search

terraform-google-modules / terraform-google-kubernetes-engine

Configures opinionated GKE clusters
https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google
Apache License 2.0
1.13k stars 1.15k forks source link

Can't disable managed promethues and all logging and monitoring #1945

Closed nightwatch92 closed 1 month ago

nightwatch92 commented 3 months ago

TL;DR

can't disable managed Prometheus, logging and monitoring on by running terraform once

Expected behavior

By setting the logging_service and monitoring to "none" it is expected that Cloud Monitoring, Cloud logging and managed Prometheus are disabled.

Observed behavior

Logging and Monitoring are disabled, but the managed Prometheus is enabled. In order to disable everything I have to apply my terraform first with the following values: monitoring_service = "none" logging_service = "none" This will disable Cloud Monitoring and Logging. After that I have to set cluster_telemetry_type = "DISABLED" in order the dynamic block "monitoring_config" to be executed and the value of monitoring_enable_managed_prometheus = false to be applied

I've tried different combinations: monitoring_service = null logging_service = null cluster_telemetry_type = "DISABLED"

Creates the cluster, but with logging and monitoring enabled.

monitoring_service = "none" logging_service = "none" cluster_telemetry_type = "DISABLED" returns API ERROR:

google_container_cluster.primary: Creating... ╷ │ Error: googleapi: Error 400: Cannot specify logging_config or monitoring_config together with cluster_telemetry. │ Details: │ [ │ { │ "@type": "type.googleapis.com/google.rpc.RequestInfo", │ "requestId": "0x569e9161f61ca356" │ } │ ] │ , badRequest │ │ with google_container_cluster.primary, │ on cluster.tf line 22, in resource "google_container_cluster" "primary": │ 22: resource "google_container_cluster" "primary" { │

Terraform Configuration

deletion_protection             = false
  project_id                      = "${local.env_vars.locals.project_name[local.env]}"
  initial_node_count              = 0
  kubernetes_version              = "1.29.1-gke.1589018"
  name                            = local.cluster_name
  region                          = "${local.region}"
  regional                        = true
  network                         = dependency.gke_network.outputs.network
  subnetwork                      = dependency.gke_network.outputs.subnet
  service_account                 = "gke-minimum@${local.env_vars.locals.project_name[local.env]}.iam.gserviceaccount.com"
  datapath_provider               = "ADVANCED_DATAPATH"
  ip_range_pods                   = dependency.gke_network.outputs.secondary_pod_ranges
  ip_range_services               = dependency.gke_network.outputs.secondary_service_ranges
  enable_intranode_visibility     = true
  remove_default_node_pool        = true
  release_channel                 = "REGULAR"
  enable_private_nodes            = true
  enable_vertical_pod_autoscaling = true
  enable_gcfs                     = true

  security_posture_mode               = "BASIC"
  security_posture_vulnerability_mode = "VULNERABILITY_BASIC"

  enable_private_endpoint = false
  identity_namespace      = "enabled"

  node_pools_oauth_scopes = {
    all = [
      "https://www.googleapis.com/auth/devstorage.read_only",
      "https://www.googleapis.com/auth/ndev.clouddns.readwrite",
      "https://www.googleapis.com/auth/service.management.readonly",
      "https://www.googleapis.com/auth/logging.write",
      "https://www.googleapis.com/auth/monitoring",
      "https://www.googleapis.com/auth/servicecontrol",
      "https://www.googleapis.com/auth/trace.append",
      "https://www.googleapis.com/auth/cloud-platform",
    ]
  }

  filestore_csi_driver      = false
  default_max_pods_per_node = 110

  cluster_dns_provider = "CLOUD_DNS"
  cluster_dns_scope    = "VPC_SCOPE"
  cluster_dns_domain   = "aa"
  gce_pd_csi_driver    = true
  gcs_fuse_csi_driver  = true
  # Disable cluster telemetry
  # Monitoring Config
  #monitoring_enabled_components           = []
  #logging_enabled_components              = []
  #monitoring_enable_observability_metrics = false
  #monitoring_enable_observability_metrics
  # "DISABLED", "INTERNAL_VPC_LB", "EXTERNAL_LB"
  logging_service                             = "none"
  monitoring_service                             = "none"
  cluster_telemetry_type = "DISABLED"
  monitoring_enable_managed_prometheus    = false
  dns_cache                                   = true

  master_authorized_networks = [

  ]

  node_pools_tags = {
    "pool-1" : ["unmanned"]
  }

  master_ipv4_cidr_block      = "172.17.0.0/28"
  workload_vulnerability_mode = "BASIC"
  workload_config_audit_mode  = "BASIC"

  config_connector       = true
  create_service_account = false
  configure_ip_masq      = false

Terraform Version

Terraform v1.7.4
on linux_amd64
+ provider registry.terraform.io/hashicorp/google v5.22.0
+ provider registry.terraform.io/hashicorp/google-beta v5.22.0
+ provider registry.terraform.io/hashicorp/kubernetes v2.27.0
+ provider registry.terraform.io/hashicorp/random v3.6.0

Additional information

No response

github-actions[bot] commented 1 month ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days