terraform-google-modules
diff --git a/‎README.md
Lines changed: 2 additions & 0 deletions b/‎README.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎autogen/main/cluster.tf.tmpl
Lines changed: 13 additions & 18 deletions b/‎autogen/main/cluster.tf.tmpl
Lines changed: 13 additions & 18 deletions
diff --git a/‎autogen/main/main.tf.tmpl
Lines changed: 0 additions & 2 deletions b/‎autogen/main/main.tf.tmpl
Lines changed: 0 additions & 2 deletions
diff --git a/‎autogen/main/variables.tf.tmpl
Lines changed: 0 additions & 2 deletions b/‎autogen/main/variables.tf.tmpl
Lines changed: 0 additions & 2 deletions
diff --git a/‎cluster.tf
Lines changed: 21 additions & 4 deletions b/‎cluster.tf
Lines changed: 21 additions & 4 deletions
diff --git a/‎main.tf
Lines changed: 2 additions & 0 deletions b/‎main.tf
Lines changed: 2 additions & 0 deletions
diff --git a/‎modules/beta-autopilot-private-cluster/cluster.tf
Lines changed: 13 additions & 10 deletions b/‎modules/beta-autopilot-private-cluster/cluster.tf
Lines changed: 13 additions & 10 deletions
diff --git a/‎modules/beta-autopilot-public-cluster/cluster.tf
Lines changed: 13 additions & 10 deletions b/‎modules/beta-autopilot-public-cluster/cluster.tf
Lines changed: 13 additions & 10 deletions
diff --git a/‎modules/beta-private-cluster-update-variant/cluster.tf
Lines changed: 13 additions & 10 deletions b/‎modules/beta-private-cluster-update-variant/cluster.tf
Lines changed: 13 additions & 10 deletions
diff --git a/‎modules/beta-private-cluster/cluster.tf
Lines changed: 13 additions & 10 deletions b/‎modules/beta-private-cluster/cluster.tf
Lines changed: 13 additions & 10 deletions
diff --git a/‎modules/beta-public-cluster-update-variant/cluster.tf
Lines changed: 13 additions & 10 deletions b/‎modules/beta-public-cluster-update-variant/cluster.tf
Lines changed: 13 additions & 10 deletions
@@ -160,7 +160,9 @@ Then perform the following commands on the root folder:
 | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no |
 | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no |
 | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | `string` | `"logging.googleapis.com/kubernetes"` | no |
+| maintenance\_end\_time | Time window specified for recurring maintenance operations in RFC3339 format | `string` | `""` | no |
 | maintenance\_exclusions | List of maintenance exclusions. A cluster can have up to three | `list(object({ name = string, start_time = string, end_time = string, exclusion_scope = string }))` | `[]` | no |
+| maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no |
 | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no |
 | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no |
 | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | `string` | `"monitoring.googleapis.com/kubernetes"` | no |
 
@@ -234,16 +234,14 @@ resource "google_container_cluster" "primary" {
 
   datapath_provider = var.datapath_provider
 
-  {% if beta_cluster %}
   networking_mode = "VPC_NATIVE"
-  {% endif %}
+
   ip_allocation_policy {
     cluster_secondary_range_name  = var.ip_range_pods
     services_secondary_range_name = var.ip_range_services
   }
 
   maintenance_policy {
-  {% if beta_cluster %}
     dynamic "recurring_window" {
       for_each = local.cluster_maintenance_window_is_recurring
       content {
@@ -253,31 +251,28 @@ resource "google_container_cluster" "primary" {
       }
     }
 
-    dynamic "daily_maintenance_window" {
-      for_each = local.cluster_maintenance_window_is_daily
-      content {
-        start_time = var.maintenance_start_time
-      }
-    }
-
-  {% else %}
-    daily_maintenance_window {
-      start_time = var.maintenance_start_time
-    }
-  {% endif %}
-
     dynamic "maintenance_exclusion" {
       for_each = var.maintenance_exclusions
       content {
         exclusion_name = maintenance_exclusion.value.name
         start_time     = maintenance_exclusion.value.start_time
         end_time       = maintenance_exclusion.value.end_time
 
-        exclusion_options {
-          scope = maintenance_exclusion.value.exclusion_options == null ? "NO_UPGRADES" : maintenance_exclusion.value.exclusion_options
+        dynamic "exclusion_options" {
+          for_each = maintenance_exclusion.value["scope"] == null ? [] : [maintenance_exclusion.value["scope"]]
+          content {
+            scope = exclusion_options.value
+          }
         }
       }
     }
+
+    dynamic "daily_maintenance_window" {
+      for_each = local.cluster_maintenance_window_is_daily
+      content {
+        start_time = var.maintenance_start_time
+      }
+    }
   }
 
   {% if autopilot_cluster != true %}
 
@@ -213,10 +213,8 @@ locals {
   # /BETA features
 {% endif %}
 
-{% if beta_cluster %}
   cluster_maintenance_window_is_recurring = var.maintenance_recurrence != "" && var.maintenance_end_time != "" ? [1] : []
   cluster_maintenance_window_is_daily     = length(local.cluster_maintenance_window_is_recurring) > 0 ? [] : [1]
-{% endif %}
 }
 
 /******************************************
 
@@ -114,7 +114,6 @@ variable "maintenance_exclusions" {
   default = []
 }
 
-{% if beta_cluster %}
 variable "maintenance_end_time" {
   type        = string
   description = "Time window specified for recurring maintenance operations in RFC3339 format"
@@ -126,7 +125,6 @@ variable "maintenance_recurrence" {
   description = "Frequency of the recurring maintenance window in RFC5545 format."
   default     = ""
 }
-{% endif %}
 
 variable "ip_range_pods" {
   type        = string
 
@@ -118,14 +118,21 @@ resource "google_container_cluster" "primary" {
 
   datapath_provider = var.datapath_provider
 
+  networking_mode = "VPC_NATIVE"
+
   ip_allocation_policy {
     cluster_secondary_range_name  = var.ip_range_pods
     services_secondary_range_name = var.ip_range_services
   }
 
   maintenance_policy {
-    daily_maintenance_window {
-      start_time = var.maintenance_start_time
+    dynamic "recurring_window" {
+      for_each = local.cluster_maintenance_window_is_recurring
+      content {
+        start_time = var.maintenance_start_time
+        end_time   = var.maintenance_end_time
+        recurrence = var.maintenance_recurrence
+      }
     }
 
     dynamic "maintenance_exclusion" {
@@ -135,11 +142,21 @@ resource "google_container_cluster" "primary" {
         start_time     = maintenance_exclusion.value.start_time
         end_time       = maintenance_exclusion.value.end_time
 
-        exclusion_options {
-          scope = maintenance_exclusion.value.exclusion_options == null ? "NO_UPGRADES" : maintenance_exclusion.value.exclusion_options
+        dynamic "exclusion_options" {
+          for_each = maintenance_exclusion.value["scope"] == null ? [] : [maintenance_exclusion.value["scope"]]
+          content {
+            scope = exclusion_options.value
+          }
         }
       }
     }
+
+    dynamic "daily_maintenance_window" {
+      for_each = local.cluster_maintenance_window_is_daily
+      content {
+        start_time = var.maintenance_start_time
+      }
+    }
   }
 
   lifecycle {
 
@@ -143,6 +143,8 @@ locals {
     workload_pool = "${var.project_id}.svc.id.goog" }] : [{ workload_pool = var.identity_namespace
   }]
 
+  cluster_maintenance_window_is_recurring = var.maintenance_recurrence != "" && var.maintenance_end_time != "" ? [1] : []
+  cluster_maintenance_window_is_daily     = length(local.cluster_maintenance_window_is_recurring) > 0 ? [] : [1]
 }
 
 /******************************************
 
@@ -92,6 +92,7 @@ resource "google_container_cluster" "primary" {
   datapath_provider = var.datapath_provider
 
   networking_mode = "VPC_NATIVE"
+
   ip_allocation_policy {
     cluster_secondary_range_name  = var.ip_range_pods
     services_secondary_range_name = var.ip_range_services
@@ -107,26 +108,28 @@ resource "google_container_cluster" "primary" {
       }
     }
 
-    dynamic "daily_maintenance_window" {
-      for_each = local.cluster_maintenance_window_is_daily
-      content {
-        start_time = var.maintenance_start_time
-      }
-    }
-
-
     dynamic "maintenance_exclusion" {
       for_each = var.maintenance_exclusions
       content {
         exclusion_name = maintenance_exclusion.value.name
         start_time     = maintenance_exclusion.value.start_time
         end_time       = maintenance_exclusion.value.end_time
 
-        exclusion_options {
-          scope = maintenance_exclusion.value.exclusion_options == null ? "NO_UPGRADES" : maintenance_exclusion.value.exclusion_options
+        dynamic "exclusion_options" {
+          for_each = maintenance_exclusion.value["scope"] == null ? [] : [maintenance_exclusion.value["scope"]]
+          content {
+            scope = exclusion_options.value
+          }
         }
       }
     }
+
+    dynamic "daily_maintenance_window" {
+      for_each = local.cluster_maintenance_window_is_daily
+      content {
+        start_time = var.maintenance_start_time
+      }
+    }
   }
 
 
 
@@ -92,6 +92,7 @@ resource "google_container_cluster" "primary" {
   datapath_provider = var.datapath_provider
 
   networking_mode = "VPC_NATIVE"
+
   ip_allocation_policy {
     cluster_secondary_range_name  = var.ip_range_pods
     services_secondary_range_name = var.ip_range_services
@@ -107,26 +108,28 @@ resource "google_container_cluster" "primary" {
       }
     }
 
-    dynamic "daily_maintenance_window" {
-      for_each = local.cluster_maintenance_window_is_daily
-      content {
-        start_time = var.maintenance_start_time
-      }
-    }
-
-
     dynamic "maintenance_exclusion" {
       for_each = var.maintenance_exclusions
       content {
         exclusion_name = maintenance_exclusion.value.name
         start_time     = maintenance_exclusion.value.start_time
         end_time       = maintenance_exclusion.value.end_time
 
-        exclusion_options {
-          scope = maintenance_exclusion.value.exclusion_options == null ? "NO_UPGRADES" : maintenance_exclusion.value.exclusion_options
+        dynamic "exclusion_options" {
+          for_each = maintenance_exclusion.value["scope"] == null ? [] : [maintenance_exclusion.value["scope"]]
+          content {
+            scope = exclusion_options.value
+          }
         }
       }
     }
+
+    dynamic "daily_maintenance_window" {
+      for_each = local.cluster_maintenance_window_is_daily
+      content {
+        start_time = var.maintenance_start_time
+      }
+    }
   }
 
 
 
@@ -203,6 +203,7 @@ resource "google_container_cluster" "primary" {
   datapath_provider = var.datapath_provider
 
   networking_mode = "VPC_NATIVE"
+
   ip_allocation_policy {
     cluster_secondary_range_name  = var.ip_range_pods
     services_secondary_range_name = var.ip_range_services
@@ -218,26 +219,28 @@ resource "google_container_cluster" "primary" {
       }
     }
 
-    dynamic "daily_maintenance_window" {
-      for_each = local.cluster_maintenance_window_is_daily
-      content {
-        start_time = var.maintenance_start_time
-      }
-    }
-
-
     dynamic "maintenance_exclusion" {
       for_each = var.maintenance_exclusions
       content {
         exclusion_name = maintenance_exclusion.value.name
         start_time     = maintenance_exclusion.value.start_time
         end_time       = maintenance_exclusion.value.end_time
 
-        exclusion_options {
-          scope = maintenance_exclusion.value.exclusion_options == null ? "NO_UPGRADES" : maintenance_exclusion.value.exclusion_options
+        dynamic "exclusion_options" {
+          for_each = maintenance_exclusion.value["scope"] == null ? [] : [maintenance_exclusion.value["scope"]]
+          content {
+            scope = exclusion_options.value
+          }
         }
       }
     }
+
+    dynamic "daily_maintenance_window" {
+      for_each = local.cluster_maintenance_window_is_daily
+      content {
+        start_time = var.maintenance_start_time
+      }
+    }
   }
 
   lifecycle {
 
@@ -203,6 +203,7 @@ resource "google_container_cluster" "primary" {
   datapath_provider = var.datapath_provider
 
   networking_mode = "VPC_NATIVE"
+
   ip_allocation_policy {
     cluster_secondary_range_name  = var.ip_range_pods
     services_secondary_range_name = var.ip_range_services
@@ -218,26 +219,28 @@ resource "google_container_cluster" "primary" {
       }
     }
 
-    dynamic "daily_maintenance_window" {
-      for_each = local.cluster_maintenance_window_is_daily
-      content {
-        start_time = var.maintenance_start_time
-      }
-    }
-
-
     dynamic "maintenance_exclusion" {
       for_each = var.maintenance_exclusions
       content {
         exclusion_name = maintenance_exclusion.value.name
         start_time     = maintenance_exclusion.value.start_time
         end_time       = maintenance_exclusion.value.end_time
 
-        exclusion_options {
-          scope = maintenance_exclusion.value.exclusion_options == null ? "NO_UPGRADES" : maintenance_exclusion.value.exclusion_options
+        dynamic "exclusion_options" {
+          for_each = maintenance_exclusion.value["scope"] == null ? [] : [maintenance_exclusion.value["scope"]]
+          content {
+            scope = exclusion_options.value
+          }
         }
       }
     }
+
+    dynamic "daily_maintenance_window" {
+      for_each = local.cluster_maintenance_window_is_daily
+      content {
+        start_time = var.maintenance_start_time
+      }
+    }
   }
 
   lifecycle {
 
@@ -203,6 +203,7 @@ resource "google_container_cluster" "primary" {
   datapath_provider = var.datapath_provider
 
   networking_mode = "VPC_NATIVE"
+
   ip_allocation_policy {
     cluster_secondary_range_name  = var.ip_range_pods
     services_secondary_range_name = var.ip_range_services
@@ -218,26 +219,28 @@ resource "google_container_cluster" "primary" {
       }
     }
 
-    dynamic "daily_maintenance_window" {
-      for_each = local.cluster_maintenance_window_is_daily
-      content {
-        start_time = var.maintenance_start_time
-      }
-    }
-
-
     dynamic "maintenance_exclusion" {
       for_each = var.maintenance_exclusions
       content {
         exclusion_name = maintenance_exclusion.value.name
         start_time     = maintenance_exclusion.value.start_time
         end_time       = maintenance_exclusion.value.end_time
 
-        exclusion_options {
-          scope = maintenance_exclusion.value.exclusion_options == null ? "NO_UPGRADES" : maintenance_exclusion.value.exclusion_options
+        dynamic "exclusion_options" {
+          for_each = maintenance_exclusion.value["scope"] == null ? [] : [maintenance_exclusion.value["scope"]]
+          content {
+            scope = exclusion_options.value
+          }
         }
       }
     }
+
+    dynamic "daily_maintenance_window" {
+      for_each = local.cluster_maintenance_window_is_daily
+      content {
+        start_time = var.maintenance_start_time
+      }
+    }
   }
 
   lifecycle {
Original file line number	Diff line number	Diff line change
`@@ -213,10 +213,8 @@ locals {`
`213`	`213`	`# /BETA features`
`214`	`214`	`{% endif %}`
`215`	`215`
`216`		`-{% if beta_cluster %}`
`217`	`216`	`cluster_maintenance_window_is_recurring = var.maintenance_recurrence != "" && var.maintenance_end_time != "" ? [1] : []`
`218`	`217`	`cluster_maintenance_window_is_daily = length(local.cluster_maintenance_window_is_recurring) > 0 ? [] : [1]`
`219`		`-{% endif %}`
`220`	`218`	`}`
`221`	`219`
`222`	`220`	`/******************************************`
Original file line number	Diff line number	Diff line change
`@@ -114,7 +114,6 @@ variable "maintenance_exclusions" {`
`114`	`114`	`default = []`
`115`	`115`	`}`
`116`	`116`
`117`		`-{% if beta_cluster %}`
`118`	`117`	`variable "maintenance_end_time" {`
`119`	`118`	`type = string`
`120`	`119`	`description = "Time window specified for recurring maintenance operations in RFC3339 format"`
`@@ -126,7 +125,6 @@ variable "maintenance_recurrence" {`
`126`	`125`	`description = "Frequency of the recurring maintenance window in RFC5545 format."`
`127`	`126`	`default = ""`
`128`	`127`	`}`
`129`		`-{% endif %}`
`130`	`128`
`131`	`129`	`variable "ip_range_pods" {`
`132`	`130`	`type = string`
Original file line number	Diff line number	Diff line change
`@@ -143,6 +143,8 @@ locals {`
`143`	`143`	`workload_pool = "${var.project_id}.svc.id.goog" }] : [{ workload_pool = var.identity_namespace`
`144`	`144`	`}]`
`145`	`145`
	`146`	`+ cluster_maintenance_window_is_recurring = var.maintenance_recurrence != "" && var.maintenance_end_time != "" ? [1] : []`
	`147`	`+ cluster_maintenance_window_is_daily = length(local.cluster_maintenance_window_is_recurring) > 0 ? [] : [1]`
`146`	`148`	`}`
`147`	`149`
`148`	`150`	`/******************************************`