From fbbe88eb23066cf12c6914bdd059e05b0c3a935a Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Wed, 7 Apr 2021 09:50:40 +0200 Subject: [PATCH] [#221] Add master_global_access_config to gke module (#222) --- modules/gke-cluster/README.md | 3 ++- modules/gke-cluster/main.tf | 3 +++ modules/gke-cluster/variables.tf | 1 + networking/hub-and-spoke-peering/main.tf | 1 + networking/shared-vpc-gke/main.tf | 1 + 5 files changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/gke-cluster/README.md b/modules/gke-cluster/README.md index 13367dc0..c62ea616 100644 --- a/modules/gke-cluster/README.md +++ b/modules/gke-cluster/README.md @@ -22,6 +22,7 @@ module "cluster-1" { enable_private_nodes = true enable_private_endpoint = true master_ipv4_cidr_block = "192.168.0.0/28" + master_global_access = false } labels = { environment = "dev" @@ -61,7 +62,7 @@ module "cluster-1" { | *node_locations* | Zones in which the cluster's nodes are located. | list(string) | | [] | | *peering_config* | Configure peering with the master VPC for private clusters. | object({...}) | | null | | *pod_security_policy* | Enable the PodSecurityPolicy feature. | bool | | null | -| *private_cluster_config* | Enable and configure private cluster, private nodes must be true if used. | object({...}) | | null | +| *private_cluster_config* | Enable and configure private cluster, private nodes must be true if used. | object({...}) | | null | | *release_channel* | Release channel for GKE upgrades. | string | | null | | *resource_usage_export_config* | Configure the ResourceUsageExportConfig feature. | object({...}) | | ... | | *vertical_pod_autoscaling* | Enable the Vertical Pod Autoscaling feature. | bool | | null | diff --git a/modules/gke-cluster/main.tf b/modules/gke-cluster/main.tf index 348f1b2b..89af273b 100644 --- a/modules/gke-cluster/main.tf +++ b/modules/gke-cluster/main.tf @@ -131,6 +131,9 @@ resource "google_container_cluster" "cluster" { enable_private_nodes = config.value.enable_private_nodes enable_private_endpoint = config.value.enable_private_endpoint master_ipv4_cidr_block = config.value.master_ipv4_cidr_block + master_global_access_config { + enabled = config.value.master_global_access + } } } diff --git a/modules/gke-cluster/variables.tf b/modules/gke-cluster/variables.tf index 828b7404..3c998072 100644 --- a/modules/gke-cluster/variables.tf +++ b/modules/gke-cluster/variables.tf @@ -195,6 +195,7 @@ variable "private_cluster_config" { enable_private_nodes = bool enable_private_endpoint = bool master_ipv4_cidr_block = string + master_global_access = bool }) default = null } diff --git a/networking/hub-and-spoke-peering/main.tf b/networking/hub-and-spoke-peering/main.tf index 2b5b475c..ccdb146a 100644 --- a/networking/hub-and-spoke-peering/main.tf +++ b/networking/hub-and-spoke-peering/main.tf @@ -266,6 +266,7 @@ module "cluster-1" { enable_private_nodes = true enable_private_endpoint = true master_ipv4_cidr_block = var.private_service_ranges.spoke-2-cluster-1 + master_global_access = true } peering_config = { export_routes = true diff --git a/networking/shared-vpc-gke/main.tf b/networking/shared-vpc-gke/main.tf index 9e1729a3..835ef1ab 100644 --- a/networking/shared-vpc-gke/main.tf +++ b/networking/shared-vpc-gke/main.tf @@ -214,6 +214,7 @@ module "cluster-1" { enable_private_nodes = true enable_private_endpoint = true master_ipv4_cidr_block = var.private_service_ranges.cluster-1 + master_global_access = true } }