diff --git a/autogen/main/dns.tf.tmpl b/autogen/main/dns.tf.tmpl index bb472c1416..24abfcb85a 100644 --- a/autogen/main/dns.tf.tmpl +++ b/autogen/main/dns.tf.tmpl @@ -16,6 +16,7 @@ {{ autogeneration_note }} +{% if autopilot_cluster != true %} /****************************************** Manage kube-dns configmaps *****************************************/ @@ -95,3 +96,4 @@ EOF {% endif %} ] } +{% endif %} diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index a7c8afe484..806feda05b 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -78,8 +78,10 @@ locals { {% endif %} +{% if autopilot_cluster != true %} custom_kube_dns_config = length(keys(var.stub_domains)) > 0 upstream_nameservers_config = length(var.upstream_nameservers) > 0 +{% endif %} network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id zone_count = length(var.zones) cluster_type = var.regional ? "regional" : "zonal" diff --git a/autogen/main/moved.tf.tmpl b/autogen/main/moved.tf.tmpl index a745d16489..0c8076bec3 100644 --- a/autogen/main/moved.tf.tmpl +++ b/autogen/main/moved.tf.tmpl @@ -14,6 +14,7 @@ * limitations under the License. */ +{% if autopilot_cluster != true %} # Updates for kebab to snake case, to match best practices and Google style. moved { from = kubernetes_config_map_v1_data.kube-dns @@ -30,6 +31,7 @@ moved { from = kubernetes_config_map_v1_data.kube-dns-upstream-nameservers-and-stub-domains to = kubernetes_config_map_v1_data.kube_dns_upstream_nameservers_and_stub_domains } +{% endif %} moved { from = kubernetes_config_map.ip-masq-agent diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 6d3d60ae41..7466acecd9 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -357,6 +357,7 @@ variable "network_tags" { default = [] } +{% if autopilot_cluster != true %} variable "stub_domains" { type = map(list(string)) description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" @@ -368,6 +369,7 @@ variable "upstream_nameservers" { description = "If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf" default = [] } +{% endif %} variable "non_masquerade_cidrs" { type = list(string) diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 930a3c0199..bbd101ad5b 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -152,10 +152,8 @@ Then perform the following commands on the root folder: | shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no | | stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no | | stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no | -| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | -| upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | | workload\_config\_audit\_mode | (beta) Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC. | `string` | `"DISABLED"` | no | | workload\_vulnerability\_mode | (beta) Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC. | `string` | `""` | no | | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no | diff --git a/modules/beta-autopilot-private-cluster/dns.tf b/modules/beta-autopilot-private-cluster/dns.tf index b23714a870..3353d2dbb6 100644 --- a/modules/beta-autopilot-private-cluster/dns.tf +++ b/modules/beta-autopilot-private-cluster/dns.tf @@ -16,73 +16,3 @@ // This file was automatically generated from a template in ./autogen/main -/****************************************** - Manage kube-dns configmaps - *****************************************/ - -resource "kubernetes_config_map_v1_data" "kube_dns" { - count = local.custom_kube_dns_config && !local.upstream_nameservers_config ? 1 : 0 - - metadata { - name = "kube-dns" - namespace = "kube-system" - } - - data = { - stubDomains = < 0 - upstream_nameservers_config = length(var.upstream_nameservers) > 0 - network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id - zone_count = length(var.zones) - cluster_type = var.regional ? "regional" : "zonal" + network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id + zone_count = length(var.zones) + cluster_type = var.regional ? "regional" : "zonal" cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} diff --git a/modules/beta-autopilot-private-cluster/moved.tf b/modules/beta-autopilot-private-cluster/moved.tf index a745d16489..5535a5721e 100644 --- a/modules/beta-autopilot-private-cluster/moved.tf +++ b/modules/beta-autopilot-private-cluster/moved.tf @@ -14,22 +14,6 @@ * limitations under the License. */ -# Updates for kebab to snake case, to match best practices and Google style. -moved { - from = kubernetes_config_map_v1_data.kube-dns - to = kubernetes_config_map_v1_data.kube_dns -} - -# Typo fix and snake case at the same time -moved { - from = kubernetes_config_map_v1_data.kube-dns-upstream-namservers - to = kubernetes_config_map_v1_data.kube_dns_upstream_nameservers -} - -moved { - from = kubernetes_config_map_v1_data.kube-dns-upstream-nameservers-and-stub-domains - to = kubernetes_config_map_v1_data.kube_dns_upstream_nameservers_and_stub_domains -} moved { from = kubernetes_config_map.ip-masq-agent diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index b8d087b804..19a37b243a 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -185,17 +185,6 @@ variable "network_tags" { default = [] } -variable "stub_domains" { - type = map(list(string)) - description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" - default = {} -} - -variable "upstream_nameservers" { - type = list(string) - description = "If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf" - default = [] -} variable "non_masquerade_cidrs" { type = list(string) diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 9df58422ce..52614332f8 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -140,10 +140,8 @@ Then perform the following commands on the root folder: | shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no | | stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no | | stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no | -| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | -| upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | | workload\_config\_audit\_mode | (beta) Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC. | `string` | `"DISABLED"` | no | | workload\_vulnerability\_mode | (beta) Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC. | `string` | `""` | no | | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no | diff --git a/modules/beta-autopilot-public-cluster/dns.tf b/modules/beta-autopilot-public-cluster/dns.tf index b23714a870..3353d2dbb6 100644 --- a/modules/beta-autopilot-public-cluster/dns.tf +++ b/modules/beta-autopilot-public-cluster/dns.tf @@ -16,73 +16,3 @@ // This file was automatically generated from a template in ./autogen/main -/****************************************** - Manage kube-dns configmaps - *****************************************/ - -resource "kubernetes_config_map_v1_data" "kube_dns" { - count = local.custom_kube_dns_config && !local.upstream_nameservers_config ? 1 : 0 - - metadata { - name = "kube-dns" - namespace = "kube-system" - } - - data = { - stubDomains = < 0 - upstream_nameservers_config = length(var.upstream_nameservers) > 0 - network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id - zone_count = length(var.zones) - cluster_type = var.regional ? "regional" : "zonal" + network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id + zone_count = length(var.zones) + cluster_type = var.regional ? "regional" : "zonal" cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} diff --git a/modules/beta-autopilot-public-cluster/moved.tf b/modules/beta-autopilot-public-cluster/moved.tf index a745d16489..5535a5721e 100644 --- a/modules/beta-autopilot-public-cluster/moved.tf +++ b/modules/beta-autopilot-public-cluster/moved.tf @@ -14,22 +14,6 @@ * limitations under the License. */ -# Updates for kebab to snake case, to match best practices and Google style. -moved { - from = kubernetes_config_map_v1_data.kube-dns - to = kubernetes_config_map_v1_data.kube_dns -} - -# Typo fix and snake case at the same time -moved { - from = kubernetes_config_map_v1_data.kube-dns-upstream-namservers - to = kubernetes_config_map_v1_data.kube_dns_upstream_nameservers -} - -moved { - from = kubernetes_config_map_v1_data.kube-dns-upstream-nameservers-and-stub-domains - to = kubernetes_config_map_v1_data.kube_dns_upstream_nameservers_and_stub_domains -} moved { from = kubernetes_config_map.ip-masq-agent diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index 22a05337af..377b5c561c 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -185,17 +185,6 @@ variable "network_tags" { default = [] } -variable "stub_domains" { - type = map(list(string)) - description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server" - default = {} -} - -variable "upstream_nameservers" { - type = list(string) - description = "If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf" - default = [] -} variable "non_masquerade_cidrs" { type = list(string)