Add deploy_using_private_endpoint variable

Author: aaron-lane

autogen/main.tf

@@ -63,10 +63,23 @@ locals {
     zonal    = "${concat(google_container_cluster.zonal_primary.*.zone, local.cluster_type_output_zonal_zones)}"
   }
 
+{% if private_cluster %}
+  cluster_type_output_endpoint = {
+    regional = "${element(concat((
+      var.deploy_using_private_endpoint ? google_container_cluster.primary.*.private_endpoint :
+      google_container_cluster.primary.*.endpoint
+    ), list("")), 0)}"
+    zonal    = "${element(concat((
+      var.deploy_using_private_endpoint ? google_container_cluster.zonal_primary.*.private_endpoint :
+      google_container_cluster.zonal_primary.*.endpoint
+    ), list("")), 0)}"
+  }
+{% else %}
   cluster_type_output_endpoint = {
     regional = "${element(concat(google_container_cluster.primary.*.endpoint, list("")), 0)}"
     zonal    = "${element(concat(google_container_cluster.zonal_primary.*.endpoint, list("")), 0)}"
   }
+{% endif %}
 
   cluster_type_output_master_auth = {
     regional = "${concat(google_container_cluster.primary.*.master_auth, list())}"

autogen/variables.tf

@@ -228,6 +228,11 @@ variable "service_account" {
 }
 {% if private_cluster %}
 
+variable "deploy_using_private_endpoint" {
+  description = "(Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment."
+  default     = "false"
+}
+
 variable "enable_private_endpoint" {
   description = "(Beta) Whether the master's internal IP address is used as the cluster endpoint"
   default     = false

modules/private-cluster/README.md

@@ -121,6 +121,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 |------|-------------|:----:|:-----:|:-----:|
 | basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
+| deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | string | `"false"` | no |
 | description | The description of the cluster | string | `""` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | string | `"true"` | no |
 | enable\_private\_endpoint | (Beta) Whether the master's internal IP address is used as the cluster endpoint | string | `"false"` | no |

modules/private-cluster/main.tf

@@ -64,8 +64,15 @@ locals {
   }
 
   cluster_type_output_endpoint = {
-    regional = "${element(concat(google_container_cluster.primary.*.endpoint, list("")), 0)}"
-    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.endpoint, list("")), 0)}"
+    regional = "${element(concat((
+      var.deploy_using_private_endpoint ? google_container_cluster.primary.*.private_endpoint :
+      google_container_cluster.primary.*.endpoint
+    ), list("")), 0)}"
+
+    zonal = "${element(concat((
+      var.deploy_using_private_endpoint ? google_container_cluster.zonal_primary.*.private_endpoint :
+      google_container_cluster.zonal_primary.*.endpoint
+    ), list("")), 0)}"
   }
 
   cluster_type_output_master_auth = {

modules/private-cluster/variables.tf

@@ -227,6 +227,11 @@ variable "service_account" {
   default     = "create"
 }
 
+variable "deploy_using_private_endpoint" {
+  description = "(Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment."
+  default     = "false"
+}
+
 variable "enable_private_endpoint" {
   description = "(Beta) Whether the master's internal IP address is used as the cluster endpoint"
   default     = false