diff --git a/modules/gke-autopilot-cluster/README.md b/modules/gke-autopilot-cluster/README.md
index 04d9a8add9..e6c5e4fef6 100644
--- a/modules/gke-autopilot-cluster/README.md
+++ b/modules/gke-autopilot-cluster/README.md
@@ -41,7 +41,7 @@ For a module with a complete configuration of a Google Cloud Platform Kubernetes
| logging\_config | The GKE components exposing logs. Supported values include: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, SCHEDULER, and WORKLOADS. | object({
enable_components = optional(list(string))
}) | `null` | no |
| maintenance\_policy | The maintenance policy to use for the cluster. | object({
daily_maintenance_window = optional(object({
start_time = optional(string)
}))
recurring_window = optional(object({
start_time = optional(string)
end_time = optional(string)
recurrence = optional(string)
}))
maintenance_exclusion = optional(list(object({
exclusion_name = optional(string)
start_time = optional(string)
end_time = optional(string)
exclusion_options = optional(object({
scope = optional(string)
}))
})))
}) | {
"daily_maintenance_window": {
"start_time": "05:00"
}
} | no |
| master\_auth | The authentication information for accessing the Kubernetes master. | object({
client_certificate_config = optional(object({
issue_client_certificate = optional(bool)
}))
}) | `null` | no |
-| master\_authorized\_networks\_config | The desired configuration options for master authorized networks. | object({
cidr_blocks = list(object({
display_name = string
cidr_block = string
}))
gcp_public_cidrs_access_enabled = optional(bool)
private_endpoint_enforcement_enabled = optional(bool)
}) | n/a | yes |
+| master\_authorized\_networks\_config | The desired configuration options for master authorized networks. Cidr Block must follow [Cidr notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation) | object({
cidr_blocks = list(object({
display_name = string
cidr_block = string
}))
gcp_public_cidrs_access_enabled = optional(bool)
private_endpoint_enforcement_enabled = optional(bool)
}) | n/a | yes |
| mesh\_certificates | Configuration for the provisioning of managed mesh certificates. | object({
enable_certificates = optional(bool)
}) | `null` | no |
| min\_master\_version | The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the master version--use the read-only master\_version field to obtain a current version. If unset, the server's default version will be used. | `string` | `null` | no |
| monitoring\_config | (Optional) The GKE components exposing metrics. Supported values include: SYSTEM\_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER\_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR, DCGM and JOBSET. | object({
enable_components = optional(list(string))
}) | `null` | no |
diff --git a/modules/gke-autopilot-cluster/metadata.display.yaml b/modules/gke-autopilot-cluster/metadata.display.yaml
index bd77ab5c53..3fbb3a151f 100644
--- a/modules/gke-autopilot-cluster/metadata.display.yaml
+++ b/modules/gke-autopilot-cluster/metadata.display.yaml
@@ -256,6 +256,16 @@ spec:
master_authorized_networks_config:
name: master_authorized_networks_config
title: Master Authorized Networks Config
+ properties:
+ cidr_blocks:
+ name: cidr_blocks
+ title: Cidr Blocks
+ properties:
+ cidr_block:
+ name: cidr_block
+ title: Cidr Block
+ regexValidation: ^((((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/(3[0-2]|[12]?[0-9]))|((((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\/(12[0-8]|1[01][0-9]|[1-9]?[0-9]))))$
+ validation: Enter the valid CIDR notation.
mesh_certificates:
name: mesh_certificates
title: Mesh Certificates
@@ -306,6 +316,11 @@ spec:
network:
name: network
title: Network
+ regexValidation: ^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$
+ validation: Network name must start with a lowercase letter followed by up to 62 lowercase letters, numbers, or hyphens and cannot end with a hyphen.
+ altDefaults:
+ - type: ALTERNATE_TYPE_DC
+ value: default
node_locations:
name: node_locations
title: Node Locations
@@ -456,6 +471,11 @@ spec:
subnetwork:
name: subnetwork
title: Subnetwork
+ regexValidation: ^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$
+ validation: Subnetwork name must start with a lowercase letter followed by up to 62 lowercase letters, numbers, or hyphens and cannot end with a hyphen.
+ altDefaults:
+ - type: ALTERNATE_TYPE_DC
+ value: default
timeouts:
name: timeouts
title: Timeouts
@@ -468,6 +488,12 @@ spec:
workload_identity_config:
name: workload_identity_config
title: Workload Identity Config
+ properties:
+ workload_pool:
+ name: workload_pool
+ title: Workload Pool
+ regexValidation: ^[a-z]([-a-z0-9]{4,28}[a-z0-9])\.svc\.id\.goog$
+ validation: Workload pool must be in the format .svc.id.goog. project_id must be between 6 and 30 characters can have lowercase letters, digits, or hyphens. It must start with a lowercase letter and end with a letter or number.
runtime:
outputs:
cluster_id:
diff --git a/modules/gke-autopilot-cluster/metadata.yaml b/modules/gke-autopilot-cluster/metadata.yaml
index b3a23b768d..854b70204c 100644
--- a/modules/gke-autopilot-cluster/metadata.yaml
+++ b/modules/gke-autopilot-cluster/metadata.yaml
@@ -274,7 +274,7 @@ spec:
}))
})
- name: master_authorized_networks_config
- description: The desired configuration options for master authorized networks.
+ description: The desired configuration options for master authorized networks. Cidr Block must follow [Cidr notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation)
varType: |-
object({
cidr_blocks = list(object({
@@ -571,9 +571,9 @@ spec:
roles:
- level: Project
roles:
- - roles/iam.serviceAccountUser
- roles/compute.admin
- roles/container.admin
+ - roles/iam.serviceAccountUser
services:
- compute.googleapis.com
- container.googleapis.com
diff --git a/modules/gke-autopilot-cluster/variables.tf b/modules/gke-autopilot-cluster/variables.tf
index f6ba5fd308..23b37783fe 100644
--- a/modules/gke-autopilot-cluster/variables.tf
+++ b/modules/gke-autopilot-cluster/variables.tf
@@ -201,7 +201,7 @@ variable "master_auth" {
}
variable "master_authorized_networks_config" {
- description = "The desired configuration options for master authorized networks."
+ description = "The desired configuration options for master authorized networks. Cidr Block must follow [Cidr notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation)"
type = object({
cidr_blocks = list(object({
display_name = string
diff --git a/modules/gke-node-pool/metadata.display.yaml b/modules/gke-node-pool/metadata.display.yaml
index 47d131ccdb..59c891c4e5 100644
--- a/modules/gke-node-pool/metadata.display.yaml
+++ b/modules/gke-node-pool/metadata.display.yaml
@@ -63,6 +63,8 @@ spec:
name: name
title: Name
level: 1
+ regexValidation: ^[a-z]([a-z0-9-]{0,38}[a-z0-9])?$
+ validation: Node pool name must start with a lowercase letter followed by up to 39 lowercase letters, numbers, or hyphens and cannot end with a hyphen.
name_prefix:
name: name_prefix
title: Name Prefix
diff --git a/modules/gke-standard-cluster/README.md b/modules/gke-standard-cluster/README.md
index 631d832074..0fd3ddc2b5 100644
--- a/modules/gke-standard-cluster/README.md
+++ b/modules/gke-standard-cluster/README.md
@@ -48,7 +48,7 @@ For a module with a complete configuration of a Google Cloud Platform Kubernetes
| logging\_service | The logging service that the cluster should write logs to. Available options include `logging.googleapis.com`, `logging.googleapis.com/kubernetes`, and `none`. | `string` | `null` | no |
| maintenance\_policy | The maintenance policy to use for the cluster. | object({
daily_maintenance_window = optional(object({
start_time = optional(string)
}))
recurring_window = optional(object({
start_time = optional(string)
end_time = optional(string)
recurrence = optional(string)
}))
maintenance_exclusion = optional(list(object({
exclusion_name = optional(string)
start_time = optional(string)
end_time = optional(string)
exclusion_options = optional(object({
scope = optional(string)
}))
})))
}) | `null` | no |
| master\_auth | The authentication information for accessing the Kubernetes master. | object({
client_certificate_config = optional(object({
issue_client_certificate = optional(bool)
}))
}) | `null` | no |
-| master\_authorized\_networks\_config | The desired configuration options for master authorized networks. | object({
cidr_blocks = list(object({
display_name = string
cidr_block = string
}))
gcp_public_cidrs_access_enabled = optional(bool)
private_endpoint_enforcement_enabled = optional(bool)
}) | n/a | yes |
+| master\_authorized\_networks\_config | The desired configuration options for master authorized networks. Cidr Block must follow [Cidr notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation) | object({
cidr_blocks = list(object({
display_name = string
cidr_block = string
}))
gcp_public_cidrs_access_enabled = optional(bool)
private_endpoint_enforcement_enabled = optional(bool)
}) | n/a | yes |
| mesh\_certificates | Configuration for the provisioning of managed mesh certificates. | object({
enable_certificates = optional(bool)
}) | `null` | no |
| min\_master\_version | The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the master version--use the read-only master\_version field to obtain a current version. If unset, the server's default version will be used. | `string` | `null` | no |
| monitoring\_config | Monitoring configuration for the cluster. | object({
enable_components = optional(list(string))
}) | `null` | no |
diff --git a/modules/gke-standard-cluster/metadata.display.yaml b/modules/gke-standard-cluster/metadata.display.yaml
index 434f835373..e03d583907 100644
--- a/modules/gke-standard-cluster/metadata.display.yaml
+++ b/modules/gke-standard-cluster/metadata.display.yaml
@@ -375,6 +375,16 @@ spec:
master_authorized_networks_config:
name: master_authorized_networks_config
title: Master Authorized Networks Config
+ properties:
+ cidr_blocks:
+ name: cidr_blocks
+ title: Cidr Blocks
+ properties:
+ cidr_block:
+ name: cidr_block
+ title: Cidr Block
+ regexValidation: ^((((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/(3[0-2]|[12]?[0-9]))|((((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\/(12[0-8]|1[01][0-9]|[1-9]?[0-9]))))$
+ validation: Enter the valid CIDR notation.
mesh_certificates:
name: mesh_certificates
title: Mesh Certificates
@@ -406,6 +416,11 @@ spec:
network:
name: network
title: Network
+ regexValidation: ^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$
+ validation: Network name must start with a lowercase letter followed by up to 62 lowercase letters, numbers, or hyphens and cannot end with a hyphen.
+ altDefaults:
+ - type: ALTERNATE_TYPE_DC
+ value: default
network_policy:
name: network_policy
title: Network Policy
@@ -977,6 +992,11 @@ spec:
subnetwork:
name: subnetwork
title: Subnetwork
+ regexValidation: ^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$
+ validation: Subnetwork name must start with a lowercase letter followed by up to 62 lowercase letters, numbers, or hyphens and cannot end with a hyphen.
+ altDefaults:
+ - type: ALTERNATE_TYPE_DC
+ value: default
timeouts:
name: timeouts
title: Timeouts
@@ -989,6 +1009,12 @@ spec:
workload_identity_config:
name: workload_identity_config
title: Workload Identity Config
+ properties:
+ workload_pool:
+ name: workload_pool
+ title: Workload Pool
+ regexValidation: ^[a-z]([-a-z0-9]{4,28}[a-z0-9])\.svc\.id\.goog$
+ validation: Workload pool must be in the format .svc.id.goog. project_id must be between 6 and 30 characters can have lowercase letters, digits, or hyphens. It must start with a lowercase letter and end with a letter or number.
runtime:
outputs:
cluster_id:
diff --git a/modules/gke-standard-cluster/metadata.yaml b/modules/gke-standard-cluster/metadata.yaml
index dc36d37466..874e219eb5 100644
--- a/modules/gke-standard-cluster/metadata.yaml
+++ b/modules/gke-standard-cluster/metadata.yaml
@@ -359,7 +359,7 @@ spec:
}))
})
- name: master_authorized_networks_config
- description: The desired configuration options for master authorized networks.
+ description: The desired configuration options for master authorized networks. Cidr Block must follow [Cidr notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation)
varType: |-
object({
cidr_blocks = list(object({
@@ -1013,9 +1013,9 @@ spec:
roles:
- level: Project
roles:
- - roles/iam.serviceAccountUser
- roles/compute.admin
- roles/container.admin
+ - roles/iam.serviceAccountUser
services:
- compute.googleapis.com
- container.googleapis.com
diff --git a/modules/gke-standard-cluster/variables.tf b/modules/gke-standard-cluster/variables.tf
index f962aae8a7..d6854e7f8f 100644
--- a/modules/gke-standard-cluster/variables.tf
+++ b/modules/gke-standard-cluster/variables.tf
@@ -309,7 +309,7 @@ variable "master_auth" {
}
variable "master_authorized_networks_config" {
- description = "The desired configuration options for master authorized networks."
+ description = "The desired configuration options for master authorized networks. Cidr Block must follow [Cidr notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation)"
type = object({
cidr_blocks = list(object({
display_name = string