feat: add enterprise config (#2298)

TheKangaroo · web-flow · commit adaabbfbc2e6 · 2025-02-28T13:47:32.000-08:00
diff --git a/README.md b/README.md
@@ -180,6 +180,7 @@ Then perform the following commands on the root folder:
 | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no |
 | enable\_tpu | Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no |
 | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no |
+| enterprise\_config | (Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE. | `string` | `null` | no |
 | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
 | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | <pre>[<br>  "8443",<br>  "9443",<br>  "15017"<br>]</pre> | no |
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
@@ -260,6 +260,13 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  dynamic "enterprise_config" {
+    for_each = var.enterprise_config != null ? [1] : []
+      content {
+        desired_tier = var.enterprise_config
+    }
+  }
+
   enable_fqdn_network_policy = var.enable_fqdn_network_policy
 {% if autopilot_cluster %}
   enable_autopilot = true
diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
@@ -1037,3 +1037,9 @@ variable "monitoring_metric_writer_role" {
     error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/*) or a custom role (projects/*/roles/*)."
   }
 }
+
+variable "enterprise_config" {
+  description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."
+  type        = string
+  default     = null
+}
diff --git a/cluster.tf b/cluster.tf
@@ -199,6 +199,13 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  dynamic "enterprise_config" {
+    for_each = var.enterprise_config != null ? [1] : []
+    content {
+      desired_tier = var.enterprise_config
+    }
+  }
+
   enable_fqdn_network_policy = var.enable_fqdn_network_policy
   dynamic "master_authorized_networks_config" {
     for_each = var.gcp_public_cidrs_access_enabled != null || length(var.master_authorized_networks) > 0 ? [true] : []
diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md
@@ -101,6 +101,7 @@ Then perform the following commands on the root folder:
 | enable\_secret\_manager\_addon | Enable the Secret Manager add-on for this cluster | `bool` | `false` | no |
 | enable\_tpu | Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no |
 | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `true` | no |
+| enterprise\_config | (Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE. | `string` | `null` | no |
 | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
 | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | <pre>[<br>  "8443",<br>  "9443",<br>  "15017"<br>]</pre> | no |
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf
@@ -119,6 +119,13 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  dynamic "enterprise_config" {
+    for_each = var.enterprise_config != null ? [1] : []
+    content {
+      desired_tier = var.enterprise_config
+    }
+  }
+
   enable_fqdn_network_policy = var.enable_fqdn_network_policy
   enable_autopilot           = true
   dynamic "master_authorized_networks_config" {
diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf
@@ -607,3 +607,9 @@ variable "monitoring_metric_writer_role" {
     error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/*) or a custom role (projects/*/roles/*)."
   }
 }
+
+variable "enterprise_config" {
+  description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."
+  type        = string
+  default     = null
+}
diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md
@@ -93,6 +93,7 @@ Then perform the following commands on the root folder:
 | enable\_secret\_manager\_addon | Enable the Secret Manager add-on for this cluster | `bool` | `false` | no |
 | enable\_tpu | Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no |
 | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `true` | no |
+| enterprise\_config | (Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE. | `string` | `null` | no |
 | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
 | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | <pre>[<br>  "8443",<br>  "9443",<br>  "15017"<br>]</pre> | no |
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf
@@ -119,6 +119,13 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  dynamic "enterprise_config" {
+    for_each = var.enterprise_config != null ? [1] : []
+    content {
+      desired_tier = var.enterprise_config
+    }
+  }
+
   enable_fqdn_network_policy = var.enable_fqdn_network_policy
   enable_autopilot           = true
   dynamic "master_authorized_networks_config" {
diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf
@@ -571,3 +571,9 @@ variable "monitoring_metric_writer_role" {
     error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/*) or a custom role (projects/*/roles/*)."
   }
 }
+
+variable "enterprise_config" {
+  description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."
+  type        = string
+  default     = null
+}
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
@@ -217,6 +217,7 @@ Then perform the following commands on the root folder:
 | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no |
 | enable\_tpu | Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no |
 | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no |
+| enterprise\_config | (Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE. | `string` | `null` | no |
 | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
 | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | <pre>[<br>  "8443",<br>  "9443",<br>  "15017"<br>]</pre> | no |
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -212,6 +212,13 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  dynamic "enterprise_config" {
+    for_each = var.enterprise_config != null ? [1] : []
+    content {
+      desired_tier = var.enterprise_config
+    }
+  }
+
   enable_fqdn_network_policy = var.enable_fqdn_network_policy
   dynamic "master_authorized_networks_config" {
     for_each = var.enable_private_endpoint || var.gcp_public_cidrs_access_enabled != null || length(var.master_authorized_networks) > 0 ? [true] : []
diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
@@ -984,3 +984,9 @@ variable "monitoring_metric_writer_role" {
     error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/*) or a custom role (projects/*/roles/*)."
   }
 }
+
+variable "enterprise_config" {
+  description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."
+  type        = string
+  default     = null
+}
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
@@ -195,6 +195,7 @@ Then perform the following commands on the root folder:
 | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no |
 | enable\_tpu | Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no |
 | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no |
+| enterprise\_config | (Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE. | `string` | `null` | no |
 | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
 | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | <pre>[<br>  "8443",<br>  "9443",<br>  "15017"<br>]</pre> | no |
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
@@ -212,6 +212,13 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  dynamic "enterprise_config" {
+    for_each = var.enterprise_config != null ? [1] : []
+    content {
+      desired_tier = var.enterprise_config
+    }
+  }
+
   enable_fqdn_network_policy = var.enable_fqdn_network_policy
   dynamic "master_authorized_networks_config" {
     for_each = var.enable_private_endpoint || var.gcp_public_cidrs_access_enabled != null || length(var.master_authorized_networks) > 0 ? [true] : []
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
@@ -984,3 +984,9 @@ variable "monitoring_metric_writer_role" {
     error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/*) or a custom role (projects/*/roles/*)."
   }
 }
+
+variable "enterprise_config" {
+  description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."
+  type        = string
+  default     = null
+}
diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
@@ -209,6 +209,7 @@ Then perform the following commands on the root folder:
 | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no |
 | enable\_tpu | Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no |
 | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no |
+| enterprise\_config | (Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE. | `string` | `null` | no |
 | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
 | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | <pre>[<br>  "8443",<br>  "9443",<br>  "15017"<br>]</pre> | no |
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -212,6 +212,13 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  dynamic "enterprise_config" {
+    for_each = var.enterprise_config != null ? [1] : []
+    content {
+      desired_tier = var.enterprise_config
+    }
+  }
+
   enable_fqdn_network_policy = var.enable_fqdn_network_policy
   dynamic "master_authorized_networks_config" {
     for_each = var.gcp_public_cidrs_access_enabled != null || length(var.master_authorized_networks) > 0 ? [true] : []
diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf
@@ -948,3 +948,9 @@ variable "monitoring_metric_writer_role" {
     error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/*) or a custom role (projects/*/roles/*)."
   }
 }
+
+variable "enterprise_config" {
+  description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."
+  type        = string
+  default     = null
+}
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
@@ -187,6 +187,7 @@ Then perform the following commands on the root folder:
 | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no |
 | enable\_tpu | Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no |
 | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no |
+| enterprise\_config | (Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE. | `string` | `null` | no |
 | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
 | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | <pre>[<br>  "8443",<br>  "9443",<br>  "15017"<br>]</pre> | no |
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
@@ -212,6 +212,13 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  dynamic "enterprise_config" {
+    for_each = var.enterprise_config != null ? [1] : []
+    content {
+      desired_tier = var.enterprise_config
+    }
+  }
+
   enable_fqdn_network_policy = var.enable_fqdn_network_policy
   dynamic "master_authorized_networks_config" {
     for_each = var.gcp_public_cidrs_access_enabled != null || length(var.master_authorized_networks) > 0 ? [true] : []
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
@@ -948,3 +948,9 @@ variable "monitoring_metric_writer_role" {
     error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/*) or a custom role (projects/*/roles/*)."
   }
 }
+
+variable "enterprise_config" {
+  description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."
+  type        = string
+  default     = null
+}
diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md
@@ -210,6 +210,7 @@ Then perform the following commands on the root folder:
 | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no |
 | enable\_tpu | Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no |
 | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no |
+| enterprise\_config | (Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE. | `string` | `null` | no |
 | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
 | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | <pre>[<br>  "8443",<br>  "9443",<br>  "15017"<br>]</pre> | no |
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
@@ -199,6 +199,13 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  dynamic "enterprise_config" {
+    for_each = var.enterprise_config != null ? [1] : []
+    content {
+      desired_tier = var.enterprise_config
+    }
+  }
+
   enable_fqdn_network_policy = var.enable_fqdn_network_policy
   dynamic "master_authorized_networks_config" {
     for_each = var.enable_private_endpoint || var.gcp_public_cidrs_access_enabled != null || length(var.master_authorized_networks) > 0 ? [true] : []
diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf
@@ -918,3 +918,9 @@ variable "monitoring_metric_writer_role" {
     error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/*) or a custom role (projects/*/roles/*)."
   }
 }
+
+variable "enterprise_config" {
+  description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."
+  type        = string
+  default     = null
+}
diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md
@@ -188,6 +188,7 @@ Then perform the following commands on the root folder:
 | enable\_shielded\_nodes | Enable Shielded Nodes features on all nodes in this cluster | `bool` | `true` | no |
 | enable\_tpu | Enable Cloud TPU resources in the cluster. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no |
 | enable\_vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it | `bool` | `false` | no |
+| enterprise\_config | (Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE. | `string` | `null` | no |
 | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
 | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers. Either flag `add_master_webhook_firewall_rules` or `add_cluster_firewall_rules` (also adds egress rules) must be set to `true` for inbound-ports firewall rules to be applied. | `list(string)` | <pre>[<br>  "8443",<br>  "9443",<br>  "15017"<br>]</pre> | no |
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
@@ -199,6 +199,13 @@ resource "google_container_cluster" "primary" {
     }
   }
 
+  dynamic "enterprise_config" {
+    for_each = var.enterprise_config != null ? [1] : []
+    content {
+      desired_tier = var.enterprise_config
+    }
+  }
+
   enable_fqdn_network_policy = var.enable_fqdn_network_policy
   dynamic "master_authorized_networks_config" {
     for_each = var.enable_private_endpoint || var.gcp_public_cidrs_access_enabled != null || length(var.master_authorized_networks) > 0 ? [true] : []
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
@@ -918,3 +918,9 @@ variable "monitoring_metric_writer_role" {
     error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/*) or a custom role (projects/*/roles/*)."
   }
 }
+
+variable "enterprise_config" {
+  description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."
+  type        = string
+  default     = null
+}
diff --git a/variables.tf b/variables.tf
@@ -882,3 +882,9 @@ variable "monitoring_metric_writer_role" {
     error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/*) or a custom role (projects/*/roles/*)."
   }
 }
+
+variable "enterprise_config" {
+  description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."
+  type        = string
+  default     = null
+}

Original file line number	Diff line number	Diff line change
`@@ -260,6 +260,13 @@ resource "google_container_cluster" "primary" {`
`260`	`260`	`}`
`261`	`261`	`}`
`262`	`262`
	`263`	`+ dynamic "enterprise_config" {`
	`264`	`+ for_each = var.enterprise_config != null ? [1] : []`
	`265`	`+ content {`
	`266`	`+ desired_tier = var.enterprise_config`
	`267`	`+ }`
	`268`	`+ }`
	`269`	`+`
`263`	`270`	`enable_fqdn_network_policy = var.enable_fqdn_network_policy`
`264`	`271`	`{% if autopilot_cluster %}`
`265`	`272`	`enable_autopilot = true`
Original file line number	Diff line number	Diff line change
`@@ -1037,3 +1037,9 @@ variable "monitoring_metric_writer_role" {`
`1037`	`1037`	`error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/) or a custom role (projects//roles/*)."`
`1038`	`1038`	`}`
`1039`	`1039`	`}`
	`1040`	`+`
	`1041`	`+variable "enterprise_config" {`
	`1042`	`+ description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."`
	`1043`	`+ type = string`
	`1044`	`+ default = null`
	`1045`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -199,6 +199,13 @@ resource "google_container_cluster" "primary" {`
`199`	`199`	`}`
`200`	`200`	`}`
`201`	`201`
	`202`	`+ dynamic "enterprise_config" {`
	`203`	`+ for_each = var.enterprise_config != null ? [1] : []`
	`204`	`+ content {`
	`205`	`+ desired_tier = var.enterprise_config`
	`206`	`+ }`
	`207`	`+ }`
	`208`	`+`
`202`	`209`	`enable_fqdn_network_policy = var.enable_fqdn_network_policy`
`203`	`210`	`dynamic "master_authorized_networks_config" {`
`204`	`211`	`for_each = var.gcp_public_cidrs_access_enabled != null \|\| length(var.master_authorized_networks) > 0 ? [true] : []`
Original file line number	Diff line number	Diff line change
`@@ -119,6 +119,13 @@ resource "google_container_cluster" "primary" {`
`119`	`119`	`}`
`120`	`120`	`}`
`121`	`121`
	`122`	`+ dynamic "enterprise_config" {`
	`123`	`+ for_each = var.enterprise_config != null ? [1] : []`
	`124`	`+ content {`
	`125`	`+ desired_tier = var.enterprise_config`
	`126`	`+ }`
	`127`	`+ }`
	`128`	`+`
`122`	`129`	`enable_fqdn_network_policy = var.enable_fqdn_network_policy`
`123`	`130`	`enable_autopilot = true`
`124`	`131`	`dynamic "master_authorized_networks_config" {`
Original file line number	Diff line number	Diff line change
`@@ -607,3 +607,9 @@ variable "monitoring_metric_writer_role" {`
`607`	`607`	`error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/) or a custom role (projects//roles/*)."`
`608`	`608`	`}`
`609`	`609`	`}`
	`610`	`+`
	`611`	`+variable "enterprise_config" {`
	`612`	`+ description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."`
	`613`	`+ type = string`
	`614`	`+ default = null`
	`615`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -571,3 +571,9 @@ variable "monitoring_metric_writer_role" {`
`571`	`571`	`error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/) or a custom role (projects//roles/*)."`
`572`	`572`	`}`
`573`	`573`	`}`
	`574`	`+`
	`575`	`+variable "enterprise_config" {`
	`576`	`+ description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."`
	`577`	`+ type = string`
	`578`	`+ default = null`
	`579`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -212,6 +212,13 @@ resource "google_container_cluster" "primary" {`
`212`	`212`	`}`
`213`	`213`	`}`
`214`	`214`
	`215`	`+ dynamic "enterprise_config" {`
	`216`	`+ for_each = var.enterprise_config != null ? [1] : []`
	`217`	`+ content {`
	`218`	`+ desired_tier = var.enterprise_config`
	`219`	`+ }`
	`220`	`+ }`
	`221`	`+`
`215`	`222`	`enable_fqdn_network_policy = var.enable_fqdn_network_policy`
`216`	`223`	`dynamic "master_authorized_networks_config" {`
`217`	`224`	`for_each = var.enable_private_endpoint \|\| var.gcp_public_cidrs_access_enabled != null \|\| length(var.master_authorized_networks) > 0 ? [true] : []`
Original file line number	Diff line number	Diff line change
`@@ -984,3 +984,9 @@ variable "monitoring_metric_writer_role" {`
`984`	`984`	`error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/) or a custom role (projects//roles/*)."`
`985`	`985`	`}`
`986`	`986`	`}`
	`987`	`+`
	`988`	`+variable "enterprise_config" {`
	`989`	`+ description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."`
	`990`	`+ type = string`
	`991`	`+ default = null`
	`992`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -948,3 +948,9 @@ variable "monitoring_metric_writer_role" {`
`948`	`948`	`error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/) or a custom role (projects//roles/*)."`
`949`	`949`	`}`
`950`	`950`	`}`
	`951`	`+`
	`952`	`+variable "enterprise_config" {`
	`953`	`+ description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."`
	`954`	`+ type = string`
	`955`	`+ default = null`
	`956`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -918,3 +918,9 @@ variable "monitoring_metric_writer_role" {`
`918`	`918`	`error_message = "The monitoring_metric_writer_role must be either a predefined role (roles/) or a custom role (projects//roles/*)."`
`919`	`919`	`}`
`920`	`920`	`}`
	`921`	`+`
	`922`	`+variable "enterprise_config" {`
	`923`	`+ description = "(Optional) Enable or disable GKE enterprise. Valid values are DEFAULT and ENTERPRISE."`
	`924`	`+ type = string`
	`925`	`+ default = null`
	`926`	`+}`