terraform-google-modules · apeabody · Oct 30, 2024 · Oct 24, 2024 · Oct 28, 2024 · Oct 29, 2024
diff --git a/autogen/main/dns.tf.tmpl b/autogen/main/dns.tf.tmpl
@@ -16,6 +16,7 @@
 
 {{ autogeneration_note }}
 
+{% if autopilot_cluster != true %}
 /******************************************
   Manage kube-dns configmaps
  *****************************************/
@@ -95,3 +96,4 @@ EOF
     {% endif %}
   ]
 }
+{% endif %}
diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl
@@ -78,8 +78,10 @@ locals {
   {% endif %}
 
 
+{% if autopilot_cluster != true %}
   custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
   upstream_nameservers_config = length(var.upstream_nameservers) > 0
+{% endif %}
   network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
   zone_count                  = length(var.zones)
   cluster_type                = var.regional ? "regional" : "zonal"

diff --git a/autogen/main/moved.tf.tmpl b/autogen/main/moved.tf.tmpl
@@ -14,6 +14,7 @@
  * limitations under the License.
  */
 
+{% if autopilot_cluster != true %}
 # Updates for kebab to snake case, to match best practices and Google style.
 moved {
   from = kubernetes_config_map_v1_data.kube-dns
@@ -30,6 +31,7 @@ moved {
   from = kubernetes_config_map_v1_data.kube-dns-upstream-nameservers-and-stub-domains
   to   = kubernetes_config_map_v1_data.kube_dns_upstream_nameservers_and_stub_domains
 }
+{% endif %}
 
 moved {
   from = kubernetes_config_map.ip-masq-agent

diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
@@ -357,6 +357,7 @@ variable "network_tags" {
   default = []
 }
 
+{% if autopilot_cluster != true %}
 variable "stub_domains" {
   type        = map(list(string))
   description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
@@ -368,6 +369,7 @@ variable "upstream_nameservers" {
   description = "If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf"
   default     = []
 }
+{% endif %}
 
 variable "non_masquerade_cidrs" {
   type        = list(string)

diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md
@@ -152,10 +152,8 @@ Then perform the following commands on the root folder:
 | shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
 | stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no |
 | stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no |
-| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
 | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
-| upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no |
 | workload\_config\_audit\_mode | (beta) Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC. | `string` | `"DISABLED"` | no |
 | workload\_vulnerability\_mode | (beta) Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC. | `string` | `""` | no |
 | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no |

diff --git a/modules/beta-autopilot-private-cluster/dns.tf b/modules/beta-autopilot-private-cluster/dns.tf
@@ -16,73 +16,3 @@
 
 // This file was automatically generated from a template in ./autogen/main
 
-/******************************************
-  Manage kube-dns configmaps
- *****************************************/
-
-resource "kubernetes_config_map_v1_data" "kube_dns" {
-  count = local.custom_kube_dns_config && !local.upstream_nameservers_config ? 1 : 0
-
-  metadata {
-    name      = "kube-dns"
-    namespace = "kube-system"
-  }
-
-  data = {
-    stubDomains = <<EOF
-${jsonencode(var.stub_domains)}
-EOF
-  }
-
-  force = true
-
-  depends_on = [
-    google_container_cluster.primary,
-  ]
-}
-
-resource "kubernetes_config_map_v1_data" "kube_dns_upstream_nameservers" {
-  count = !local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0
-
-  metadata {
-    name      = "kube-dns"
-    namespace = "kube-system"
-  }
-
-  data = {
-    upstreamNameservers = <<EOF
-${jsonencode(var.upstream_nameservers)}
-EOF
-  }
-
-  force = true
-
-  depends_on = [
-    google_container_cluster.primary,
-  ]
-}
-
-resource "kubernetes_config_map_v1_data" "kube_dns_upstream_nameservers_and_stub_domains" {
-  count = local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0
-
-  metadata {
-    name      = "kube-dns"
-    namespace = "kube-system"
-  }
-
-  data = {
-    upstreamNameservers = <<EOF
-${jsonencode(var.upstream_nameservers)}
-EOF
-
-    stubDomains = <<EOF
-${jsonencode(var.stub_domains)}
-EOF
-  }
-
-  force = true
-
-  depends_on = [
-    google_container_cluster.primary,
-  ]
-}
diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf
@@ -56,11 +56,9 @@ locals {
 
 
 
-  custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
-  upstream_nameservers_config = length(var.upstream_nameservers) > 0
-  network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
-  zone_count                  = length(var.zones)
-  cluster_type                = var.regional ? "regional" : "zonal"
+  network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id
+  zone_count         = length(var.zones)
+  cluster_type       = var.regional ? "regional" : "zonal"
 
   cluster_subnet_cidr       = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
   cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}

diff --git a/modules/beta-autopilot-private-cluster/moved.tf b/modules/beta-autopilot-private-cluster/moved.tf
@@ -14,22 +14,6 @@
  * limitations under the License.
  */
 
-# Updates for kebab to snake case, to match best practices and Google style.
-moved {
-  from = kubernetes_config_map_v1_data.kube-dns
-  to   = kubernetes_config_map_v1_data.kube_dns
-}
-
-# Typo fix and snake case at the same time
-moved {
-  from = kubernetes_config_map_v1_data.kube-dns-upstream-namservers
-  to   = kubernetes_config_map_v1_data.kube_dns_upstream_nameservers
-}
-
-moved {
-  from = kubernetes_config_map_v1_data.kube-dns-upstream-nameservers-and-stub-domains
-  to   = kubernetes_config_map_v1_data.kube_dns_upstream_nameservers_and_stub_domains
-}
 
 moved {
   from = kubernetes_config_map.ip-masq-agent

diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf
@@ -185,17 +185,6 @@ variable "network_tags" {
   default     = []
 }
 
-variable "stub_domains" {
-  type        = map(list(string))
-  description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
-  default     = {}
-}
-
-variable "upstream_nameservers" {
-  type        = list(string)
-  description = "If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf"
-  default     = []
-}
 
 variable "non_masquerade_cidrs" {
   type        = list(string)

diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md
@@ -140,10 +140,8 @@ Then perform the following commands on the root folder:
 | shadow\_firewall\_rules\_priority | The firewall priority of GKE shadow firewall rules. The priority should be less than default firewall, which is 1000. | `number` | `999` | no |
 | stack\_type | The stack type to use for this cluster. Either `IPV4` or `IPV4_IPV6`. Defaults to `IPV4`. | `string` | `"IPV4"` | no |
 | stateful\_ha | Whether the Stateful HA Addon is enabled for this cluster. | `bool` | `false` | no |
-| stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes |
 | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no |
-| upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no |
 | workload\_config\_audit\_mode | (beta) Sets which mode of auditing should be used for the cluster's workloads. Accepted values are DISABLED, BASIC. | `string` | `"DISABLED"` | no |
 | workload\_vulnerability\_mode | (beta) Sets which mode to use for Protect workload vulnerability scanning feature. Accepted values are DISABLED, BASIC. | `string` | `""` | no |
 | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no |

diff --git a/modules/beta-autopilot-public-cluster/dns.tf b/modules/beta-autopilot-public-cluster/dns.tf
@@ -16,73 +16,3 @@
 
 // This file was automatically generated from a template in ./autogen/main
 
-/******************************************
-  Manage kube-dns configmaps
- *****************************************/
-
-resource "kubernetes_config_map_v1_data" "kube_dns" {
-  count = local.custom_kube_dns_config && !local.upstream_nameservers_config ? 1 : 0
-
-  metadata {
-    name      = "kube-dns"
-    namespace = "kube-system"
-  }
-
-  data = {
-    stubDomains = <<EOF
-${jsonencode(var.stub_domains)}
-EOF
-  }
-
-  force = true
-
-  depends_on = [
-    google_container_cluster.primary,
-  ]
-}
-
-resource "kubernetes_config_map_v1_data" "kube_dns_upstream_nameservers" {
-  count = !local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0
-
-  metadata {
-    name      = "kube-dns"
-    namespace = "kube-system"
-  }
-
-  data = {
-    upstreamNameservers = <<EOF
-${jsonencode(var.upstream_nameservers)}
-EOF
-  }
-
-  force = true
-
-  depends_on = [
-    google_container_cluster.primary,
-  ]
-}
-
-resource "kubernetes_config_map_v1_data" "kube_dns_upstream_nameservers_and_stub_domains" {
-  count = local.custom_kube_dns_config && local.upstream_nameservers_config ? 1 : 0
-
-  metadata {
-    name      = "kube-dns"
-    namespace = "kube-system"
-  }
-
-  data = {
-    upstreamNameservers = <<EOF
-${jsonencode(var.upstream_nameservers)}
-EOF
-
-    stubDomains = <<EOF
-${jsonencode(var.stub_domains)}
-EOF
-  }
-
-  force = true
-
-  depends_on = [
-    google_container_cluster.primary,
-  ]
-}
diff --git a/modules/beta-autopilot-public-cluster/main.tf b/modules/beta-autopilot-public-cluster/main.tf
@@ -56,11 +56,9 @@ locals {
 
 
 
-  custom_kube_dns_config      = length(keys(var.stub_domains)) > 0
-  upstream_nameservers_config = length(var.upstream_nameservers) > 0
-  network_project_id          = var.network_project_id != "" ? var.network_project_id : var.project_id
-  zone_count                  = length(var.zones)
-  cluster_type                = var.regional ? "regional" : "zonal"
+  network_project_id = var.network_project_id != "" ? var.network_project_id : var.project_id
+  zone_count         = length(var.zones)
+  cluster_type       = var.regional ? "regional" : "zonal"
 
   cluster_subnet_cidr       = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null
   cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {}

diff --git a/modules/beta-autopilot-public-cluster/moved.tf b/modules/beta-autopilot-public-cluster/moved.tf
@@ -14,22 +14,6 @@
  * limitations under the License.
  */
 
-# Updates for kebab to snake case, to match best practices and Google style.
-moved {
-  from = kubernetes_config_map_v1_data.kube-dns
-  to   = kubernetes_config_map_v1_data.kube_dns
-}
-
-# Typo fix and snake case at the same time
-moved {
-  from = kubernetes_config_map_v1_data.kube-dns-upstream-namservers
-  to   = kubernetes_config_map_v1_data.kube_dns_upstream_nameservers
-}
-
-moved {
-  from = kubernetes_config_map_v1_data.kube-dns-upstream-nameservers-and-stub-domains
-  to   = kubernetes_config_map_v1_data.kube_dns_upstream_nameservers_and_stub_domains
-}
 
 moved {
   from = kubernetes_config_map.ip-masq-agent

diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf
@@ -185,17 +185,6 @@ variable "network_tags" {
   default     = []
 }
 
-variable "stub_domains" {
-  type        = map(list(string))
-  description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
-  default     = {}
-}
-
-variable "upstream_nameservers" {
-  type        = list(string)
-  description = "If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf"
-  default     = []
-}
 
 variable "non_masquerade_cidrs" {
   type        = list(string)