From 345cb4b7fa56af4b687a1235113e3bc31e0ebd35 Mon Sep 17 00:00:00 2001
From: astianseb <callmeseb@gmail.com>
Date: Tue, 22 Nov 2022 19:17:57 +0100
Subject: [PATCH] Default nodepool creation fix (#999)

* Default nodepool creation fix

* Removed comments and fixded formatting with fmt

* Refactored per PR comment

Co-authored-by: Astian Seb <sgrabski@google.com>
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
---
 modules/gke-cluster/main.tf | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/modules/gke-cluster/main.tf b/modules/gke-cluster/main.tf
index bc94dd37..cb3602cf 100644
--- a/modules/gke-cluster/main.tf
+++ b/modules/gke-cluster/main.tf
@@ -48,7 +48,18 @@ resource "google_container_cluster" "cluster" {
   enable_autopilot = var.enable_features.autopilot ? true : null
 
   # the default nodepool is deleted here, use the gke-nodepool module instead
-  # node_config {}
+  # default nodepool configuration based on a shielded_nodes variable
+  node_config {
+    dynamic "shielded_instance_config" {
+      for_each = var.enable_features.shielded_nodes ? [""] : []
+      content {
+        enable_secure_boot          = true
+        enable_integrity_monitoring = true
+      }
+    }
+  }
+
+
 
   addons_config {
     dynamic "dns_cache_config" {