feat: add additional_tags support for standardized resource labeling

main.tf

@@ -32,6 +32,7 @@ resource "google_kms_crypto_key" "gke_encryption_key" {
   name            = "sn-gke-key-${var.cluster_name}"
   key_ring        = google_kms_key_ring.keyring[0].id
   rotation_period = "12960000s" #150 days
+  labels          = var.additional_tags
 }
 
 # Required for GKE to use the encryption key
@@ -105,10 +106,10 @@ locals {
   )
   node_pools = var.enable_func_pool ? [local.default_node_pool, local.func_pool] : [local.default_node_pool]
   node_pools_labels = {
-    all = {
+    all = merge({
       cluster_name = var.cluster_name
       managed_by   = "terraform"
-    }
+    }, var.additional_tags)
   }
   node_pools_metadata = {
     all = {}
@@ -191,6 +192,7 @@ module "gke" {
   database_encryption               = local.database_encryption
   deletion_protection               = var.deletion_protection
   enable_l4_ilb_subsetting          = var.enable_l4_ilb_subsetting
+  cluster_resource_labels           = var.additional_tags
 
   cluster_dns_provider          = var.cluster_dns_provider
   cluster_dns_scope             = var.cluster_dns_scope
@@ -246,6 +248,7 @@ module "gke_private" {
   database_encryption               = local.database_encryption
   deletion_protection               = var.deletion_protection
   enable_l4_ilb_subsetting          = var.enable_l4_ilb_subsetting
+  cluster_resource_labels           = var.additional_tags
 
   cluster_dns_provider          = var.cluster_dns_provider
   cluster_dns_scope             = var.cluster_dns_scope

modules/dns-bucket/bucket.tf

@@ -20,6 +20,7 @@ resource "google_storage_bucket" "velero" {
   location                    = var.bucket_location
   uniform_bucket_level_access = var.bucket_uniform_bucket_level_access
   force_destroy               = true
+  labels                      = var.additional_tags
   encryption {
     default_kms_key_name = var.bucket_encryption_kms_key_id
   }
@@ -39,6 +40,7 @@ resource "google_storage_bucket" "tiered_storage" {
   location                    = var.bucket_location
   uniform_bucket_level_access = var.bucket_uniform_bucket_level_access
   force_destroy               = true
+  labels                      = var.additional_tags
   encryption {
     default_kms_key_name = var.bucket_encryption_kms_key_id
   }
@@ -60,6 +62,7 @@ resource "google_storage_bucket" "loki" {
   location                    = var.bucket_location
   uniform_bucket_level_access = var.bucket_uniform_bucket_level_access
   force_destroy               = true
+  labels                      = var.additional_tags
 
   dynamic "soft_delete_policy" {
     for_each = !var.bucket_cluster_backup_soft_delete ? ["apply"] : []

modules/dns-bucket/dns.tf

@@ -27,6 +27,7 @@ resource "google_dns_managed_zone" "zone" {
   name          = local.new_zone_id
   dns_name      = local.new_zone_name
   force_destroy = true
+  labels        = var.additional_tags
 
   cloud_logging_config {
     enable_logging = false

modules/dns-bucket/variables.tf

@@ -78,4 +78,10 @@ variable "enable_velero" {
   type        = bool
   default     = false
   description = "Enable velero for backups. If set to false, no velero resources will be created."
+}
+
+variable "additional_tags" {
+  default     = {}
+  description = "Additional labels to apply to GCS bucket resources."
+  type        = map(string)
 }

variables.tf

@@ -92,6 +92,12 @@ variable "cluster_http_load_balancing" {
   type        = bool
 }
 
+variable "additional_tags" {
+  default     = {}
+  description = "Additional labels to apply to GKE node pool resources."
+  type        = map(string)
+}
+
 variable "cluster_name" {
   description = "The name of your GKE cluster."
   type        = string