From dff4378cdcb8765ab974cb4881efd4f8a537f605 Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Thu, 7 May 2026 18:02:38 +0200
Subject: [PATCH] add advanced_datapath_observability_config support (#3945)

Adds support for `advanced_datapath_observability_config` to the `gke-cluster-autopilot` module, matching the standard cluster module implementation.

Closes #3936

TAG=agy
CONV=9d4485ab-0fae-4f3d-a6e1-bbb6320d7c46
---
 modules/gke-cluster-autopilot/README.md       | 12 +++++-----
 modules/gke-cluster-autopilot/main.tf         | 15 ++++++++++++
 modules/gke-cluster-autopilot/variables.tf    |  4 ++++
 .../gke_cluster_autopilot/monitoring.tfvars   | 13 +++++++++++
 .../gke_cluster_autopilot/monitoring.yaml     | 23 +++++++++++++++++++
 .../modules/gke_cluster_autopilot/tftest.yaml |  1 +
 6 files changed, 62 insertions(+), 6 deletions(-)
 create mode 100644 tests/modules/gke_cluster_autopilot/monitoring.tfvars
 create mode 100644 tests/modules/gke_cluster_autopilot/monitoring.yaml

diff --git a/modules/gke-cluster-autopilot/README.md b/modules/gke-cluster-autopilot/README.md
index 2f7c9b6a9..ccab7841c 100644
--- a/modules/gke-cluster-autopilot/README.md
+++ b/modules/gke-cluster-autopilot/README.md
@@ -292,9 +292,9 @@ module "cluster-1" {
 | name | description | type | required | default |
 |---|---|:---:|:---:|:---:|
 | [location](variables.tf#L186) | Autopilot clusters are always regional. | <code>string</code> | ✓ |  |
-| [name](variables.tf#L265) | Cluster name. | <code>string</code> | ✓ |  |
-| [project_id](variables.tf#L298) | Cluster project ID. | <code>string</code> | ✓ |  |
-| [vpc_config](variables.tf#L314) | VPC-level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
+| [name](variables.tf#L269) | Cluster name. | <code>string</code> | ✓ |  |
+| [project_id](variables.tf#L302) | Cluster project ID. | <code>string</code> | ✓ |  |
+| [vpc_config](variables.tf#L318) | VPC-level configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
 | [access_config](variables.tf#L17) | Control plane endpoint and nodes access configurations. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [backup_configs](variables.tf#L49) | Configuration for Backup for GKE. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
 | [deletion_protection](variables.tf#L71) | Whether or not to allow Terraform to destroy the cluster. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail. | <code>bool</code> |  | <code>true</code> |
@@ -308,9 +308,9 @@ module "cluster-1" {
 | [maintenance_config](variables.tf#L202) | Maintenance window configuration. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#8230;&#125;</code> |
 | [min_master_version](variables.tf#L225) | Minimum version of the master, defaults to the version of the most recent official release. | <code>string</code> |  | <code>null</code> |
 | [monitoring_config](variables.tf#L231) | Monitoring configuration. System metrics collection cannot be disabled. Control plane metrics are optional. Kube state metrics are optional. Google Cloud Managed Service for Prometheus is enabled by default. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [node_config](variables.tf#L270) | Configuration for nodes and nodepools. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [node_locations](variables.tf#L291) | Zones in which the cluster's nodes are located. | <code>list&#40;string&#41;</code> |  | <code>&#91;&#93;</code> |
-| [release_channel](variables.tf#L303) | Release channel for GKE upgrades. Clusters created in the Autopilot mode must use a release channel. Choose between \"RAPID\", \"REGULAR\", and \"STABLE\". | <code>string</code> |  | <code>&#34;REGULAR&#34;</code> |
+| [node_config](variables.tf#L274) | Configuration for nodes and nodepools. | <code>object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [node_locations](variables.tf#L295) | Zones in which the cluster's nodes are located. | <code>list&#40;string&#41;</code> |  | <code>&#91;&#93;</code> |
+| [release_channel](variables.tf#L307) | Release channel for GKE upgrades. Clusters created in the Autopilot mode must use a release channel. Choose between \"RAPID\", \"REGULAR\", and \"STABLE\". | <code>string</code> |  | <code>&#34;REGULAR&#34;</code> |
 
 ## Outputs
 
diff --git a/modules/gke-cluster-autopilot/main.tf b/modules/gke-cluster-autopilot/main.tf
index a4baea076..98091dbad 100644
--- a/modules/gke-cluster-autopilot/main.tf
+++ b/modules/gke-cluster-autopilot/main.tf
@@ -270,6 +270,21 @@ resource "google_container_cluster" "cluster" {
     managed_prometheus {
       enabled = var.monitoring_config.enable_managed_prometheus
     }
+    dynamic "advanced_datapath_observability_config" {
+      for_each = (
+        var.monitoring_config.advanced_datapath_observability == null
+        ? []
+        : [""]
+      )
+      content {
+        enable_metrics = (
+          var.monitoring_config.advanced_datapath_observability.enable_metrics
+        )
+        enable_relay = (
+          var.monitoring_config.advanced_datapath_observability.enable_relay
+        )
+      }
+    }
   }
   dynamic "notification_config" {
     for_each = var.enable_features.upgrade_notifications != null ? [""] : []
diff --git a/modules/gke-cluster-autopilot/variables.tf b/modules/gke-cluster-autopilot/variables.tf
index 015d8eb71..8a11fefc5 100644
--- a/modules/gke-cluster-autopilot/variables.tf
+++ b/modules/gke-cluster-autopilot/variables.tf
@@ -245,6 +245,10 @@ variable "monitoring_config" {
     enable_cadvisor_metrics    = optional(bool, false)
     # Google Cloud Managed Service for Prometheus. Autopilot clusters version >= 1.25 must have this on.
     enable_managed_prometheus = optional(bool, true)
+    advanced_datapath_observability = optional(object({
+      enable_metrics = bool
+      enable_relay   = bool
+    }))
   })
   default  = {}
   nullable = false
diff --git a/tests/modules/gke_cluster_autopilot/monitoring.tfvars b/tests/modules/gke_cluster_autopilot/monitoring.tfvars
new file mode 100644
index 000000000..a18d28117
--- /dev/null
+++ b/tests/modules/gke_cluster_autopilot/monitoring.tfvars
@@ -0,0 +1,13 @@
+project_id = "my-project"
+location   = "europe-west1"
+name       = "cluster-1"
+vpc_config = {
+  network    = "default"
+  subnetwork = "default"
+}
+monitoring_config = {
+  advanced_datapath_observability = {
+    enable_metrics = true
+    enable_relay   = true
+  }
+}
diff --git a/tests/modules/gke_cluster_autopilot/monitoring.yaml b/tests/modules/gke_cluster_autopilot/monitoring.yaml
new file mode 100644
index 000000000..b865e776b
--- /dev/null
+++ b/tests/modules/gke_cluster_autopilot/monitoring.yaml
@@ -0,0 +1,23 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_container_cluster.cluster:
+    monitoring_config:
+    - advanced_datapath_observability_config:
+      - enable_metrics: true
+        enable_relay: true
+
+counts:
+  google_container_cluster: 1
diff --git a/tests/modules/gke_cluster_autopilot/tftest.yaml b/tests/modules/gke_cluster_autopilot/tftest.yaml
index 18fc6235e..461ba1c12 100644
--- a/tests/modules/gke_cluster_autopilot/tftest.yaml
+++ b/tests/modules/gke_cluster_autopilot/tftest.yaml
@@ -16,3 +16,4 @@ module: modules/gke-cluster-autopilot
 
 tests:
   network_tags:
+  monitoring: