Skip to content

Commit 2482cf9

Browse files
apeabodyapeabody
committed
feat: master_ipv4_cidr_block optional for private standard clusters
1 parent 5e67ff4 commit 2482cf9

File tree

25 files changed

+42
-37
lines changed

25 files changed

+42
-37
lines changed

autogen/main/README.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,6 @@ module "gke" {
8585
{% if private_cluster %}
8686
enable_private_endpoint = true
8787
enable_private_nodes = true
88-
master_ipv4_cidr_block = "10.0.0.0/28"
8988
{% endif %}
9089
{% if beta_cluster and autopilot_cluster != true %}
9190
istio = true

autogen/main/main.tf.tmpl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -148,7 +148,7 @@ locals {
148148
{% if private_cluster %}
149149
cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
150150
cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
151-
cluster_endpoint_for_nodes = var.master_ipv4_cidr_block
151+
cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block
152152
{% else %}
153153
cluster_endpoint = google_container_cluster.primary.endpoint
154154
cluster_endpoint_for_nodes = "${google_container_cluster.primary.endpoint}/32"

autogen/main/outputs.tf.tmpl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -190,7 +190,7 @@ output "mesh_certificates_config" {
190190

191191
output "master_ipv4_cidr_block" {
192192
description = "The IP range in CIDR notation used for the hosted master network"
193-
value = var.master_ipv4_cidr_block
193+
value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block
194194
}
195195

196196
output "peering_name" {

autogen/main/variables.tf.tmpl

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -495,12 +495,8 @@ variable "enable_private_nodes" {
495495

496496
variable "master_ipv4_cidr_block" {
497497
type = string
498-
description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters."
499-
{% if autopilot_cluster == true%}
498+
description = "(Optional) The IP range in CIDR notation to use for the hosted master network."
500499
default = null
501-
{% else %}
502-
default = "10.0.0.0/28"
503-
{% endif %}
504500
}
505501

506502
variable "private_endpoint_subnetwork" {

docs/upgrading_to_v35.0.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,3 +3,18 @@ The v35.0 release of *kubernetes-engine* is a backwards incompatible release.
33

44
### Google Cloud Platform Provider upgrade
55
The Terraform Kubernetes Engine Module now requires version 6 of the Google Cloud Platform Providers. See the [Terraform Google Provider 6.0.0 Upgrade Guide](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/version_6_upgrade) for more details.
6+
7+
### master_ipv4_cidr_block default value
8+
The default value for `master_ipv4_cidr_block` on private standard clusters has been changed from `"10.0.0.0/28"` to `null`. To maintain the previous default behavior, set `master_ipv4_cidr_block` to `"10.0.0.0/28"`.
9+
10+
```
11+
module "gke" {
12+
source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster"
13+
version = "~> 35.0"
14+
15+
project_id = var.project_id
16+
name = var.cluster_name
17+
18+
+ master_ipv4_cidr_block = "10.0.0.0/28"
19+
}
20+
```

modules/beta-autopilot-private-cluster/README.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,6 @@ module "gke" {
5353
filestore_csi_driver = false
5454
enable_private_endpoint = true
5555
enable_private_nodes = true
56-
master_ipv4_cidr_block = "10.0.0.0/28"
5756
dns_cache = false
5857
5958
}
@@ -129,7 +128,7 @@ Then perform the following commands on the root folder:
129128
| maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no |
130129
| master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no |
131130
| master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no |
132-
| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `null` | no |
131+
| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no |
133132
| monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER\_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR and DCGM. In beta provider, WORKLOADS is supported on top of those 12 values. (WORKLOADS is deprecated and removed in GKE 1.24.) KUBELET and CADVISOR are only supported in GKE 1.29.3-gke.1093000 and above. Empty list is default GKE configuration. | `list(string)` | `[]` | no |
134133
| name | The name of the cluster (required) | `string` | n/a | yes |
135134
| network | The VPC network to host the cluster in (required) | `string` | n/a | yes |

modules/beta-autopilot-private-cluster/main.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@ locals {
7979

8080
cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
8181
cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
82-
cluster_endpoint_for_nodes = var.master_ipv4_cidr_block
82+
cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block
8383

8484
cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, [])
8585
cluster_output_master_version = google_container_cluster.primary.master_version

modules/beta-autopilot-private-cluster/outputs.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,7 @@ output "tpu_ipv4_cidr_block" {
151151

152152
output "master_ipv4_cidr_block" {
153153
description = "The IP range in CIDR notation used for the hosted master network"
154-
value = var.master_ipv4_cidr_block
154+
value = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block
155155
}
156156

157157
output "peering_name" {

modules/beta-autopilot-private-cluster/variables.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -279,7 +279,7 @@ variable "enable_private_nodes" {
279279

280280
variable "master_ipv4_cidr_block" {
281281
type = string
282-
description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters."
282+
description = "(Optional) The IP range in CIDR notation to use for the hosted master network."
283283
default = null
284284
}
285285

modules/beta-private-cluster-update-variant/README.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,6 @@ module "gke" {
7777
filestore_csi_driver = false
7878
enable_private_endpoint = true
7979
enable_private_nodes = true
80-
master_ipv4_cidr_block = "10.0.0.0/28"
8180
istio = true
8281
cloudrun = true
8382
dns_cache = false
@@ -251,7 +250,7 @@ Then perform the following commands on the root folder:
251250
| maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no |
252251
| master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no |
253252
| master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no |
254-
| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no |
253+
| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no |
255254
| monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no |
256255
| monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no |
257256
| monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no |

0 commit comments

Comments
 (0)