terraform-google-modules
diff --git a/‎README.md
Lines changed: 1 addition & 1 deletion b/‎README.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎autogen/main/cluster.tf.tmpl
Lines changed: 12 additions & 2 deletions b/‎autogen/main/cluster.tf.tmpl
Lines changed: 12 additions & 2 deletions
diff --git a/‎autogen/main/variables.tf.tmpl
Lines changed: 2 additions & 1 deletion b/‎autogen/main/variables.tf.tmpl
Lines changed: 2 additions & 1 deletion
diff --git a/‎autogen/safer-cluster/variables.tf.tmpl
Lines changed: 2 additions & 1 deletion b/‎autogen/safer-cluster/variables.tf.tmpl
Lines changed: 2 additions & 1 deletion
diff --git a/‎cluster.tf
Lines changed: 5 additions & 0 deletions b/‎cluster.tf
Lines changed: 5 additions & 0 deletions
diff --git a/‎examples/simple_autopilot_private/main.tf
Lines changed: 0 additions & 2 deletions b/‎examples/simple_autopilot_private/main.tf
Lines changed: 0 additions & 2 deletions
diff --git a/‎examples/simple_autopilot_private/network.tf
Lines changed: 0 additions & 4 deletions b/‎examples/simple_autopilot_private/network.tf
Lines changed: 0 additions & 4 deletions
diff --git a/‎examples/simple_regional_private/README.md
Lines changed: 0 additions & 2 deletions b/‎examples/simple_regional_private/README.md
Lines changed: 0 additions & 2 deletions
diff --git a/‎examples/simple_regional_private/main.tf
Lines changed: 0 additions & 1 deletion b/‎examples/simple_regional_private/main.tf
Lines changed: 0 additions & 1 deletion
diff --git a/‎examples/simple_regional_private/test_outputs.tf
Lines changed: 0 additions & 5 deletions b/‎examples/simple_regional_private/test_outputs.tf
Lines changed: 0 additions & 5 deletions
@@ -204,7 +204,7 @@ Then perform the following commands on the root folder:
 | ip\_masq\_link\_local | Whether to masquerade traffic to the link-local prefix (169.254.0.0/16). | `bool` | `false` | no |
 | ip\_masq\_resync\_interval | The interval at which the agent attempts to sync its ConfigMap file from the disk. | `string` | `"60s"` | no |
 | ip\_range\_pods | The _name_ of the secondary subnet ip range to use for pods | `string` | n/a | yes |
-| ip\_range\_services | The _name_ of the secondary subnet range to use for services | `string` | n/a | yes |
+| ip\_range\_services | The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used. | `string` | `null` | no |
 | issue\_client\_certificate | Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive! | `bool` | `false` | no |
 | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | `string` | `"latest"` | no |
 | logging\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, KCP\_CONNECTION, KCP\_SSHD, KCP\_HPA, SCHEDULER, and WORKLOADS. Empty list is default GKE configuration. | `list(string)` | `[]` | no |
 
@@ -526,11 +526,21 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  {% if autopilot_cluster != true %}
   lifecycle {
+    precondition {
+      {% if autopilot_cluster %}
+      condition     = var.ip_range_services == null && var.kubernetes_version != "latest" ? tonumber(split(".", var.kubernetes_version)[0]) >= 1 && tonumber(split(".", var.kubernetes_version)[1]) >= 27 : true
+      error_message = "Setting ip_range_services is required for this GKE version. Please set ip_range_services or use kubernetes_version 1.27 or later."
+      {% else %}
+      condition     = var.ip_range_services == null && var.kubernetes_version != "latest" ? tonumber(split(".", var.kubernetes_version)[0]) >= 1 && tonumber(split(".", var.kubernetes_version)[1]) >= 29 : true
+      error_message = "Setting ip_range_services is required for this GKE version. Please set ip_range_services or use kubernetes_version 1.29 or later."
+      {% endif %}
+    }
+
+    {% if autopilot_cluster != true %}
     ignore_changes = [node_pool, initial_node_count, resource_labels["asmv"]]
+    {% endif %}
   }
-  {% endif %}
 
   {% if autopilot_cluster != true %}
   dynamic "dns_config" {
 
@@ -176,7 +176,8 @@ variable "additional_ip_range_pods" {
 
 variable "ip_range_services" {
   type        = string
-  description = "The _name_ of the secondary subnet range to use for services"
+  description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."
+  default     = null
 }
 
 variable "stack_type" {
 
@@ -138,7 +138,8 @@ variable "ip_range_pods" {
 
 variable "ip_range_services" {
   type        = string
-  description = "The _name_ of the secondary subnet range to use for services"
+  description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."
+  default     = null
 }
 
 variable "initial_node_count" {
 
@@ -397,6 +397,11 @@ resource "google_container_cluster" "primary" {
   }
 
   lifecycle {
+    precondition {
+      condition     = var.ip_range_services == null && var.kubernetes_version != "latest" ? tonumber(split(".", var.kubernetes_version)[0]) >= 1 && tonumber(split(".", var.kubernetes_version)[1]) >= 29 : true
+      error_message = "Setting ip_range_services is required for this GKE version. Please set ip_range_services or use kubernetes_version 1.29 or later."
+    }
+
     ignore_changes = [node_pool, initial_node_count, resource_labels["asmv"]]
   }
 
 
@@ -20,7 +20,6 @@ locals {
   subnet_name            = "simple-autopilot-private-subnet"
   master_auth_subnetwork = "simple-autopilot-private-master-subnet"
   pods_range_name        = "ip-range-pods-simple-autopilot-private"
-  svc_range_name         = "ip-range-svc-simple-autopilot-private"
   subnet_names           = [for subnet_self_link in module.gcp-network.subnets_self_links : split("/", subnet_self_link)[length(split("/", subnet_self_link)) - 1]]
 }
 
@@ -44,7 +43,6 @@ module "gke" {
   network                                = module.gcp-network.network_name
   subnetwork                             = local.subnet_names[index(module.gcp-network.subnets_names, local.subnet_name)]
   ip_range_pods                          = local.pods_range_name
-  ip_range_services                      = local.svc_range_name
   release_channel                        = "REGULAR"
   enable_vertical_pod_autoscaling        = true
   enable_private_endpoint                = true
 
@@ -41,10 +41,6 @@ module "gcp-network" {
         range_name    = local.pods_range_name
         ip_cidr_range = "192.168.0.0/18"
       },
-      {
-        range_name    = local.svc_range_name
-        ip_cidr_range = "192.168.64.0/18"
-      },
     ]
   }
 }
@@ -10,7 +10,6 @@ This example illustrates how to create a simple private cluster.
 | cluster\_name\_suffix | A suffix to append to the default cluster name | `string` | `""` | no |
 | compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | `any` | n/a | yes |
 | ip\_range\_pods | The secondary ip range to use for pods | `any` | n/a | yes |
-| ip\_range\_services | The secondary ip range to use for services | `any` | n/a | yes |
 | network | The VPC network to host the cluster in | `any` | n/a | yes |
 | project\_id | The project ID to host the cluster in | `any` | n/a | yes |
 | region | The region to host the cluster in | `any` | n/a | yes |
@@ -24,7 +23,6 @@ This example illustrates how to create a simple private cluster.
 | client\_token | n/a |
 | cluster\_name | Cluster name |
 | ip\_range\_pods | The secondary IP range used for pods |
-| ip\_range\_services | The secondary IP range used for services |
 | kubernetes\_endpoint | n/a |
 | location | n/a |
 | master\_kubernetes\_version | The master Kubernetes version |
 
@@ -43,7 +43,6 @@ module "gke" {
   network                     = var.network
   subnetwork                  = var.subnetwork
   ip_range_pods               = var.ip_range_pods
-  ip_range_services           = var.ip_range_services
   create_service_account      = false
   service_account             = var.compute_engine_service_account
   enable_private_endpoint     = true
 
@@ -47,11 +47,6 @@ output "ip_range_pods" {
   value       = var.ip_range_pods
 }
 
-output "ip_range_services" {
-  description = "The secondary IP range used for services"
-  value       = var.ip_range_services
-}
-
 output "zones" {
   description = "List of zones in which the cluster resides"
   value       = module.gke.zones
Original file line number	Diff line number	Diff line change
`@@ -176,7 +176,8 @@ variable "additional_ip_range_pods" {`
`176`	`176`
`177`	`177`	`variable "ip_range_services" {`
`178`	`178`	`type = string`
`179`		`- description = "The _name_ of the secondary subnet range to use for services"`
	`179`	+ description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."
	`180`	`+ default = null`
`180`	`181`	`}`
`181`	`182`
`182`	`183`	`variable "stack_type" {`
Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,8 @@ variable "ip_range_pods" {`
`138`	`138`
`139`	`139`	`variable "ip_range_services" {`
`140`	`140`	`type = string`
`141`		`- description = "The _name_ of the secondary subnet range to use for services"`
	`141`	+ description = "The _name_ of the secondary subnet range to use for services. If not provided, the default `34.118.224.0/20` range will be used."
	`142`	`+ default = null`
`142`	`143`	`}`
`143`	`144`
`144`	`145`	`variable "initial_node_count" {`
Original file line number	Diff line number	Diff line change
`@@ -397,6 +397,11 @@ resource "google_container_cluster" "primary" {`
`397`	`397`	`}`
`398`	`398`
`399`	`399`	`lifecycle {`
	`400`	`+ precondition {`
	`401`	`+ condition = var.ip_range_services == null && var.kubernetes_version != "latest" ? tonumber(split(".", var.kubernetes_version)[0]) >= 1 && tonumber(split(".", var.kubernetes_version)[1]) >= 29 : true`
	`402`	`+ error_message = "Setting ip_range_services is required for this GKE version. Please set ip_range_services or use kubernetes_version 1.29 or later."`
	`403`	`+ }`
	`404`	`+`
`400`	`405`	`ignore_changes = [node_pool, initial_node_count, resource_labels["asmv"]]`
`401`	`406`	`}`
`402`	`407`
Original file line number	Diff line number	Diff line change
`@@ -41,10 +41,6 @@ module "gcp-network" {`
`41`	`41`	`range_name = local.pods_range_name`
`42`	`42`	`ip_cidr_range = "192.168.0.0/18"`
`43`	`43`	`},`
`44`		`- {`
`45`		`- range_name = local.svc_range_name`
`46`		`- ip_cidr_range = "192.168.64.0/18"`
`47`		`- },`
`48`	`44`	`]`
`49`	`45`	`}`
`50`	`46`	`}`