feat: add configconnector to safer variant (#581)

Author: jmymy

autogen/safer-cluster/main.tf.tmpl

@@ -128,6 +128,8 @@ module "gke" {
 
   dns_cache = var.dns_cache
 
+  config_connector = var.config_connector
+
   default_max_pods_per_node = var.default_max_pods_per_node
 
   database_encryption = var.database_encryption

autogen/safer-cluster/variables.tf.tmpl

@@ -360,3 +360,9 @@ variable "firewall_inbound_ports" {
   description = "List of TCP ports for admission/webhook controllers"
   default     = ["8443", "9443", "15017"]
 }
+
+variable "config_connector" {
+  type        = bool
+  description = "(Beta) Whether ConfigConnector is enabled for this cluster."
+  default     = false
+}

modules/safer-cluster-update-variant/README.md

@@ -205,6 +205,7 @@ For simplicity, we suggest using `roles/container.admin` and
 | cloudrun | (Beta) Enable CloudRun addon | string | `"false"` | no |
 | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | map(string) | `<map>` | no |
 | compute\_engine\_service\_account | Use the given service account for nodes rather than creating a new dedicated service account. | string | `""` | no |
+| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | bool | `"false"` | no |
 | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key. | object | `<list>` | no |
 | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | string | `"110"` | no |
 | description | The description of the cluster | string | `""` | no |

modules/safer-cluster-update-variant/main.tf

@@ -124,6 +124,8 @@ module "gke" {
 
   dns_cache = var.dns_cache
 
+  config_connector = var.config_connector
+
   default_max_pods_per_node = var.default_max_pods_per_node
 
   database_encryption = var.database_encryption

modules/safer-cluster-update-variant/variables.tf

@@ -360,3 +360,9 @@ variable "firewall_inbound_ports" {
   description = "List of TCP ports for admission/webhook controllers"
   default     = ["8443", "9443", "15017"]
 }
+
+variable "config_connector" {
+  type        = bool
+  description = "(Beta) Whether ConfigConnector is enabled for this cluster."
+  default     = false
+}

modules/safer-cluster/README.md

@@ -205,6 +205,7 @@ For simplicity, we suggest using `roles/container.admin` and
 | cloudrun | (Beta) Enable CloudRun addon | string | `"false"` | no |
 | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | map(string) | `<map>` | no |
 | compute\_engine\_service\_account | Use the given service account for nodes rather than creating a new dedicated service account. | string | `""` | no |
+| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | bool | `"false"` | no |
 | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key. | object | `<list>` | no |
 | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | string | `"110"` | no |
 | description | The description of the cluster | string | `""` | no |

modules/safer-cluster/main.tf

@@ -124,6 +124,8 @@ module "gke" {
 
   dns_cache = var.dns_cache
 
+  config_connector = var.config_connector
+
   default_max_pods_per_node = var.default_max_pods_per_node
 
   database_encryption = var.database_encryption

modules/safer-cluster/variables.tf

@@ -360,3 +360,9 @@ variable "firewall_inbound_ports" {
   description = "List of TCP ports for admission/webhook controllers"
   default     = ["8443", "9443", "15017"]
 }
+
+variable "config_connector" {
+  type        = bool
+  description = "(Beta) Whether ConfigConnector is enabled for this cluster."
+  default     = false
+}