From 736077a6c76452099180ac7b3898b9ad8b03539a Mon Sep 17 00:00:00 2001 From: Andrew Peabody Date: Fri, 15 Nov 2024 17:03:37 +0000 Subject: [PATCH] feat: master_ipv4_cidr_block optional for private standard clusters --- autogen/main/README.md | 1 - autogen/main/main.tf.tmpl | 2 +- autogen/main/outputs.tf.tmpl | 2 +- autogen/main/variables.tf.tmpl | 6 +----- docs/upgrading_to_v35.0.md | 15 +++++++++++++++ modules/beta-autopilot-private-cluster/README.md | 3 +-- modules/beta-autopilot-private-cluster/main.tf | 2 +- modules/beta-autopilot-private-cluster/outputs.tf | 2 +- .../beta-autopilot-private-cluster/variables.tf | 2 +- .../beta-private-cluster-update-variant/README.md | 3 +-- .../beta-private-cluster-update-variant/main.tf | 2 +- .../outputs.tf | 2 +- .../variables.tf | 4 ++-- modules/beta-private-cluster/README.md | 3 +-- modules/beta-private-cluster/main.tf | 2 +- modules/beta-private-cluster/outputs.tf | 2 +- modules/beta-private-cluster/variables.tf | 4 ++-- modules/private-cluster-update-variant/README.md | 3 +-- modules/private-cluster-update-variant/main.tf | 2 +- modules/private-cluster-update-variant/outputs.tf | 2 +- .../private-cluster-update-variant/variables.tf | 4 ++-- modules/private-cluster/README.md | 3 +-- modules/private-cluster/main.tf | 2 +- modules/private-cluster/outputs.tf | 2 +- modules/private-cluster/variables.tf | 4 ++-- 25 files changed, 42 insertions(+), 37 deletions(-) diff --git a/autogen/main/README.md b/autogen/main/README.md index 9ccbf7736d..b23990059f 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -85,7 +85,6 @@ module "gke" { {% if private_cluster %} enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" {% endif %} {% if beta_cluster and autopilot_cluster != true %} istio = true diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index e3ff1813e6..ed7f23ceb7 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -148,7 +148,7 @@ locals { {% if private_cluster %} cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config.master_ipv4_cidr_block {% else %} cluster_endpoint = google_container_cluster.primary.endpoint cluster_endpoint_for_nodes = "${google_container_cluster.primary.endpoint}/32" diff --git a/autogen/main/outputs.tf.tmpl b/autogen/main/outputs.tf.tmpl index 4d12ec5d94..256f4e06af 100644 --- a/autogen/main/outputs.tf.tmpl +++ b/autogen/main/outputs.tf.tmpl @@ -190,7 +190,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config.master_ipv4_cidr_block } output "peering_name" { diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 1cc0fff491..6de0701f1f 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -495,12 +495,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - {% if autopilot_cluster == true%} + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." default = null - {% else %} - default = "10.0.0.0/28" - {% endif %} } variable "private_endpoint_subnetwork" { diff --git a/docs/upgrading_to_v35.0.md b/docs/upgrading_to_v35.0.md index 27a9d3ea1e..a3d59b564e 100644 --- a/docs/upgrading_to_v35.0.md +++ b/docs/upgrading_to_v35.0.md @@ -3,3 +3,18 @@ The v35.0 release of *kubernetes-engine* is a backwards incompatible release. ### Google Cloud Platform Provider upgrade The Terraform Kubernetes Engine Module now requires version 6 of the Google Cloud Platform Providers. See the [Terraform Google Provider 6.0.0 Upgrade Guide](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/version_6_upgrade) for more details. + +### master_ipv4_cidr_block default value +The default value for `master_ipv4_cidr_block` on private standard clusters has been changed from `"10.0.0.0/28"` to `null`. To maintain the previous default behavior, set `master_ipv4_cidr_block` to `"10.0.0.0/28"`. + +``` + module "gke" { + source = "terraform-google-modules/kubernetes-engine/google//modules/private-cluster" + version = "~> 35.0" + + project_id = var.project_id + name = var.cluster_name + ++ master_ipv4_cidr_block = "10.0.0.0/28" + } +``` diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index dcbe2b64ec..897bfbfbca 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -53,7 +53,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" dns_cache = false } @@ -129,7 +128,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `null` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enabled\_components | List of services to monitor: SYSTEM\_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER\_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR and DCGM. In beta provider, WORKLOADS is supported on top of those 12 values. (WORKLOADS is deprecated and removed in GKE 1.24.) KUBELET and CADVISOR are only supported in GKE 1.29.3-gke.1093000 and above. Empty list is default GKE configuration. | `list(string)` | `[]` | no | | name | The name of the cluster (required) | `string` | n/a | yes | | network | The VPC network to host the cluster in (required) | `string` | n/a | yes | diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf index 3a2a564d3a..8b2ce14016 100644 --- a/modules/beta-autopilot-private-cluster/main.tf +++ b/modules/beta-autopilot-private-cluster/main.tf @@ -79,7 +79,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config.master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/beta-autopilot-private-cluster/outputs.tf b/modules/beta-autopilot-private-cluster/outputs.tf index e7f7b5ad59..895287f0a4 100644 --- a/modules/beta-autopilot-private-cluster/outputs.tf +++ b/modules/beta-autopilot-private-cluster/outputs.tf @@ -151,7 +151,7 @@ output "tpu_ipv4_cidr_block" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config.master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index ea5d63dd05..df7b093067 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -279,7 +279,7 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." default = null } diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 2212904155..89549c1174 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -77,7 +77,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" istio = true cloudrun = true dns_cache = false @@ -251,7 +250,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index c7759b2d41..3146355d87 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -125,7 +125,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config.master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/beta-private-cluster-update-variant/outputs.tf b/modules/beta-private-cluster-update-variant/outputs.tf index fbbdcbac61..41f83c5b2b 100644 --- a/modules/beta-private-cluster-update-variant/outputs.tf +++ b/modules/beta-private-cluster-update-variant/outputs.tf @@ -177,7 +177,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config.master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 812d4c6f60..e67f115b36 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -480,8 +480,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" { diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 103bcd6a3d..f6362821e5 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -55,7 +55,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" istio = true cloudrun = true dns_cache = false @@ -229,7 +228,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index c7759b2d41..3146355d87 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -125,7 +125,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config.master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/beta-private-cluster/outputs.tf b/modules/beta-private-cluster/outputs.tf index fbbdcbac61..41f83c5b2b 100644 --- a/modules/beta-private-cluster/outputs.tf +++ b/modules/beta-private-cluster/outputs.tf @@ -177,7 +177,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config.master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 812d4c6f60..e67f115b36 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -480,8 +480,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" { diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 94ea65a81d..1c988a7983 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -77,7 +77,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" dns_cache = false node_pools = [ @@ -238,7 +237,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index c52f9ea1ee..b5b774ffec 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -113,7 +113,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config.master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/private-cluster-update-variant/outputs.tf b/modules/private-cluster-update-variant/outputs.tf index 2f77c0f67f..a226e9ea68 100644 --- a/modules/private-cluster-update-variant/outputs.tf +++ b/modules/private-cluster-update-variant/outputs.tf @@ -177,7 +177,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config.master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 4f9fd582ee..047b02c5e1 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -474,8 +474,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" { diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 67d51ef6d3..3250209e22 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -55,7 +55,6 @@ module "gke" { filestore_csi_driver = false enable_private_endpoint = true enable_private_nodes = true - master_ipv4_cidr_block = "10.0.0.0/28" dns_cache = false node_pools = [ @@ -216,7 +215,7 @@ Then perform the following commands on the root folder: | maintenance\_start\_time | Time window specified for daily or recurring maintenance operations in RFC3339 format | `string` | `"05:00"` | no | | master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | `list(object({ cidr_block = string, display_name = string }))` | `[]` | no | | master\_global\_access\_enabled | Whether the cluster master is accessible globally (from any region) or only within the same region as the private endpoint. | `bool` | `true` | no | -| master\_ipv4\_cidr\_block | The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters. | `string` | `"10.0.0.0/28"` | no | +| master\_ipv4\_cidr\_block | (Optional) The IP range in CIDR notation to use for the hosted master network. | `string` | `null` | no | | monitoring\_enable\_managed\_prometheus | Configuration for Managed Service for Prometheus. Whether or not the managed collection is enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_metrics | Whether or not the advanced datapath metrics are enabled. | `bool` | `false` | no | | monitoring\_enable\_observability\_relay | Whether or not the advanced datapath relay is enabled. | `bool` | `false` | no | diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index c52f9ea1ee..b5b774ffec 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -113,7 +113,7 @@ locals { cluster_endpoint = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null - cluster_endpoint_for_nodes = var.master_ipv4_cidr_block + cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config.master_ipv4_cidr_block cluster_output_master_auth = concat(google_container_cluster.primary[*].master_auth, []) cluster_output_master_version = google_container_cluster.primary.master_version diff --git a/modules/private-cluster/outputs.tf b/modules/private-cluster/outputs.tf index 2f77c0f67f..a226e9ea68 100644 --- a/modules/private-cluster/outputs.tf +++ b/modules/private-cluster/outputs.tf @@ -177,7 +177,7 @@ output "mesh_certificates_config" { output "master_ipv4_cidr_block" { description = "The IP range in CIDR notation used for the hosted master network" - value = var.master_ipv4_cidr_block + value = google_container_cluster.primary.private_cluster_config.master_ipv4_cidr_block } output "peering_name" { diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 4f9fd582ee..047b02c5e1 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -474,8 +474,8 @@ variable "enable_private_nodes" { variable "master_ipv4_cidr_block" { type = string - description = "The IP range in CIDR notation to use for the hosted master network. Optional for Autopilot clusters." - default = "10.0.0.0/28" + description = "(Optional) The IP range in CIDR notation to use for the hosted master network." + default = null } variable "private_endpoint_subnetwork" {