terraform-google-modules · renovate · Dec 17, 2025 · Dec 17, 2025
@@ -92,7 +92,6 @@ module "gke" {
   enable_private_nodes       = true
   {% endif %}
   {% if beta_cluster and autopilot_cluster != true  %}
-  istio                      = true
   cloudrun                   = true
   {% endif %}
   dns_cache                  = false

@@ -501,22 +501,13 @@ resource "google_container_cluster" "primary" {
     {% endif %}
 
     {% if beta_cluster and autopilot_cluster != true %}
-    istio_config {
-      disabled = !var.istio
-      auth     = var.istio_auth
-    }
-
     dynamic "cloudrun_config" {
       for_each = local.cluster_cloudrun_config
 
       content {
         disabled = cloudrun_config.value.disabled
       }
     }
-
-    kalm_config {
-      enabled = var.kalm_config
-    }
     {% endif %}
   }
   {% if autopilot_cluster %}

@@ -176,7 +176,6 @@ locals {
 
 {% if beta_cluster %}
   # BETA features
-  cluster_output_istio_disabled              = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
   cluster_output_pod_security_policy_enabled = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false
 
   # /BETA features
@@ -239,7 +238,6 @@ locals {
 
 {% if beta_cluster %}
   # BETA features
-  cluster_istio_enabled               = !local.cluster_output_istio_disabled
   {% if autopilot_cluster != true %}
   cluster_telemetry_type_is_set       = var.cluster_telemetry_type != null
   {% endif %}

@@ -230,11 +230,6 @@ output "cloudrun_enabled" {
   {% endif %}
 }
 
-output "istio_enabled" {
-  description = "Whether Istio is enabled"
-  value       = local.cluster_istio_enabled
-}
-
 output "pod_security_policy_enabled" {
   description = "Whether pod security policy is enabled"
   value       = local.cluster_pod_security_policy_enabled

@@ -1122,24 +1122,6 @@ variable "enable_multi_networking" {
 {% if beta_cluster %}
   {% if autopilot_cluster != true %}
 
-variable "istio" {
-  description = "(Beta) Enable Istio addon"
-  type        = bool
-  default     = false
-}
-
-variable "istio_auth" {
-  type        = string
-  description = "(Beta) The authentication type between services in Istio."
-  default     = "AUTH_MUTUAL_TLS"
-}
-
-variable "kalm_config" {
-  type        = bool
-  description = "(Beta) Whether KALM is enabled for this cluster."
-  default     = false
-}
-
 variable "cloudrun" {
   description = "(Beta) Enable CloudRun addon"
   type        = bool

@@ -31,8 +31,8 @@ are available for configuration, recommendations on their settings are documente
 
     -   Placing them in the same cluster will provide fast network
         communication, and the different namespaces will be configured to
-        provide some administrative isolation. Istio will be used to encrypt and
-        control communication between applications.
+        provide some administrative isolation. Cloud Service Mesh can be used to
+        encrypt and control communication between applications.
 
 -   We suggest to store user or business data persistently in managed storage
     services that are inventoried and controlled by centralized teams.

@@ -150,10 +150,6 @@ module "gke" {
 
   master_ipv4_cidr_block = var.master_ipv4_cidr_block
 
-  // Istio is recommended for pod-to-pod communications.
-  istio      = var.istio
-  istio_auth = var.istio_auth
-
   cloudrun = var.cloudrun
 
   dns_cache = var.dns_cache

@@ -323,18 +323,6 @@ variable "master_ipv4_cidr_block" {
   default     = "10.0.0.0/28"
 }
 
-variable "istio" {
-  description = "(Beta) Enable Istio addon"
-  type        = bool
-  default     = false
-}
-
-variable "istio_auth" {
-  type        = string
-  description = "(Beta) The authentication type between services in Istio."
-  default     = "AUTH_MUTUAL_TLS"
-}
-
 variable "dns_cache" {
   type        = bool
   description = "(Beta) The status of the NodeLocal DNSCache addon."

@@ -0,0 +1,16 @@
+# Upgrading to v43.0
+The v43.0 release of *kubernetes-engine* is a backwards incompatible release.
+
+## Migration Guide
+
+### `kalm_config` Removal
+
+The `kalm_config` variable has been removed.
+
+Users currently including `kalm_config` should remove this variable from their module definition.
+
+### `istio_config` Removal
+
+The `istio` and `istio_auth` variables have been removed.  The `istio_enabled` output has also been removed from these modules and the autopilot beta modules.
+
+Users currently using the GKE Istio addon should migrate to Anthos Service Mesh (ASM) or another service mesh solution.
@@ -31,7 +31,7 @@ module "enabled_google_apis" {
 
 module "gke" {
   source             = "terraform-google-modules/kubernetes-engine/google"
-  version            = "~> 41.0"
+  version            = "~> 42.0"
   project_id         = module.enabled_google_apis.project_id
   name               = "sfl-acm-part1"
   region             = var.region

@@ -31,7 +31,7 @@ module "enabled_google_apis" {
 
 module "gke" {
   source             = "terraform-google-modules/kubernetes-engine/google"
-  version            = "~> 41.0"
+  version            = "~> 42.0"
   project_id         = module.enabled_google_apis.project_id
   name               = "sfl-acm-part2"
   region             = var.region

@@ -33,7 +33,7 @@ module "enabled_google_apis" {
 
 module "gke" {
   source             = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster"
-  version            = "~> 41.0"
+  version            = "~> 42.0"
   project_id         = module.enabled_google_apis.project_id
   name               = "sfl-acm-part3"
   region             = var.region
@@ -48,7 +48,7 @@ module "gke" {
 
 module "wi" {
   source              = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity"
-  version             = "~> 41.0"
+  version             = "~> 42.0"
   gcp_sa_name         = "cnrmsa"
   cluster_name        = module.gke.name
   name                = "cnrm-controller-manager"

@@ -34,7 +34,7 @@ provider "kubernetes" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id                        = var.project_id
   name                              = "${local.cluster_type}-cluster"

@@ -54,7 +54,7 @@ resource "google_kms_crypto_key_iam_member" "main" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id                      = var.project_id
   name                            = "${local.cluster_type}-cluster"

@@ -62,7 +62,7 @@ resource "google_kms_crypto_key_iam_member" "main" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id                 = var.project_id
   name                       = "${local.cluster_type}-cluster-${random_string.suffix.result}"

@@ -28,7 +28,7 @@ provider "kubernetes" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id = var.project_id
   name       = "${local.cluster_type}-cluster${var.cluster_name_suffix}"

@@ -28,7 +28,7 @@ provider "kubernetes" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id               = var.project_id
   name                     = "${local.cluster_type}-cluster${var.cluster_name_suffix}"

@@ -34,7 +34,7 @@ provider "kubernetes" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/gke-autopilot-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id = var.project_id
   name       = "${local.cluster_type}-cluster"

@@ -35,7 +35,7 @@ data "google_compute_subnetwork" "subnetwork" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/gke-standard-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id = var.project_id
   name       = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
@@ -85,7 +85,7 @@ module "gke" {
 
 module "node_pool" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/gke-node-pool"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id = var.project_id
   location   = var.region

@@ -27,7 +27,7 @@ resource "google_service_account" "gke-sa" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   for_each = { for k, v in var.gke_spokes : k => v }
 

@@ -143,7 +143,7 @@ module "net" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   depends_on = [google_compute_instance.vm]
 

@@ -42,7 +42,7 @@ resource "google_tags_tag_value" "value" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id                        = var.project_id
   name                              = "${local.cluster_type}-cluster${var.cluster_name_suffix}"

@@ -34,7 +34,7 @@ provider "kubernetes" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster-update-variant"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id              = var.project_id
   name                    = "${local.cluster_type}-cluster${var.cluster_name_suffix}"

@@ -39,7 +39,7 @@ provider "kubernetes" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-private-cluster-update-variant"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id              = var.project_id
   name                    = "${local.cluster_type}-cluster${var.cluster_name_suffix}"

@@ -39,7 +39,7 @@ provider "kubernetes" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster-update-variant"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id             = var.project_id
   name                   = "${local.cluster_type}-cluster${var.cluster_name_suffix}"

@@ -61,7 +61,7 @@ data "google_compute_subnetwork" "subnetwork" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id = var.project_id
   name       = var.cluster_name

@@ -16,7 +16,7 @@
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id                        = var.project_id
   name                              = "random-test-cluster"

@@ -52,7 +52,7 @@ resource "random_shuffle" "version" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id                 = var.project_id
   name                       = "${local.cluster_type}-cluster-${random_string.suffix.result}"

@@ -16,7 +16,7 @@
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/safer-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id              = module.enabled_google_apis.project_id
   name                    = var.cluster_name

@@ -28,7 +28,7 @@ provider "kubernetes" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id                 = var.project_id
   name                       = "${local.cluster_type}-cluster${var.cluster_name_suffix}"

@@ -34,7 +34,7 @@ provider "kubernetes" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id                             = var.project_id
   name                                   = "${local.cluster_type}-cluster"

@@ -56,7 +56,7 @@ provider "kubernetes" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id                      = var.project_id
   name                            = "${local.cluster_type}-cluster"

@@ -35,7 +35,7 @@ provider "kubernetes" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id                      = var.project_id
   name                            = "${local.cluster_type}-cluster"

@@ -34,7 +34,7 @@ provider "kubernetes" {
 
 module "gke" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-public-cluster"
-  version = "~> 41.0"
+  version = "~> 42.0"
 
   project_id                      = var.project_id
   name                            = "${local.cluster_type}-cluster"