terraform-google-modules
diff --git a/‎README.md
Lines changed: 2 additions & 1 deletion b/‎README.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎autogen/main/README.md
Lines changed: 2 additions & 2 deletions b/‎autogen/main/README.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎autogen/main/cluster.tf.tmpl
Lines changed: 2 additions & 0 deletions b/‎autogen/main/cluster.tf.tmpl
Lines changed: 2 additions & 0 deletions
diff --git a/‎autogen/main/variables.tf.tmpl
Lines changed: 6 additions & 0 deletions b/‎autogen/main/variables.tf.tmpl
Lines changed: 6 additions & 0 deletions
diff --git a/‎autogen/main/versions.tf.tmpl
Lines changed: 6 additions & 6 deletions b/‎autogen/main/versions.tf.tmpl
Lines changed: 6 additions & 6 deletions
diff --git a/‎cluster.tf
Lines changed: 2 additions & 0 deletions b/‎cluster.tf
Lines changed: 2 additions & 0 deletions
diff --git a/‎metadata.display.yaml
Lines changed: 3 additions & 0 deletions b/‎metadata.display.yaml
Lines changed: 3 additions & 0 deletions
diff --git a/‎metadata.yaml
Lines changed: 3 additions & 0 deletions b/‎metadata.yaml
Lines changed: 3 additions & 0 deletions
diff --git a/‎modules/beta-autopilot-private-cluster/README.md
Lines changed: 2 additions & 1 deletion b/‎modules/beta-autopilot-private-cluster/README.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎modules/beta-autopilot-private-cluster/cluster.tf
Lines changed: 2 additions & 0 deletions b/‎modules/beta-autopilot-private-cluster/cluster.tf
Lines changed: 2 additions & 0 deletions
@@ -162,6 +162,7 @@ Then perform the following commands on the root folder:
 | deletion\_protection | Whether or not to allow Terraform to destroy the cluster. | `bool` | `true` | no |
 | description | The description of the cluster | `string` | `""` | no |
 | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
+| disable\_l4\_lb\_firewall\_reconciliation | Disable L4 Load Balancer firewall reconciliation | `bool` | `null` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | `bool` | `true` | no |
 | dns\_allow\_external\_traffic | (Optional) Controls whether external traffic is allowed over the dns endpoint. | `bool` | `null` | no |
 | dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `false` | no |
@@ -414,7 +415,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 #### Terraform and Plugins
 
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP][terraform-provider-google] v6.27+
+- [Terraform Provider for GCP][terraform-provider-google] v6.28+
 
 #### gcloud
 
 
@@ -306,9 +306,9 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
 {% if beta_cluster %}
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.27+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.28+
 {% else %}
-- [Terraform Provider for GCP][terraform-provider-google] v6.27+
+- [Terraform Provider for GCP][terraform-provider-google] v6.28+
 {% endif %}
 
 #### gcloud
 
@@ -251,6 +251,8 @@ resource "google_container_cluster" "primary" {
 
   enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
 
+  disable_l4_lb_firewall_reconciliation = var.disable_l4_lb_firewall_reconciliation
+
   enable_cilium_clusterwide_network_policy = var.enable_cilium_clusterwide_network_policy
 
   dynamic "secret_manager_config" {
 
@@ -979,6 +979,12 @@ variable "enable_l4_ilb_subsetting" {
   description = "Enable L4 ILB Subsetting on the cluster"
   default     = false
 }
+
+variable "disable_l4_lb_firewall_reconciliation" {
+  type        = bool
+  description = "Disable L4 Load Balancer firewall reconciliation"
+  default     = null
+}
 {% if beta_cluster %}
   {% if autopilot_cluster != true %}
 
 
@@ -24,33 +24,33 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.27.0, < 7"
+      version = ">= 6.28.0, < 7"
     }
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 6.27.0, < 7"
+      version = ">= 6.28.0, < 7"
     }
 {% elif beta_cluster and autopilot_cluster %}
   required_providers {
     google = {
       source = "hashicorp/google"
-      version = ">= 6.27.0, < 7"
+      version = ">= 6.28.0, < 7"
     }
     google-beta = {
       source = "hashicorp/google-beta"
-      version = ">= 6.27.0, < 7"
+      version = ">= 6.28.0, < 7"
     }
 {% elif autopilot_cluster  %}
   required_providers {
     google = {
       source = "hashicorp/google"
-      version = ">= 6.27.0, < 7"
+      version = ">= 6.28.0, < 7"
     }
 {% else %}
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = ">= 6.27.0, < 7"
+      version = ">= 6.28.0, < 7"
     }
 {% endif %}
     kubernetes = {
 
@@ -190,6 +190,8 @@ resource "google_container_cluster" "primary" {
 
   enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
 
+  disable_l4_lb_firewall_reconciliation = var.disable_l4_lb_firewall_reconciliation
+
   enable_cilium_clusterwide_network_policy = var.enable_cilium_clusterwide_network_policy
 
   dynamic "secret_manager_config" {
 
@@ -93,6 +93,9 @@ spec:
         disable_default_snat:
           name: disable_default_snat
           title: Disable Default Snat
+        disable_l4_lb_firewall_reconciliation:
+          name: disable_l4_lb_firewall_reconciliation
+          title: Disable L4 Lb Firewall Reconciliation
         disable_legacy_metadata_endpoints:
           name: disable_legacy_metadata_endpoints
           title: Disable Legacy Metadata Endpoints
 
@@ -689,6 +689,9 @@ spec:
         description: Enable L4 ILB Subsetting on the cluster
         varType: bool
         defaultValue: false
+      - name: disable_l4_lb_firewall_reconciliation
+        description: Disable L4 Load Balancer firewall reconciliation
+        varType: bool
       - name: enable_identity_service
         description: (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API.
         varType: bool
 
@@ -90,6 +90,7 @@ Then perform the following commands on the root folder:
 | deploy\_using\_private\_endpoint | A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | `bool` | `false` | no |
 | description | The description of the cluster | `string` | `""` | no |
 | disable\_default\_snat | Whether to disable the default SNAT to support the private use of public IP addresses | `bool` | `false` | no |
+| disable\_l4\_lb\_firewall\_reconciliation | Disable L4 Load Balancer firewall reconciliation | `bool` | `null` | no |
 | dns\_allow\_external\_traffic | (Optional) Controls whether external traffic is allowed over the dns endpoint. | `bool` | `null` | no |
 | dns\_cache | The status of the NodeLocal DNSCache addon. | `bool` | `true` | no |
 | enable\_binary\_authorization | Enable BinAuthZ Admission controller | `bool` | `false` | no |
@@ -227,7 +228,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 #### Terraform and Plugins
 
 - [Terraform](https://www.terraform.io/downloads.html) 1.3+
-- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.27+
+- [Terraform Provider for GCP Beta][terraform-provider-google-beta] v6.28+
 
 #### gcloud
 
 
@@ -110,6 +110,8 @@ resource "google_container_cluster" "primary" {
 
   enable_l4_ilb_subsetting = var.enable_l4_ilb_subsetting
 
+  disable_l4_lb_firewall_reconciliation = var.disable_l4_lb_firewall_reconciliation
+
   enable_cilium_clusterwide_network_policy = var.enable_cilium_clusterwide_network_policy
 
   dynamic "secret_manager_config" {