feat!: support for gateway api for safer cluster variants (terraform-google-modules#1523)

Author: lauraseidler

autogen/safer-cluster/main.tf.tmpl

@@ -41,7 +41,8 @@ module "gke" {
   // the master upgrades.
   //
   // https://cloud.google.com/kubernetes-engine/versioning-and-upgrades
-  release_channel = var.release_channel
+  release_channel     = var.release_channel
+  gateway_api_channel = var.gateway_api_channel
 
   master_authorized_networks = var.master_authorized_networks
 

autogen/safer-cluster/variables.tf.tmpl

@@ -77,6 +77,12 @@ variable "release_channel" {
   default     = "REGULAR"
 }
 
+variable "gateway_api_channel" {
+  type        = string
+  description = "The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`."
+  default     = null
+}
+
 variable "master_authorized_networks" {
   type        = list(object({ cidr_block = string, display_name = string }))
   description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)."

modules/safer-cluster-update-variant/README.md

@@ -228,6 +228,7 @@ For simplicity, we suggest using `roles/container.admin` and
 | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
 | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers | `list(string)` | <pre>[<br>  "8443",<br>  "9443",<br>  "15017"<br>]</pre> | no |
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
+| gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no |
 | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no |
 | gke\_backup\_agent\_config | (Beta) Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no |
 | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer role. | `bool` | `true` | no |

modules/safer-cluster-update-variant/main.tf

@@ -37,7 +37,8 @@ module "gke" {
   // the master upgrades.
   //
   // https://cloud.google.com/kubernetes-engine/versioning-and-upgrades
-  release_channel = var.release_channel
+  release_channel     = var.release_channel
+  gateway_api_channel = var.gateway_api_channel
 
   master_authorized_networks = var.master_authorized_networks
 

modules/safer-cluster-update-variant/variables.tf

@@ -77,6 +77,12 @@ variable "release_channel" {
   default     = "REGULAR"
 }
 
+variable "gateway_api_channel" {
+  type        = string
+  description = "The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`."
+  default     = null
+}
+
 variable "master_authorized_networks" {
   type        = list(object({ cidr_block = string, display_name = string }))
   description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)."

modules/safer-cluster/README.md

@@ -228,6 +228,7 @@ For simplicity, we suggest using `roles/container.admin` and
 | filestore\_csi\_driver | The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes | `bool` | `false` | no |
 | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers | `list(string)` | <pre>[<br>  "8443",<br>  "9443",<br>  "15017"<br>]</pre> | no |
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
+| gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no |
 | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no |
 | gke\_backup\_agent\_config | (Beta) Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no |
 | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer role. | `bool` | `true` | no |

modules/safer-cluster/main.tf

@@ -37,7 +37,8 @@ module "gke" {
   // the master upgrades.
   //
   // https://cloud.google.com/kubernetes-engine/versioning-and-upgrades
-  release_channel = var.release_channel
+  release_channel     = var.release_channel
+  gateway_api_channel = var.gateway_api_channel
 
   master_authorized_networks = var.master_authorized_networks
 

modules/safer-cluster/variables.tf

@@ -77,6 +77,12 @@ variable "release_channel" {
   default     = "REGULAR"
 }
 
+variable "gateway_api_channel" {
+  type        = string
+  description = "The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`."
+  default     = null
+}
+
 variable "master_authorized_networks" {
   type        = list(object({ cidr_block = string, display_name = string }))
   description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)."