variant/outputs.tf @@ -209,11 +209,6 @@ output "cloudrun_enabled" { value = local.cluster_cloudrun_enabled } -output "istio_enabled" { - description = "Whether Istio is enabled" - value = local.cluster_istio_enabled -} - output "pod_security_policy_enabled" { description = "Whether pod security policy is enabled" value = local.cluster_pod_security_policy_enabled diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index cdcaee31c9..00fa37522e 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -1055,24 +1055,6 @@ variable "enable_multi_networking" { default = null } -variable "istio" { - description = "(Beta) Enable Istio addon" - type = bool - default = false -} - -variable "istio_auth" { - type = string - description = "(Beta) The authentication type between services in Istio." - default = "AUTH_MUTUAL_TLS" -} - -variable "kalm_config" { - type = bool - description = "(Beta) Whether KALM is enabled for this cluster." - default = false -} - variable "cloudrun" { description = "(Beta) Enable CloudRun addon" type = bool diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 6a296f8616..cb03cff38e 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -58,7 +58,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - istio = true cloudrun = true dns_cache = false @@ -231,9 +230,6 @@ Then perform the following commands on the root folder: | ip\_range\_pods | The _name_ of the secondary subnet ip range to use for pods | `string` | n/a | yes | | ip\_range\_services | The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. | `string` | `null` | no | | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no | -| istio | (Beta) Enable Istio addon | `bool` | `false` | no | -| istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | -| kalm\_config | (Beta) Whether KALM is enabled for this cluster. | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, KCP\_HPA, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | @@ -328,7 +324,6 @@ Then perform the following commands on the root folder: | identity\_service\_enabled | Whether Identity Service is enabled | | instance\_group\_urls | List of GKE generated instance groups | | intranode\_visibility\_enabled | Whether intra-node visibility is enabled | -| istio\_enabled | Whether Istio is enabled | | location | Cluster location (region if regional cluster, zone if zonal cluster) | | logging\_service | Logging service used | | master\_authorized\_networks\_config | Networks from which access to master is permitted | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index ce227c4f27..d15cefa932 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -414,11 +414,6 @@ resource "google_container_cluster" "primary" { } } - istio_config { - disabled = !var.istio - auth = var.istio_auth - } - dynamic "cloudrun_config" { for_each = local.cluster_cloudrun_config @@ -426,10 +421,6 @@ resource "google_container_cluster" "primary" { disabled = cloudrun_config.value.disabled } } - - kalm_config { - enabled = var.kalm_config - } } datapath_provider = var.datapath_provider diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 7e82e41d1e..b56e68cfb8 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -146,7 +146,6 @@ locals { cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false # BETA features - cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false # /BETA features @@ -196,7 +195,6 @@ locals { }] : [] # BETA features - cluster_istio_enabled = !local.cluster_output_istio_disabled cluster_telemetry_type_is_set = var.cluster_telemetry_type != null cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled diff --git a/modules/beta-private-cluster/metadata.display.yaml b/modules/beta-private-cluster/metadata.display.yaml index 5d6f26b541..a37e4fd071 100644 --- a/modules/beta-private-cluster/metadata.display.yaml +++ b/modules/beta-private-cluster/metadata.display.yaml @@ -280,15 +280,6 @@ spec: issue_client_certificate: name: issue_client_certificate title: Issue Client Certificate - istio: - name: istio - title: Istio - istio_auth: - name: istio_auth - title: Istio Auth - kalm_config: - name: kalm_config - title: Kalm Config kubernetes_version: name: kubernetes_version title: Kubernetes Version diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index 39aa71aadf..1d6f049722 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -766,18 +766,6 @@ spec: - name: enable_multi_networking description: Whether multi-networking is enabled for this cluster varType: bool - - name: istio - description: (Beta) Enable Istio addon - varType: bool - defaultValue: false - - name: istio_auth - description: (Beta) The authentication type between services in Istio. - varType: string - defaultValue: AUTH_MUTUAL_TLS - - name: kalm_config - description: (Beta) Whether KALM is enabled for this cluster. - varType: bool - defaultValue: false - name: cloudrun description: (Beta) Enable CloudRun addon varType: bool @@ -863,8 +851,6 @@ spec: description: List of GKE generated instance groups - name: intranode_visibility_enabled description: Whether intra-node visibility is enabled - - name: istio_enabled - description: Whether Istio is enabled - name: location description: Cluster location (region if regional cluster, zone if zonal cluster) - name: logging_service diff --git a/modules/beta-private-cluster/outputs.tf b/modules/beta-private-cluster/outputs.tf index 282eea5f12..21ec9b1799 100644 --- a/modules/beta-private-cluster/outputs.tf +++ b/modules/beta-private-cluster/outputs.tf @@ -209,11 +209,6 @@ output "cloudrun_enabled" { value = local.cluster_cloudrun_enabled } -output "istio_enabled" { - description = "Whether Istio is enabled" - value = local.cluster_istio_enabled -} - output "pod_security_policy_enabled" { description = "Whether pod security policy is enabled" value = local.cluster_pod_security_policy_enabled diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index cdcaee31c9..00fa37522e 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -1055,24 +1055,6 @@ variable "enable_multi_networking" { default = null } -variable "istio" { - description = "(Beta) Enable Istio addon" - type = bool - default = false -} - -variable "istio_auth" { - type = string - description = "(Beta) The authentication type between services in Istio." - default = "AUTH_MUTUAL_TLS" -} - -variable "kalm_config" { - type = bool - description = "(Beta) Whether KALM is enabled for this cluster." - default = false -} - variable "cloudrun" { description = "(Beta) Enable CloudRun addon" type = bool diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 0cf610924e..1f8e41ccc7 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -74,7 +74,6 @@ module "gke" { network_policy = false horizontal_pod_autoscaling = true filestore_csi_driver = false - istio = true cloudrun = true dns_cache = false @@ -244,9 +243,6 @@ Then perform the following commands on the root folder: | ip\_range\_pods | The _name_ of the secondary subnet ip range to use for pods | `string` | n/a | yes | | ip\_range\_services | The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. | `string` | `null` | no | | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no | -| istio | (Beta) Enable Istio addon | `bool` | `false` | no | -| istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | -| kalm\_config | (Beta) Whether KALM is enabled for this cluster. | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, KCP\_HPA, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | @@ -338,7 +334,6 @@ Then perform the following commands on the root folder: | identity\_service\_enabled | Whether Identity Service is enabled | | instance\_group\_urls | List of GKE generated instance groups | | intranode\_visibility\_enabled | Whether intra-node visibility is enabled | -| istio\_enabled | Whether Istio is enabled | | location | Cluster location (region if regional cluster, zone if zonal cluster) | | logging\_service | Logging service used | | master\_authorized\_networks\_config | Networks from which access to master is permitted | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 38761ba5e0..9047cf7674 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -414,11 +414,6 @@ resource "google_container_cluster" "primary" { } } - istio_config { - disabled = !var.istio - auth = var.istio_auth - } - dynamic "cloudrun_config" { for_each = local.cluster_cloudrun_config @@ -426,10 +421,6 @@ resource "google_container_cluster" "primary" { disabled = cloudrun_config.value.disabled } } - - kalm_config { - enabled = var.kalm_config - } } datapath_provider = var.datapath_provider diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf index 015c44702c..2571592579 100644 --- a/modules/beta-public-cluster-update-variant/main.tf +++ b/modules/beta-public-cluster-update-variant/main.tf @@ -139,7 +139,6 @@ locals { cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false # BETA features - cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false # /BETA features @@ -189,7 +188,6 @@ locals { }] : [] # BETA features - cluster_istio_enabled = !local.cluster_output_istio_disabled cluster_telemetry_type_is_set = var.cluster_telemetry_type != null cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled diff --git a/modules/beta-public-cluster-update-variant/metadata.display.yaml b/modules/beta-public-cluster-update-variant/metadata.display.yaml index b718c6277d..0c9c625db4 100644 --- a/modules/beta-public-cluster-update-variant/metadata.display.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.display.yaml @@ -271,15 +271,6 @@ spec: issue_client_certificate: name: issue_client_certificate title: Issue Client Certificate - istio: - name: istio - title: Istio - istio_auth: - name: istio_auth - title: Istio Auth - kalm_config: - name: kalm_config - title: Kalm Config kubernetes_version: name: kubernetes_version title: Kubernetes Version diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index c1cec245b1..8c48997063 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -744,18 +744,6 @@ spec: - name: enable_multi_networking description: Whether multi-networking is enabled for this cluster varType: bool - - name: istio - description: (Beta) Enable Istio addon - varType: bool - defaultValue: false - - name: istio_auth - description: (Beta) The authentication type between services in Istio. - varType: string - defaultValue: AUTH_MUTUAL_TLS - - name: kalm_config - description: (Beta) Whether KALM is enabled for this cluster. - varType: bool - defaultValue: false - name: cloudrun description: (Beta) Enable CloudRun addon varType: bool @@ -841,8 +829,6 @@ spec: description: List of GKE generated instance groups - name: intranode_visibility_enabled description: Whether intra-node visibility is enabled - - name: istio_enabled - description: Whether Istio is enabled - name: location description: Cluster location (region if regional cluster, zone if zonal cluster) - name: logging_service diff --git a/modules/beta-public-cluster-update-variant/outputs.tf b/modules/beta-public-cluster-update-variant/outputs.tf index 68b54129ca..729f94e2d9 100644 --- a/modules/beta-public-cluster-update-variant/outputs.tf +++ b/modules/beta-public-cluster-update-variant/outputs.tf @@ -199,11 +199,6 @@ output "cloudrun_enabled" { value = local.cluster_cloudrun_enabled } -output "istio_enabled" { - description = "Whether Istio is enabled" - value = local.cluster_istio_enabled -} - output "pod_security_policy_enabled" { description = "Whether pod security policy is enabled" value = local.cluster_pod_security_policy_enabled diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index dcd9ee9d9d..bf24152041 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -1019,24 +1019,6 @@ variable "enable_multi_networking" { default = null } -variable "istio" { - description = "(Beta) Enable Istio addon" - type = bool - default = false -} - -variable "istio_auth" { - type = string - description = "(Beta) The authentication type between services in Istio." - default = "AUTH_MUTUAL_TLS" -} - -variable "kalm_config" { - type = bool - description = "(Beta) Whether KALM is enabled for this cluster." - default = false -} - variable "cloudrun" { description = "(Beta) Enable CloudRun addon" type = bool diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 6d188d339d..98006222a5 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -52,7 +52,6 @@ module "gke" { network_policy = false horizontal_pod_autoscaling = true filestore_csi_driver = false - istio = true cloudrun = true dns_cache = false @@ -222,9 +221,6 @@ Then perform the following commands on the root folder: | ip\_range\_pods | The _name_ of the secondary subnet ip range to use for pods | `string` | n/a | yes | | ip\_range\_services | The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. | `string` | `null` | no | | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no | -| istio | (Beta) Enable Istio addon | `bool` | `false` | no | -| istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | -| kalm\_config | (Beta) Whether KALM is enabled for this cluster. | `bool` | `false` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no | | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, KCP\_HPA, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | @@ -316,7 +312,6 @@ Then perform the following commands on the root folder: | identity\_service\_enabled | Whether Identity Service is enabled | | instance\_group\_urls | List of GKE generated instance groups | | intranode\_visibility\_enabled | Whether intra-node visibility is enabled | -| istio\_enabled | Whether Istio is enabled | | location | Cluster location (region if regional cluster, zone if zonal cluster) | | logging\_service | Logging service used | | master\_authorized\_networks\_config | Networks from which access to master is permitted | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 4fceef97cf..c81bd197d5 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -414,11 +414,6 @@ resource "google_container_cluster" "primary" { } } - istio_config { - disabled = !var.istio - auth = var.istio_auth - } - dynamic "cloudrun_config" { for_each = local.cluster_cloudrun_config @@ -426,10 +421,6 @@ resource "google_container_cluster" "primary" { disabled = cloudrun_config.value.disabled } } - - kalm_config { - enabled = var.kalm_config - } } datapath_provider = var.datapath_provider diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index 015c44702c..2571592579 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -139,7 +139,6 @@ locals { cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false # BETA features - cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false # /BETA features @@ -189,7 +188,6 @@ locals { }] : [] # BETA features - cluster_istio_enabled = !local.cluster_output_istio_disabled cluster_telemetry_type_is_set = var.cluster_telemetry_type != null cluster_pod_security_policy_enabled = local.cluster_output_pod_security_policy_enabled diff --git a/modules/beta-public-cluster/metadata.display.yaml b/modules/beta-public-cluster/metadata.display.yaml index 0e8004f537..119348512b 100644 --- a/modules/beta-public-cluster/metadata.display.yaml +++ b/modules/beta-public-cluster/metadata.display.yaml @@ -271,15 +271,6 @@ spec: issue_client_certificate: name: issue_client_certificate title: Issue Client Certificate - istio: - name: istio - title: Istio - istio_auth: - name: istio_auth - title: Istio Auth - kalm_config: - name: kalm_config - title: Kalm Config kubernetes_version: name: kubernetes_version title: Kubernetes Version diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index 293b34675c..7ca10ecf6f 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -744,18 +744,6 @@ spec: - name: enable_multi_networking description: Whether multi-networking is enabled for this cluster varType: bool - - name: istio - description: (Beta) Enable Istio addon - varType: bool - defaultValue: false - - name: istio_auth - description: (Beta) The authentication type between services in Istio. - varType: string - defaultValue: AUTH_MUTUAL_TLS - - name: kalm_config - description: (Beta) Whether KALM is enabled for this cluster. - varType: bool - defaultValue: false - name: cloudrun description: (Beta) Enable CloudRun addon varType: bool @@ -841,8 +829,6 @@ spec: description: List of GKE generated instance groups - name: intranode_visibility_enabled description: Whether intra-node visibility is enabled - - name: istio_enabled - description: Whether Istio is enabled - name: location description: Cluster location (region if regional cluster, zone if zonal cluster) - name: logging_service diff --git a/modules/beta-public-cluster/outputs.tf b/modules/beta-public-cluster/outputs.tf index 68b54129ca..729f94e2d9 100644 --- a/modules/beta-public-cluster/outputs.tf +++ b/modules/beta-public-cluster/outputs.tf @@ -199,11 +199,6 @@ output "cloudrun_enabled" { value = local.cluster_cloudrun_enabled } -output "istio_enabled" { - description = "Whether Istio is enabled" - value = local.cluster_istio_enabled -} - output "pod_security_policy_enabled" { description = "Whether pod security policy is enabled" value = local.cluster_pod_security_policy_enabled diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index dcd9ee9d9d..bf24152041 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -1019,24 +1019,6 @@ variable "enable_multi_networking" { default = null } -variable "istio" { - description = "(Beta) Enable Istio addon" - type = bool - default = false -} - -variable "istio_auth" { - type = string - description = "(Beta) The authentication type between services in Istio." - default = "AUTH_MUTUAL_TLS" -} - -variable "kalm_config" { - type = bool - description = "(Beta) Whether KALM is enabled for this cluster." - default = false -} - variable "cloudrun" { description = "(Beta) Enable CloudRun addon" type = bool diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md index e38cac18ac..7e11a4c0b2 100644 --- a/modules/safer-cluster-update-variant/README.md +++ b/modules/safer-cluster-update-variant/README.md @@ -31,8 +31,8 @@ are available for configuration, recommendations on their settings are documente - Placing them in the same cluster will provide fast network communication, and the different namespaces will be configured to - provide some administrative isolation. Istio will be used to encrypt and - control communication between applications. + provide some administrative isolation. Cloud Service Mesh can be used to + encrypt and control communication between applications. - We suggest to store user or business data persistently in managed storage services that are inventoried and controlled by centralized teams. @@ -242,8 +242,6 @@ For simplicity, we suggest using `roles/container.admin` and | initial\_node\_count | The number of nodes to create in this cluster's default node pool. | `number` | `0` | no | | ip\_range\_pods | The _name_ of the secondary subnet ip range to use for pods | `string` | n/a | yes | | ip\_range\_services | The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. | `string` | `null` | no | -| istio | (Beta) Enable Istio addon | `bool` | `false` | no | -| istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. The module enforces certain minimum versions to ensure that specific features are available. | `string` | `null` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf index cdd03b9f53..37dc82808e 100644 --- a/modules/safer-cluster-update-variant/main.tf +++ b/modules/safer-cluster-update-variant/main.tf @@ -146,10 +146,6 @@ module "gke" { master_ipv4_cidr_block = var.master_ipv4_cidr_block - // Istio is recommended for pod-to-pod communications. - istio = var.istio - istio_auth = var.istio_auth - cloudrun = var.cloudrun dns_cache = var.dns_cache diff --git a/modules/safer-cluster-update-variant/metadata.display.yaml b/modules/safer-cluster-update-variant/metadata.display.yaml index 19faf805d4..e4ab738c17 100644 --- a/modules/safer-cluster-update-variant/metadata.display.yaml +++ b/modules/safer-cluster-update-variant/metadata.display.yaml @@ -151,12 +151,6 @@ spec: ip_range_services: name: ip_range_services title: Ip Range Services - istio: - name: istio - title: Istio - istio_auth: - name: istio_auth - title: Istio Auth kubernetes_version: name: kubernetes_version title: Kubernetes Version diff --git a/modules/safer-cluster-update-variant/metadata.yaml b/modules/safer-cluster-update-variant/metadata.yaml index b1d530745e..57399cb72b 100644 --- a/modules/safer-cluster-update-variant/metadata.yaml +++ b/modules/safer-cluster-update-variant/metadata.yaml @@ -335,14 +335,6 @@ spec: description: The IP range in CIDR notation to use for the hosted master network varType: string defaultValue: 10.0.0.0/28 - - name: istio - description: (Beta) Enable Istio addon - varType: bool - defaultValue: false - - name: istio_auth - description: (Beta) The authentication type between services in Istio. - varType: string - defaultValue: AUTH_MUTUAL_TLS - name: dns_cache description: (Beta) The status of the NodeLocal DNSCache addon. varType: bool diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf index 93717ebcaf..f9e77588a4 100644 --- a/modules/safer-cluster-update-variant/variables.tf +++ b/modules/safer-cluster-update-variant/variables.tf @@ -323,18 +323,6 @@ variable "master_ipv4_cidr_block" { default = "10.0.0.0/28" } -variable "istio" { - description = "(Beta) Enable Istio addon" - type = bool - default = false -} - -variable "istio_auth" { - type = string - description = "(Beta) The authentication type between services in Istio." - default = "AUTH_MUTUAL_TLS" -} - variable "dns_cache" { type = bool description = "(Beta) The status of the NodeLocal DNSCache addon." diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md index e38cac18ac..7e11a4c0b2 100644 --- a/modules/safer-cluster/README.md +++ b/modules/safer-cluster/README.md @@ -31,8 +31,8 @@ are available for configuration, recommendations on their settings are documente - Placing them in the same cluster will provide fast network communication, and the different namespaces will be configured to - provide some administrative isolation. Istio will be used to encrypt and - control communication between applications. + provide some administrative isolation. Cloud Service Mesh can be used to + encrypt and control communication between applications. - We suggest to store user or business data persistently in managed storage services that are inventoried and controlled by centralized teams. @@ -242,8 +242,6 @@ For simplicity, we suggest using `roles/container.admin` and | initial\_node\_count | The number of nodes to create in this cluster's default node pool. | `number` | `0` | no | | ip\_range\_pods | The _name_ of the secondary subnet ip range to use for pods | `string` | n/a | yes | | ip\_range\_services | The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. | `string` | `null` | no | -| istio | (Beta) Enable Istio addon | `bool` | `false` | no | -| istio\_auth | (Beta) The authentication type between services in Istio. | `string` | `"AUTH_MUTUAL_TLS"` | no | | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. The module enforces certain minimum versions to ensure that specific features are available. | `string` | `null` | no | | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no | | maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no | diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf index 9f372c607c..6cd8822f94 100644 --- a/modules/safer-cluster/main.tf +++ b/modules/safer-cluster/main.tf @@ -146,10 +146,6 @@ module "gke" { master_ipv4_cidr_block = var.master_ipv4_cidr_block - // Istio is recommended for pod-to-pod communications. - istio = var.istio - istio_auth = var.istio_auth - cloudrun = var.cloudrun dns_cache = var.dns_cache diff --git a/modules/safer-cluster/metadata.display.yaml b/modules/safer-cluster/metadata.display.yaml index 0111bf9135..01fd87fa22 100644 --- a/modules/safer-cluster/metadata.display.yaml +++ b/modules/safer-cluster/metadata.display.yaml @@ -151,12 +151,6 @@ spec: ip_range_services: name: ip_range_services title: Ip Range Services - istio: - name: istio - title: Istio - istio_auth: - name: istio_auth - title: Istio Auth kubernetes_version: name: kubernetes_version title: Kubernetes Version diff --git a/modules/safer-cluster/metadata.yaml b/modules/safer-cluster/metadata.yaml index ccfc6bc5f5..58510cc522 100644 --- a/modules/safer-cluster/metadata.yaml +++ b/modules/safer-cluster/metadata.yaml @@ -335,14 +335,6 @@ spec: description: The IP range in CIDR notation to use for the hosted master network varType: string defaultValue: 10.0.0.0/28 - - name: istio - description: (Beta) Enable Istio addon - varType: bool - defaultValue: false - - name: istio_auth - description: (Beta) The authentication type between services in Istio. - varType: string - defaultValue: AUTH_MUTUAL_TLS - name: dns_cache description: (Beta) The status of the NodeLocal DNSCache addon. varType: bool diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf index 93717ebcaf..f9e77588a4 100644 --- a/modules/safer-cluster/variables.tf +++ b/modules/safer-cluster/variables.tf @@ -323,18 +323,6 @@ variable "master_ipv4_cidr_block" { default = "10.0.0.0/28" } -variable "istio" { - description = "(Beta) Enable Istio addon" - type = bool - default = false -} - -variable "istio_auth" { - type = string - description = "(Beta) The authentication type between services in Istio." - default = "AUTH_MUTUAL_TLS" -} - variable "dns_cache" { type = bool description = "(Beta) The status of the NodeLocal DNSCache addon." diff --git a/test/integration/beta_cluster/testdata/TestBetaCluster.json b/test/integration/beta_cluster/testdata/TestBetaCluster.json index 1f1277dc5d..afa39af022 100755 --- a/test/integration/beta_cluster/testdata/TestBetaCluster.json +++ b/test/integration/beta_cluster/testdata/TestBetaCluster.json @@ -11,11 +11,9 @@ "gkeBackupAgentConfig": {}, "horizontalPodAutoscaling": {}, "httpLoadBalancing": {}, - "istioConfig": { "auth": "AUTH_MUTUAL_TLS", "disabled": true }, - "kalmConfig": {}, "kubernetesDashboard": { "disabled": true }, diff --git a/test/integration/simple_windows_node_pool/testdata/TestSimpleWindowsNodePool.json b/test/integration/simple_windows_node_pool/testdata/TestSimpleWindowsNodePool.json index b1cb9ae910..a11e8c2060 100644 --- a/test/integration/simple_windows_node_pool/testdata/TestSimpleWindowsNodePool.json +++ b/test/integration/simple_windows_node_pool/testdata/TestSimpleWindowsNodePool.json @@ -9,11 +9,9 @@ "gkeBackupAgentConfig": {}, "horizontalPodAutoscaling": {}, "httpLoadBalancing": {}, - "istioConfig": { "auth": "AUTH_MUTUAL_TLS", "disabled": true }, - "kalmConfig": {}, "kubernetesDashboard": { "disabled": true },