From ba27a173f5393db2fe6c261878ccb9ab68de11fc Mon Sep 17 00:00:00 2001 From: Tat Chiu Leung Date: Fri, 22 Aug 2025 12:51:32 -0400 Subject: [PATCH] feat: add auto_monitoring_config in GKE managed_prometheus --- README.md | 1 + autogen/main/cluster.tf.tmpl | 6 ++++++ autogen/main/variables.tf.tmpl | 17 +++++++++++++++++ cluster.tf | 6 ++++++ metadata.yaml | 4 ++++ .../README.md | 1 + .../cluster.tf | 6 ++++++ .../metadata.yaml | 4 ++++ .../variables.tf | 17 +++++++++++++++++ modules/beta-private-cluster/README.md | 1 + modules/beta-private-cluster/cluster.tf | 6 ++++++ modules/beta-private-cluster/metadata.yaml | 4 ++++ modules/beta-private-cluster/variables.tf | 17 +++++++++++++++++ .../README.md | 1 + .../cluster.tf | 6 ++++++ .../metadata.yaml | 4 ++++ .../variables.tf | 17 +++++++++++++++++ modules/beta-public-cluster/README.md | 1 + modules/beta-public-cluster/cluster.tf | 6 ++++++ modules/beta-public-cluster/metadata.yaml | 4 ++++ modules/beta-public-cluster/variables.tf | 17 +++++++++++++++++ modules/gke-autopilot-cluster/metadata.yaml | 2 +- .../private-cluster-update-variant/README.md | 1 + .../private-cluster-update-variant/cluster.tf | 6 ++++++ .../metadata.yaml | 4 ++++ .../private-cluster-update-variant/variables.tf | 17 +++++++++++++++++ modules/private-cluster/README.md | 1 + modules/private-cluster/cluster.tf | 6 ++++++ modules/private-cluster/metadata.yaml | 4 ++++ modules/private-cluster/variables.tf | 17 +++++++++++++++++ variables.tf | 17 +++++++++++++++++ 31 files changed, 220 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index cdbd00bbc7..f73da0d508 100644 --- a/README.md +++ b/README.md @@ -219,6 +219,7 @@ Then perform the following commands on the root folder: | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | +| monitoring\_auto\_monitoring\_config\_scope | Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE | `string` | `"NONE"` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 3fac2124f7..51c92c5002 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -125,6 +125,12 @@ resource "google_container_cluster" "primary" { {% if autopilot_cluster != true %} managed_prometheus { enabled = var.monitoring_enable_managed_prometheus == null ? false : var.monitoring_enable_managed_prometheus + dynamic "auto_monitoring_config" { + for_each = var.monitoring_enable_managed_prometheus == true && var.monitoring_auto_monitoring_config_scope != null ? [1] : [] + content { + scope = var.monitoring_auto_monitoring_config_scope + } + } } advanced_datapath_observability_config { enable_metrics = var.monitoring_enable_observability_metrics diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index a9e0f84162..765d0a9600 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -986,6 +986,23 @@ variable "monitoring_enable_managed_prometheus" { default = null } +variable "monitoring_auto_monitoring_config_scope" { + default = "NONE" + description = "Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE" + type = string + + validation { + condition = contains( + [ + "ALL", + "NONE", + ], + var.monitoring_auto_monitoring_config_scope + ) + error_message = "'monitoring_auto_monitoring_config_scope' value is invalid" + } +} + variable "monitoring_enable_observability_metrics" { type = bool description = "Whether or not the advanced datapath metrics are enabled." diff --git a/cluster.tf b/cluster.tf index eb9ca74a5b..8a25cdeed7 100644 --- a/cluster.tf +++ b/cluster.tf @@ -102,6 +102,12 @@ resource "google_container_cluster" "primary" { enable_components = var.monitoring_enabled_components managed_prometheus { enabled = var.monitoring_enable_managed_prometheus == null ? false : var.monitoring_enable_managed_prometheus + dynamic "auto_monitoring_config" { + for_each = var.monitoring_enable_managed_prometheus == true && var.monitoring_auto_monitoring_config_scope != null ? [1] : [] + content { + scope = var.monitoring_auto_monitoring_config_scope + } + } } advanced_datapath_observability_config { enable_metrics = var.monitoring_enable_observability_metrics diff --git a/metadata.yaml b/metadata.yaml index c5f11ab732..67706d680d 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -701,6 +701,10 @@ spec: - name: monitoring_enable_managed_prometheus description: Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. varType: bool + - name: monitoring_auto_monitoring_config_scope + description: "Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE" + varType: string + defaultValue: NONE - name: monitoring_enable_observability_metrics description: Whether or not the advanced datapath metrics are enabled. varType: bool diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 3754714166..3cb0919c38 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -263,6 +263,7 @@ Then perform the following commands on the root folder: | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | | master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | +| monitoring\_auto\_monitoring\_config\_scope | Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE | `string` | `"NONE"` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index c3cfd5a8b4..53a8a5a725 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -108,6 +108,12 @@ resource "google_container_cluster" "primary" { enable_components = var.monitoring_enabled_components managed_prometheus { enabled = var.monitoring_enable_managed_prometheus == null ? false : var.monitoring_enable_managed_prometheus + dynamic "auto_monitoring_config" { + for_each = var.monitoring_enable_managed_prometheus == true && var.monitoring_auto_monitoring_config_scope != null ? [1] : [] + content { + scope = var.monitoring_auto_monitoring_config_scope + } + } } advanced_datapath_observability_config { enable_metrics = var.monitoring_enable_observability_metrics diff --git a/modules/beta-private-cluster-update-variant/metadata.yaml b/modules/beta-private-cluster-update-variant/metadata.yaml index 8c82ac57ce..71bce9ce74 100644 --- a/modules/beta-private-cluster-update-variant/metadata.yaml +++ b/modules/beta-private-cluster-update-variant/metadata.yaml @@ -694,6 +694,10 @@ spec: - name: monitoring_enable_managed_prometheus description: Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. varType: bool + - name: monitoring_auto_monitoring_config_scope + description: "Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE" + varType: string + defaultValue: NONE - name: monitoring_enable_observability_metrics description: Whether or not the advanced datapath metrics are enabled. varType: bool diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 08a084d61b..4d62bf8510 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -930,6 +930,23 @@ variable "monitoring_enable_managed_prometheus" { default = null } +variable "monitoring_auto_monitoring_config_scope" { + default = "NONE" + description = "Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE" + type = string + + validation { + condition = contains( + [ + "ALL", + "NONE", + ], + var.monitoring_auto_monitoring_config_scope + ) + error_message = "'monitoring_auto_monitoring_config_scope' value is invalid" + } +} + variable "monitoring_enable_observability_metrics" { type = bool description = "Whether or not the advanced datapath metrics are enabled." diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 60003fadae..95e548e058 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -241,6 +241,7 @@ Then perform the following commands on the root folder: | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | | master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | +| monitoring\_auto\_monitoring\_config\_scope | Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE | `string` | `"NONE"` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 603d388abe..4a1e0dccec 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -108,6 +108,12 @@ resource "google_container_cluster" "primary" { enable_components = var.monitoring_enabled_components managed_prometheus { enabled = var.monitoring_enable_managed_prometheus == null ? false : var.monitoring_enable_managed_prometheus + dynamic "auto_monitoring_config" { + for_each = var.monitoring_enable_managed_prometheus == true && var.monitoring_auto_monitoring_config_scope != null ? [1] : [] + content { + scope = var.monitoring_auto_monitoring_config_scope + } + } } advanced_datapath_observability_config { enable_metrics = var.monitoring_enable_observability_metrics diff --git a/modules/beta-private-cluster/metadata.yaml b/modules/beta-private-cluster/metadata.yaml index 591f276aec..143a8c9dcc 100644 --- a/modules/beta-private-cluster/metadata.yaml +++ b/modules/beta-private-cluster/metadata.yaml @@ -694,6 +694,10 @@ spec: - name: monitoring_enable_managed_prometheus description: Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. varType: bool + - name: monitoring_auto_monitoring_config_scope + description: "Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE" + varType: string + defaultValue: NONE - name: monitoring_enable_observability_metrics description: Whether or not the advanced datapath metrics are enabled. varType: bool diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 08a084d61b..4d62bf8510 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -930,6 +930,23 @@ variable "monitoring_enable_managed_prometheus" { default = null } +variable "monitoring_auto_monitoring_config_scope" { + default = "NONE" + description = "Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE" + type = string + + validation { + condition = contains( + [ + "ALL", + "NONE", + ], + var.monitoring_auto_monitoring_config_scope + ) + error_message = "'monitoring_auto_monitoring_config_scope' value is invalid" + } +} + variable "monitoring_enable_observability_metrics" { type = bool description = "Whether or not the advanced datapath metrics are enabled." diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 91677a836b..2796fd4996 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -252,6 +252,7 @@ Then perform the following commands on the root folder: | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | +| monitoring\_auto\_monitoring\_config\_scope | Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE | `string` | `"NONE"` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index d521ca8ce1..d2fd62e971 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -108,6 +108,12 @@ resource "google_container_cluster" "primary" { enable_components = var.monitoring_enabled_components managed_prometheus { enabled = var.monitoring_enable_managed_prometheus == null ? false : var.monitoring_enable_managed_prometheus + dynamic "auto_monitoring_config" { + for_each = var.monitoring_enable_managed_prometheus == true && var.monitoring_auto_monitoring_config_scope != null ? [1] : [] + content { + scope = var.monitoring_auto_monitoring_config_scope + } + } } advanced_datapath_observability_config { enable_metrics = var.monitoring_enable_observability_metrics diff --git a/modules/beta-public-cluster-update-variant/metadata.yaml b/modules/beta-public-cluster-update-variant/metadata.yaml index f5743f3d92..e19175f09e 100644 --- a/modules/beta-public-cluster-update-variant/metadata.yaml +++ b/modules/beta-public-cluster-update-variant/metadata.yaml @@ -672,6 +672,10 @@ spec: - name: monitoring_enable_managed_prometheus description: Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. varType: bool + - name: monitoring_auto_monitoring_config_scope + description: "Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE" + varType: string + defaultValue: NONE - name: monitoring_enable_observability_metrics description: Whether or not the advanced datapath metrics are enabled. varType: bool diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 2534714c8a..e673d0ad87 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -894,6 +894,23 @@ variable "monitoring_enable_managed_prometheus" { default = null } +variable "monitoring_auto_monitoring_config_scope" { + default = "NONE" + description = "Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE" + type = string + + validation { + condition = contains( + [ + "ALL", + "NONE", + ], + var.monitoring_auto_monitoring_config_scope + ) + error_message = "'monitoring_auto_monitoring_config_scope' value is invalid" + } +} + variable "monitoring_enable_observability_metrics" { type = bool description = "Whether or not the advanced datapath metrics are enabled." diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 24960703fa..807b01f29b 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -230,6 +230,7 @@ Then perform the following commands on the root folder: | maintenance\_recurrence | Frequency of the recurring maintenance window in RFC5545 format. | `string` | `""` | no | | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | +| monitoring\_auto\_monitoring\_config\_scope | Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE | `string` | `"NONE"` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 0379a3f001..66b66209fe 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -108,6 +108,12 @@ resource "google_container_cluster" "primary" { enable_components = var.monitoring_enabled_components managed_prometheus { enabled = var.monitoring_enable_managed_prometheus == null ? false : var.monitoring_enable_managed_prometheus + dynamic "auto_monitoring_config" { + for_each = var.monitoring_enable_managed_prometheus == true && var.monitoring_auto_monitoring_config_scope != null ? [1] : [] + content { + scope = var.monitoring_auto_monitoring_config_scope + } + } } advanced_datapath_observability_config { enable_metrics = var.monitoring_enable_observability_metrics diff --git a/modules/beta-public-cluster/metadata.yaml b/modules/beta-public-cluster/metadata.yaml index cffe4e9035..32698f04d1 100644 --- a/modules/beta-public-cluster/metadata.yaml +++ b/modules/beta-public-cluster/metadata.yaml @@ -672,6 +672,10 @@ spec: - name: monitoring_enable_managed_prometheus description: Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. varType: bool + - name: monitoring_auto_monitoring_config_scope + description: "Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE" + varType: string + defaultValue: NONE - name: monitoring_enable_observability_metrics description: Whether or not the advanced datapath metrics are enabled. varType: bool diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 2534714c8a..e673d0ad87 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -894,6 +894,23 @@ variable "monitoring_enable_managed_prometheus" { default = null } +variable "monitoring_auto_monitoring_config_scope" { + default = "NONE" + description = "Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE" + type = string + + validation { + condition = contains( + [ + "ALL", + "NONE", + ], + var.monitoring_auto_monitoring_config_scope + ) + error_message = "'monitoring_auto_monitoring_config_scope' value is invalid" + } +} + variable "monitoring_enable_observability_metrics" { type = bool description = "Whether or not the advanced datapath metrics are enabled." diff --git a/modules/gke-autopilot-cluster/metadata.yaml b/modules/gke-autopilot-cluster/metadata.yaml index 3d87a852e5..ac3066ecfd 100644 --- a/modules/gke-autopilot-cluster/metadata.yaml +++ b/modules/gke-autopilot-cluster/metadata.yaml @@ -569,9 +569,9 @@ spec: roles: - level: Project roles: + - roles/iam.serviceAccountUser - roles/compute.admin - roles/container.admin - - roles/iam.serviceAccountUser services: - compute.googleapis.com - container.googleapis.com diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index e885df8d6f..458cfe50dd 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -252,6 +252,7 @@ Then perform the following commands on the root folder: | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | | master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | +| monitoring\_auto\_monitoring\_config\_scope | Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE | `string` | `"NONE"` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 14bff26bd5..bcf38cc32d 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -102,6 +102,12 @@ resource "google_container_cluster" "primary" { enable_components = var.monitoring_enabled_components managed_prometheus { enabled = var.monitoring_enable_managed_prometheus == null ? false : var.monitoring_enable_managed_prometheus + dynamic "auto_monitoring_config" { + for_each = var.monitoring_enable_managed_prometheus == true && var.monitoring_auto_monitoring_config_scope != null ? [1] : [] + content { + scope = var.monitoring_auto_monitoring_config_scope + } + } } advanced_datapath_observability_config { enable_metrics = var.monitoring_enable_observability_metrics diff --git a/modules/private-cluster-update-variant/metadata.yaml b/modules/private-cluster-update-variant/metadata.yaml index 506765246a..8c66d7dc6d 100644 --- a/modules/private-cluster-update-variant/metadata.yaml +++ b/modules/private-cluster-update-variant/metadata.yaml @@ -683,6 +683,10 @@ spec: - name: monitoring_enable_managed_prometheus description: Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. varType: bool + - name: monitoring_auto_monitoring_config_scope + description: "Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE" + varType: string + defaultValue: NONE - name: monitoring_enable_observability_metrics description: Whether or not the advanced datapath metrics are enabled. varType: bool diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index a340f25200..b22ad9fcc1 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -912,6 +912,23 @@ variable "monitoring_enable_managed_prometheus" { default = null } +variable "monitoring_auto_monitoring_config_scope" { + default = "NONE" + description = "Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE" + type = string + + validation { + condition = contains( + [ + "ALL", + "NONE", + ], + var.monitoring_auto_monitoring_config_scope + ) + error_message = "'monitoring_auto_monitoring_config_scope' value is invalid" + } +} + variable "monitoring_enable_observability_metrics" { type = bool description = "Whether or not the advanced datapath metrics are enabled." diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index c6709314c0..b13cb137b9 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -230,6 +230,7 @@ Then perform the following commands on the root folder: | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | | master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | +| monitoring\_auto\_monitoring\_config\_scope | Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE | `string` | `"NONE"` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index bfc3b1b0b5..64555e1d3f 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -102,6 +102,12 @@ resource "google_container_cluster" "primary" { enable_components = var.monitoring_enabled_components managed_prometheus { enabled = var.monitoring_enable_managed_prometheus == null ? false : var.monitoring_enable_managed_prometheus + dynamic "auto_monitoring_config" { + for_each = var.monitoring_enable_managed_prometheus == true && var.monitoring_auto_monitoring_config_scope != null ? [1] : [] + content { + scope = var.monitoring_auto_monitoring_config_scope + } + } } advanced_datapath_observability_config { enable_metrics = var.monitoring_enable_observability_metrics diff --git a/modules/private-cluster/metadata.yaml b/modules/private-cluster/metadata.yaml index 4da3e50c4e..3400e0183f 100644 --- a/modules/private-cluster/metadata.yaml +++ b/modules/private-cluster/metadata.yaml @@ -683,6 +683,10 @@ spec: - name: monitoring_enable_managed_prometheus description: Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. varType: bool + - name: monitoring_auto_monitoring_config_scope + description: "Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE" + varType: string + defaultValue: NONE - name: monitoring_enable_observability_metrics description: Whether or not the advanced datapath metrics are enabled. varType: bool diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index a340f25200..b22ad9fcc1 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -912,6 +912,23 @@ variable "monitoring_enable_managed_prometheus" { default = null } +variable "monitoring_auto_monitoring_config_scope" { + default = "NONE" + description = "Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE" + type = string + + validation { + condition = contains( + [ + "ALL", + "NONE", + ], + var.monitoring_auto_monitoring_config_scope + ) + error_message = "'monitoring_auto_monitoring_config_scope' value is invalid" + } +} + variable "monitoring_enable_observability_metrics" { type = bool description = "Whether or not the advanced datapath metrics are enabled." diff --git a/variables.tf b/variables.tf index 52f97c0146..5af9e886a5 100644 --- a/variables.tf +++ b/variables.tf @@ -876,6 +876,23 @@ variable "monitoring_enable_managed_prometheus" { default = null } +variable "monitoring_auto_monitoring_config_scope" { + default = "NONE" + description = "Whether or not to enable GKE Auto-Monitoring. Supported values include: ALL, NONE" + type = string + + validation { + condition = contains( + [ + "ALL", + "NONE", + ], + var.monitoring_auto_monitoring_config_scope + ) + error_message = "'monitoring_auto_monitoring_config_scope' value is invalid" + } +} + variable "monitoring_enable_observability_metrics" { type = bool description = "Whether or not the advanced datapath metrics are enabled."