diff --git a/fast/stages/3-gke-dev/README.md b/fast/stages/3-gke-dev/README.md
index 08f2db7da..7d45e1a4f 100644
--- a/fast/stages/3-gke-dev/README.md
+++ b/fast/stages/3-gke-dev/README.md
@@ -238,10 +238,10 @@ Clusters can then be configured for fleet registration and one of the config man
| [host_project_ids](variables-fast.tf#L43) | Shared VPC host project name => id mappings. | map(string) | | {} | 2-networking |
| [iam](variables.tf#L105) | Project-level authoritative IAM bindings for users and service accounts in {ROLE => [MEMBERS]} format. | map(list(string)) | | {} | |
| [iam_by_principals](variables.tf#L112) | Authoritative IAM binding in {PRINCIPAL => [ROLES]} format. Principals need to be statically defined to avoid cycle errors. Merged internally with the `iam` variable. | map(list(string)) | | {} | |
-| [nodepools](variables.tf#L119) | Nodepools configuration. Refer to the gke-nodepool module for type details. | map(map(object({…}))) | | {} | |
-| [stage_config](variables.tf#L152) | FAST stage configuration used to find resource ids. Must match name defined for the stage in resource management. | object({…}) | | {…} | |
+| [nodepools](variables.tf#L119) | Nodepools configuration. Refer to the gke-nodepool module for type details. | map(map(object({…}))) | | {} | |
+| [stage_config](variables.tf#L168) | FAST stage configuration used to find resource ids. Must match name defined for the stage in resource management. | object({…}) | | {…} | |
| [subnet_self_links](variables-fast.tf#L61) | Subnet VPC name => { name => self link } mappings. | map(map(string)) | | {} | 2-networking |
-| [vpc_config](variables.tf#L164) | VPC-level configuration for project and clusters. | object({…}) | | {…} | |
+| [vpc_config](variables.tf#L180) | VPC-level configuration for project and clusters. | object({…}) | | {…} | |
| [vpc_self_links](variables-fast.tf#L69) | Shared VPC name => self link mappings. | map(string) | | {} | 2-networking |
## Outputs
diff --git a/fast/stages/3-gke-dev/gke-clusters.tf b/fast/stages/3-gke-dev/gke-clusters.tf
index b23368f61..22e44e902 100644
--- a/fast/stages/3-gke-dev/gke-clusters.tf
+++ b/fast/stages/3-gke-dev/gke-clusters.tf
@@ -85,7 +85,7 @@ module "gke-nodepool" {
node_count = each.value.node_count
node_locations = each.value.node_locations
nodepool_config = each.value.nodepool_config
- pod_range = each.value.pod_range
+ network_config = each.value.network_config
reservation_affinity = each.value.reservation_affinity
service_account = (
each.value.service_account == null
diff --git a/fast/stages/3-gke-dev/variables.tf b/fast/stages/3-gke-dev/variables.tf
index ea24944d2..07a1608ee 100644
--- a/fast/stages/3-gke-dev/variables.tf
+++ b/fast/stages/3-gke-dev/variables.tf
@@ -133,9 +133,25 @@ variable "nodepools" {
node_count = optional(map(number), {
initial = 1
})
- node_locations = optional(list(string))
- nodepool_config = optional(any)
- pod_range = optional(any)
+ node_locations = optional(list(string))
+ nodepool_config = optional(any)
+ network_config = optional(object({
+ enable_private_nodes = optional(bool, true)
+ pod_range = optional(object({
+ cidr = optional(string)
+ create = optional(bool, false)
+ name = optional(string)
+ }), {})
+ additional_node_network_configs = optional(list(object({
+ network = string
+ subnetwork = string
+ })), [])
+ additional_pod_network_config = optional(list(object({
+ subnetwork = string
+ secondary_pod_range = string
+ max_pods_per_node = string
+ })), [])
+ }))
reservation_affinity = optional(any)
service_account = optional(any)
sole_tenant_nodegroup = optional(string)
diff --git a/modules/gke-nodepool/README.md b/modules/gke-nodepool/README.md
index 7a3f60251..7e549fb7d 100644
--- a/modules/gke-nodepool/README.md
+++ b/modules/gke-nodepool/README.md
@@ -191,23 +191,23 @@ module "cluster-1-nodepool-dws" {
|---|---|:---:|:---:|:---:|
| [cluster_name](variables.tf#L23) | Cluster name. | string | ✓ | |
| [location](variables.tf#L48) | Cluster location. | string | ✓ | |
-| [project_id](variables.tf#L188) | Cluster project id. | string | ✓ | |
+| [project_id](variables.tf#L199) | Cluster project id. | string | ✓ | |
| [cluster_id](variables.tf#L17) | Cluster id. Optional, but providing cluster_id is recommended to prevent cluster misconfiguration in some of the edge cases. | string | | null |
| [gke_version](variables.tf#L28) | Kubernetes nodes version. Ignored if auto_upgrade is set in management_config. | string | | null |
| [k8s_labels](variables.tf#L34) | Kubernetes labels applied to each node. | map(string) | | {} |
| [labels](variables.tf#L41) | The resource labels to be applied each node (vm). | map(string) | | {} |
| [max_pods_per_node](variables.tf#L53) | Maximum number of pods per node. | number | | null |
| [name](variables.tf#L59) | Optional nodepool name. | string | | null |
-| [node_config](variables.tf#L65) | Node-level configuration. | object({…}) | | {} |
-| [node_count](variables.tf#L130) | Number of nodes per instance group. Initial value can only be changed by recreation, current is ignored when autoscaling is used. | object({…}) | | {…} |
-| [node_locations](variables.tf#L142) | Node locations. | list(string) | | null |
-| [nodepool_config](variables.tf#L148) | Nodepool-level configuration. | object({…}) | | null |
-| [pod_range](variables.tf#L175) | Pod secondary range configuration. | object({…}) | | null |
-| [reservation_affinity](variables.tf#L193) | Configuration of the desired reservation which instances could take capacity from. | object({…}) | | null |
-| [service_account](variables.tf#L203) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | object({…}) | | {} |
-| [sole_tenant_nodegroup](variables.tf#L215) | Sole tenant node group. | string | | null |
-| [tags](variables.tf#L221) | Network tags applied to nodes. | list(string) | | null |
-| [taints](variables.tf#L227) | Kubernetes taints applied to all nodes. | map(object({…})) | | {} |
+| [network_config](variables.tf#L65) | Network configuration. | object({…}) | | null |
+| [node_config](variables.tf#L89) | Node-level configuration. | object({…}) | | {} |
+| [node_count](variables.tf#L154) | Number of nodes per instance group. Initial value can only be changed by recreation, current is ignored when autoscaling is used. | object({…}) | | {…} |
+| [node_locations](variables.tf#L166) | Node locations. | list(string) | | null |
+| [nodepool_config](variables.tf#L172) | Nodepool-level configuration. | object({…}) | | null |
+| [reservation_affinity](variables.tf#L204) | Configuration of the desired reservation which instances could take capacity from. | object({…}) | | null |
+| [service_account](variables.tf#L214) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | object({…}) | | {} |
+| [sole_tenant_nodegroup](variables.tf#L226) | Sole tenant node group. | string | | null |
+| [tags](variables.tf#L232) | Network tags applied to nodes. | list(string) | | null |
+| [taints](variables.tf#L238) | Kubernetes taints applied to all nodes. | map(object({…})) | | {} |
## Outputs
diff --git a/modules/gke-nodepool/main.tf b/modules/gke-nodepool/main.tf
index 4e2b00ca1..b0d567071 100644
--- a/modules/gke-nodepool/main.tf
+++ b/modules/gke-nodepool/main.tf
@@ -116,12 +116,39 @@ resource "google_container_node_pool" "nodepool" {
}
dynamic "network_config" {
- for_each = var.pod_range != null ? [""] : []
+ for_each = var.network_config != null ? [""] : []
content {
- create_pod_range = var.pod_range.secondary_pod_range.create
- enable_private_nodes = var.pod_range.secondary_pod_range.enable_private_nodes
- pod_ipv4_cidr_block = var.pod_range.secondary_pod_range.cidr
- pod_range = var.pod_range.secondary_pod_range.name
+ create_pod_range = var.network_config.pod_range.create
+ enable_private_nodes = var.network_config.enable_private_nodes
+ pod_ipv4_cidr_block = var.network_config.pod_range.cidr
+ pod_range = var.network_config.pod_range.name
+ dynamic "additional_node_network_configs" {
+ for_each = try(var.network_config.additional_node_network_configs, [])
+ content {
+ network = additional_node_network_configs.value.network
+ subnetwork = additional_node_network_configs.value.subnetwork
+ }
+ }
+ dynamic "additional_pod_network_configs" {
+ for_each = try(var.network_config.additional_pod_network_configs, [])
+ content {
+ subnetwork = additional_pod_network_configs.value.network
+ secondary_pod_range = additional_pod_network_configs.value.secondary_pod_range
+ max_pods_per_node = additional_pod_network_configs.value.max_pods_per_node
+ }
+ }
+ dynamic "network_performance_config" {
+ for_each = try(var.network_config.total_egress_bandwidth_tier, null) != null ? [""] : []
+ content {
+ total_egress_bandwidth_tier = var.network_config.total_egress_bandwidth_tier
+ }
+ }
+ dynamic "pod_cidr_overprovision_config" {
+ for_each = var.network_config.pod_cidr_overprovisioning_disabled ? [""] : []
+ content {
+ disabled = true
+ }
+ }
}
}
diff --git a/modules/gke-nodepool/variables.tf b/modules/gke-nodepool/variables.tf
index bf0f69c21..20044ba7b 100644
--- a/modules/gke-nodepool/variables.tf
+++ b/modules/gke-nodepool/variables.tf
@@ -62,6 +62,30 @@ variable "name" {
default = null
}
+variable "network_config" {
+ description = "Network configuration."
+ type = object({
+ enable_private_nodes = optional(bool)
+ pod_range = optional(object({
+ cidr = optional(string)
+ create = optional(bool, false)
+ name = optional(string)
+ }), {})
+ additional_node_network_configs = optional(list(object({
+ network = string
+ subnetwork = string
+ })), [])
+ additional_pod_network_config = optional(list(object({
+ subnetwork = string
+ secondary_pod_range = string
+ max_pods_per_node = string
+ })), [])
+ total_egress_bandwidth_tier = optional(string)
+ pod_cidr_overprovisioning_disabled = optional(bool, false)
+ })
+ default = null
+}
+
variable "node_config" {
description = "Node-level configuration."
type = object({
@@ -172,19 +196,6 @@ variable "nodepool_config" {
default = null
}
-variable "pod_range" {
- description = "Pod secondary range configuration."
- type = object({
- secondary_pod_range = object({
- name = string
- cidr = optional(string)
- create = optional(bool)
- enable_private_nodes = optional(bool)
- })
- })
- default = null
-}
-
variable "project_id" {
description = "Cluster project id."
type = string