Skip to content

Commit 58fd1bb

Browse files
apeabodyapeabody
committed
fix: use private endpoint
1 parent 5e67ff4 commit 58fd1bb

File tree

26 files changed

+94
-47
lines changed

26 files changed

+94
-47
lines changed

autogen/main/cluster.tf.tmpl

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -632,6 +632,15 @@ resource "google_container_cluster" "primary" {
632632
}
633633
}
634634
}
635+
636+
dynamic "control_plane_endpoints_config" {
637+
for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : [0]
638+
content {
639+
dns_endpoint_config {
640+
allow_external_traffic = var.deploy_using_private_endpoint
641+
}
642+
}
643+
}
635644
{% endif %}
636645

637646
{% if autopilot_cluster != true %}

autogen/main/main.tf.tmpl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -146,7 +146,7 @@ locals {
146146
cluster_output_zones = local.cluster_output_regional_zones
147147

148148
{% if private_cluster %}
149-
cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
149+
cluster_endpoint = var.deploy_using_private_endpoint || var.enable_private_endpoint ? google_container_cluster.primary.control_plane_endpoints_config[0].dns_endpoint_config[0].endpoint : google_container_cluster.primary.endpoint
150150
cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
151151
cluster_endpoint_for_nodes = var.master_ipv4_cidr_block
152152
{% else %}

autogen/main/versions.tf.tmpl

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/**
2-
* Copyright 2022 Google LLC
2+
* Copyright 2022-2024 Google LLC
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -24,33 +24,33 @@ terraform {
2424
required_providers {
2525
google = {
2626
source = "hashicorp/google"
27-
version = ">= 6.7.0, < 6.11.0"
27+
version = ">= 6.11.0, < 7"
2828
}
2929
google-beta = {
3030
source = "hashicorp/google-beta"
31-
version = ">= 6.7.0, < 6.11.0"
31+
version = ">= 6.11.0, < 7"
3232
}
3333
{% elif beta_cluster and autopilot_cluster %}
3434
required_providers {
3535
google = {
3636
source = "hashicorp/google"
37-
version = ">= 6.5.0, < 6.11.0"
37+
version = ">= 6.5.0, < 7"
3838
}
3939
google-beta = {
4040
source = "hashicorp/google-beta"
41-
version = ">= 6.5.0, < 6.11.0"
41+
version = ">= 6.5.0, < 7"
4242
}
4343
{% elif autopilot_cluster %}
4444
required_providers {
4545
google = {
4646
source = "hashicorp/google"
47-
version = ">= 6.5.0, < 6.11.0"
47+
version = ">= 6.5.0, < 7"
4848
}
4949
{% else %}
5050
required_providers {
5151
google = {
5252
source = "hashicorp/google"
53-
version = ">= 6.7.0, < 6.11.0"
53+
version = ">= 6.7.0, < 7"
5454
}
5555
{% endif %}
5656
kubernetes = {

examples/safer_cluster_iap_bastion/bastion.tf

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,4 +34,6 @@ module "bastion" {
3434
startup_script = templatefile("${path.module}/templates/startup-script.tftpl", {})
3535
members = var.bastion_members
3636
shielded_vm = "false"
37+
38+
service_account_roles = ["roles/container.viewer"]
3739
}

examples/simple_regional_beta/main.tf

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -20,12 +20,6 @@ locals {
2020

2121
data "google_client_config" "default" {}
2222

23-
provider "kubernetes" {
24-
host = "https://${module.gke.endpoint}"
25-
token = data.google_client_config.default.access_token
26-
cluster_ca_certificate = base64decode(module.gke.ca_certificate)
27-
}
28-
2923
module "gke" {
3024
source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster"
3125
version = "~> 34.0"

examples/simple_regional_beta/versions.tf

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,5 @@ terraform {
2323
google-beta = {
2424
source = "hashicorp/google-beta"
2525
}
26-
kubernetes = {
27-
source = "hashicorp/kubernetes"
28-
}
2926
}
3027
}

modules/beta-autopilot-private-cluster/cluster.tf

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -326,6 +326,15 @@ resource "google_container_cluster" "primary" {
326326
}
327327
}
328328

329+
dynamic "control_plane_endpoints_config" {
330+
for_each = var.enable_private_endpoint && var.deploy_using_private_endpoint ? [1] : [0]
331+
content {
332+
dns_endpoint_config {
333+
allow_external_traffic = var.deploy_using_private_endpoint
334+
}
335+
}
336+
}
337+
329338

330339
dynamic "database_encryption" {
331340
for_each = var.database_encryption

modules/beta-autopilot-private-cluster/main.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ locals {
7777
cluster_output_regional_zones = google_container_cluster.primary.node_locations
7878
cluster_output_zones = local.cluster_output_regional_zones
7979

80-
cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
80+
cluster_endpoint = var.deploy_using_private_endpoint || var.enable_private_endpoint ? google_container_cluster.primary.control_plane_endpoints_config[0].dns_endpoint_config[0].endpoint : google_container_cluster.primary.endpoint
8181
cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
8282
cluster_endpoint_for_nodes = var.master_ipv4_cidr_block
8383

modules/beta-autopilot-private-cluster/versions.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/**
2-
* Copyright 2022 Google LLC
2+
* Copyright 2022-2024 Google LLC
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -21,11 +21,11 @@ terraform {
2121
required_providers {
2222
google = {
2323
source = "hashicorp/google"
24-
version = ">= 6.5.0, < 6.11.0"
24+
version = ">= 6.5.0, < 7"
2525
}
2626
google-beta = {
2727
source = "hashicorp/google-beta"
28-
version = ">= 6.5.0, < 6.11.0"
28+
version = ">= 6.5.0, < 7"
2929
}
3030
kubernetes = {
3131
source = "hashicorp/kubernetes"

modules/beta-autopilot-public-cluster/versions.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/**
2-
* Copyright 2022 Google LLC
2+
* Copyright 2022-2024 Google LLC
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -21,11 +21,11 @@ terraform {
2121
required_providers {
2222
google = {
2323
source = "hashicorp/google"
24-
version = ">= 6.5.0, < 6.11.0"
24+
version = ">= 6.5.0, < 7"
2525
}
2626
google-beta = {
2727
source = "hashicorp/google-beta"
28-
version = ">= 6.5.0, < 6.11.0"
28+
version = ">= 6.5.0, < 7"
2929
}
3030
kubernetes = {
3131
source = "hashicorp/kubernetes"

0 commit comments

Comments
 (0)