added check for optional fields

added optional field lookup and resource usage export config

changed to dataset_id

revert examples

fixed bug where resource_usage_export_dataset_id was being set even if empty string

check for null

Author: richardmcsong

autogen/cluster.tf

@@ -66,7 +66,15 @@ resource "google_container_cluster" "primary" {
       enabled = pod_security_policy_config.value.enabled
     }
   }
-
+  dynamic "resource_usage_export_config" {
+    for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : []
+    content {
+      enable_network_egress_metering = true
+      bigquery_destination {
+        dataset_id = resource_usage_export_dataset_id.value
+      }
+    }
+  }
 {% endif %}
   dynamic "master_authorized_networks_config" {
     for_each = var.master_authorized_networks_config

autogen/main.tf

@@ -102,10 +102,10 @@ locals {
 
 {% if beta_cluster %}
   # BETA features
-  cluster_output_istio_enabled                    = google_container_cluster.primary.addons_config.0.istio_config.0.disabled
-  cluster_output_pod_security_policy_enabled      = google_container_cluster.primary.pod_security_policy_config.0.enabled
+  cluster_output_istio_enabled                    = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true"
+  cluster_output_pod_security_policy_enabled      = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false"
   cluster_output_intranode_visbility_enabled      = google_container_cluster.primary.enable_intranode_visibility
-  cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled
+  cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false"
 
   # /BETA features
   {% endif %}

autogen/variables.tf

@@ -366,6 +366,11 @@ variable "pod_security_policy_config" {
   }]
 }
 
+variable "resource_usage_export_dataset_id" {
+  description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic."
+  default     = ""
+}
+
 variable "node_metadata" {
   description = "Specifies how node metadata is exposed to the workload running on the node"
   default     = "UNSPECIFIED"

modules/beta-private-cluster/README.md

@@ -191,6 +191,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | region | The region to host the cluster in (required) | string | n/a | yes |
 | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool | `"true"` | no |
 | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no |
+| resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no |
 | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no |
 | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `<map>` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes |

modules/beta-private-cluster/cluster.tf

@@ -61,7 +61,15 @@ resource "google_container_cluster" "primary" {
       enabled = pod_security_policy_config.value.enabled
     }
   }
-
+  dynamic "resource_usage_export_config" {
+    for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : []
+    content {
+      enable_network_egress_metering = true
+      bigquery_destination {
+        dataset_id = resource_usage_export_dataset_id.value
+      }
+    }
+  }
   dynamic "master_authorized_networks_config" {
     for_each = var.master_authorized_networks_config
     content {

modules/beta-private-cluster/main.tf

@@ -91,10 +91,10 @@ locals {
   cluster_output_kubernetes_dashboard_enabled       = google_container_cluster.primary.addons_config.0.kubernetes_dashboard.0.disabled
 
   # BETA features
-  cluster_output_istio_enabled                    = google_container_cluster.primary.addons_config.0.istio_config.0.disabled
-  cluster_output_pod_security_policy_enabled      = google_container_cluster.primary.pod_security_policy_config.0.enabled
+  cluster_output_istio_enabled                    = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true"
+  cluster_output_pod_security_policy_enabled      = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false"
   cluster_output_intranode_visbility_enabled      = google_container_cluster.primary.enable_intranode_visibility
-  cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled
+  cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false"
 
   # /BETA features
 

modules/beta-private-cluster/variables.tf

@@ -363,6 +363,11 @@ variable "pod_security_policy_config" {
   }]
 }
 
+variable "resource_usage_export_dataset_id" {
+  description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic."
+  default     = ""
+}
+
 variable "node_metadata" {
   description = "Specifies how node metadata is exposed to the workload running on the node"
   default     = "UNSPECIFIED"

modules/beta-public-cluster/README.md

@@ -182,6 +182,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | region | The region to host the cluster in (required) | string | n/a | yes |
 | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool | `"true"` | no |
 | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no |
+| resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no |
 | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no |
 | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `<map>` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes |

modules/beta-public-cluster/cluster.tf

@@ -61,7 +61,15 @@ resource "google_container_cluster" "primary" {
       enabled = pod_security_policy_config.value.enabled
     }
   }
-
+  dynamic "resource_usage_export_config" {
+    for_each = var.resource_usage_export_dataset_id != "" ? [var.resource_usage_export_dataset_id] : []
+    content {
+      enable_network_egress_metering = true
+      bigquery_destination {
+        dataset_id = resource_usage_export_dataset_id.value
+      }
+    }
+  }
   dynamic "master_authorized_networks_config" {
     for_each = var.master_authorized_networks_config
     content {

modules/beta-public-cluster/main.tf

@@ -91,10 +91,10 @@ locals {
   cluster_output_kubernetes_dashboard_enabled       = google_container_cluster.primary.addons_config.0.kubernetes_dashboard.0.disabled
 
   # BETA features
-  cluster_output_istio_enabled                    = google_container_cluster.primary.addons_config.0.istio_config.0.disabled
-  cluster_output_pod_security_policy_enabled      = google_container_cluster.primary.pod_security_policy_config.0.enabled
+  cluster_output_istio_enabled                    = google_container_cluster.primary.addons_config.0.istio_config != null ? google_container_cluster.primary.addons_config.0.istio_config.0.disabled : "true"
+  cluster_output_pod_security_policy_enabled      = google_container_cluster.primary.pod_security_policy_config != null ? google_container_cluster.primary.pod_security_policy_config.0.enabled : "false"
   cluster_output_intranode_visbility_enabled      = google_container_cluster.primary.enable_intranode_visibility
-  cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling.0.enabled
+  cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null ? google_container_cluster.primary.vertical_pod_autoscaling.0.enabled : "false"
 
   # /BETA features
 

modules/beta-public-cluster/variables.tf

@@ -339,6 +339,11 @@ variable "pod_security_policy_config" {
   }]
 }
 
+variable "resource_usage_export_dataset_id" {
+  description = "The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic."
+  default     = ""
+}
+
 variable "node_metadata" {
   description = "Specifies how node metadata is exposed to the workload running on the node"
   default     = "UNSPECIFIED"