Skip to content

Commit 227da31

Browse files
apeabodyapeabody
committed
feat: master_ipv4_cidr_block optional for private standard clusters
1 parent 1f85f66 commit 227da31

File tree

25 files changed

+42
-37
lines changed

25 files changed

+42
-37
lines changed

autogen/main/README.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,6 @@ module "gke" {
8585
{% if private_cluster %}
8686
enable_private_endpoint = true
8787
enable_private_nodes = true
88-
master_ipv4_cidr_block = "10.0.0.0/28"
8988
{% endif %}
9089
{% if beta_cluster and autopilot_cluster != true %}
9190
istio = true

autogen/main/main.tf.tmpl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -146,7 +146,7 @@ locals {
146146
{% if private_cluster %}
147147
cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
148148
cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
149-
cluster_endpoint_for_nodes = var.master_ipv4_cidr_block
149+
cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block
150150
{% else %}
151151
cluster_endpoint = google_container_cluster.primary.endpoint
152152
cluster_endpoint_for_nodes = "${google_container_cluster.primary.endpoint}/32"

autogen/main/outputs.tf.tmpl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -207,7 +207,7 @@ output "mesh_certificates_config" {
207207

208208
output "master_ipv4_cidr_block" {
209209
description = "The IP range in CIDR notation used for the hosted master network"
210-
value = var.master_ipv4_cidr_block
210+
value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block
211211
}
212212

213213
output "peering_name" {

autogen/main/variables.tf.tmpl

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -495,12 +495,8 @@ variable "enable_private_nodes" {
495495

496496
variable "master_ipv4_cidr_block" {
497497
type = string
498-
description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters."
499-
{% if autopilot_cluster == true%}
498+
description = "(Optional) The IP range in CIDR notation to use for the hosted master network."
500499
default = null
501-
{% else %}
502-
default = "10.0.0.0/28"
503-
{% endif %}
504500
}
505501

506502
variable "private_endpoint_subnetwork" {

docs/upgrading_to_v35.0.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,3 +50,18 @@ To avoid this, it is possible to edit the remote state of the `random_id` resour
5050
1. Bump the serial number at the top
5151
2. Push the modified state to the remote `terraform state push default.tfstate`
5252
3. Confirm the `random_id` resource(s) no longer changes (or the corresponding `nodepool`) in a `terraform plan`
53+
54+
### master_ipv4_cidr_block default value
55+
The default value for `master_ipv4_cidr_block` on private standard clusters has been changed from `"10.0.0.0/28"` to `null`. To maintain the previous default behavior, set `master_ipv4_cidr_block` to `"10.0.0.0/28"`.
56+
57+
```
58+
module "gke" {
59+
source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
60+
version = "~> 35.0"
61+
62+
project_id = var.project_id
63+
name = var.cluster_name
64+
65+
+ master_ipv4_cidr_block = "10.0.0.0/28"
66+
}
67+
```

modules/beta-autopilot-private-cluster/README.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,6 @@ module "gke" {
5353
filestore_csi_driver = false
5454
enable_private_endpoint = true
5555
enable_private_nodes = true
56-
master_ipv4_cidr_block = "10.0.0.0/28"
5756
dns_cache = false
5857
5958
}
@@ -129,7 +128,7 @@ Then perform the following commands on the root folder:
129128
| maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no |
130129
| master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no |
131130
| master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no |
132-
| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `null` | no |
131+
| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no |
133132
| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER\_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR and DCGM. In beta provider, WORKLOADS is supported on top of those 12 values. (WORKLOADS is deprecated and removed in GKE 1.24.) KUBELET and CADVISOR are only supported in GKE 1.29.3-gke.1093000 and above. Empty list is default GKE configuration. | `list(string)` | `[]` | no |
134133
| name | The name of the cluster (required) | `string` | n/a | yes |
135134
| network | The VPC network to host the cluster in (required) | `string` | n/a | yes |

modules/beta-autopilot-private-cluster/main.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@ locals {
7979

8080
cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
8181
cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
82-
cluster_endpoint_for_nodes = var.master_ipv4_cidr_block
82+
cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block
8383

8484
cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, [])
8585
cluster_output_master_version = google_container_cluster.primary.master_version

modules/beta-autopilot-private-cluster/outputs.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -165,7 +165,7 @@ output "tpu_ipv4_cidr_block" {
165165

166166
output "master_ipv4_cidr_block" {
167167
description = "The IP range in CIDR notation used for the hosted master network"
168-
value = var.master_ipv4_cidr_block
168+
value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block
169169
}
170170

171171
output "peering_name" {

modules/beta-autopilot-private-cluster/variables.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -279,7 +279,7 @@ variable "enable_private_nodes" {
279279

280280
variable "master_ipv4_cidr_block" {
281281
type = string
282-
description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters."
282+
description = "(Optional) The IP range in CIDR notation to use for the hosted master network."
283283
default = null
284284
}
285285

modules/beta-private-cluster-update-variant/README.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,6 @@ module "gke" {
7777
filestore_csi_driver = false
7878
enable_private_endpoint = true
7979
enable_private_nodes = true
80-
master_ipv4_cidr_block = "10.0.0.0/28"
8180
istio = true
8281
cloudrun = true
8382
dns_cache = false
@@ -251,7 +250,7 @@ Then perform the following commands on the root folder:
251250
| maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no |
252251
| master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no |
253252
| master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no |
254-
| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no |
253+
| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no |
255254
| monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `null` | no |
256255
| monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no |
257256
| monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no |

0 commit comments

Comments
 (0)